Enterprise Policy

Pia reads %ProgramData%\Pia\policy.json at startup. IT administrators can use it to set defaults or lock specific settings on managed devices.

File Location

C:\ProgramData\Pia\policy.json

Standard users can read this folder; only administrators can write to it. Users can’t override the file from inside Pia.

Caution

Pia loads the policy once at startup. Changes to policy.json only take effect after the user restarts Pia.

File Format

policy.json has two top-level sections, both shaped like Pia’s user-settings schema:

• defaults — applied whenever the user’s setting still matches Pia’s built-in default. If the user has already changed a setting, the policy default does not overwrite it.
• enforce — pinned values. The corresponding controls in Pia’s settings UI are disabled so the user can’t change them. If the same property appears in both sections, enforce wins.

Note

A scalar property only takes effect if its value differs from Pia’s built-in default. For example, putting "theme": "System" in enforce is a no-op, because System is already the default. To pin a non-default value (like "Dark"), set it explicitly.

Supported Settings

All property names use camelCase. Unknown properties are ignored. Invalid JSON is logged as a warning and the policy is not applied — check the application log if a policy doesn’t seem to take effect.

Property	Type	Default	Description
theme	"System" | "Dark" | "Light"	"System"	UI theme
uiLanguage	"EN" | "DE" | "FR"	"EN"	Interface language
targetLanguage	"EN" | "DE" | "FR"	unset	Default output language for Optimize
targetSpeechLanguage	"Auto" | "EN" | "DE" | "FR"	"Auto"	Speech recognition language
defaultOutputAction	"CopyToClipboard" | "AutoType" | "PasteToPreviousWindow"	"CopyToClipboard"	What happens after Optimize finishes
autoTypeDelayMs	integer	10	AutoType delay in milliseconds
defaultTemplateId	GUID	unset	Default optimization template
whisperModel	"Tiny" | "Base" | "Small" | "Medium" | "Large"	"Base"	Speech-to-text model size
ttsEnabled	bool	false	Enable text-to-speech
ttsVoiceModelKey	string	"en_US-lessac-medium"	TTS voice identifier
startMinimized	bool	false	Launch hidden in the system tray
launchAtStartup	bool	true	Start Pia when Windows starts
showTodoPanelButton	bool	true	Show the todo panel button in the main window
autoUpdateEnabled	bool	true	Allow auto-update on launch
syncEnabled	bool	false	Enable Pia Cloud sync
serverUrl	string	unset	Pia Cloud server URL (for self-hosting)
trustSelfSignedCertificates	bool	false	Accept self-signed TLS certificates
useSameProviderForAllModes	bool	true	Use one AI provider across Optimize/Assistant/Research
modeProviderDefaults	object	{}	Map of conversation mode to AI provider GUID
privacy	object	see below	Privacy settings (nested)

privacy is a nested object:

Property	Type	Default	Description
tokenizationEnabled	bool	true	Replace PII with tokens before sending text to the AI

Example

{
  "defaults": {
    "uiLanguage": "DE",
    "targetLanguage": "DE",
    "whisperModel": "Small"
  },
  "enforce": {
    "theme": "Dark",
    "serverUrl": "https://pia.corp.example.com",
    "syncEnabled": true
  }
}

In this example, German is the starting language but users can switch to English or French. The theme is pinned to Dark, sync is mandatory, and the Pia Cloud URL is locked to the company’s self-hosted server.

Rolling Out

1. Create or edit C:\ProgramData\Pia\policy.json on each managed device (e.g. via your endpoint management system).
2. Validate the JSON.
3. Have users close and reopen Pia.

Settings under enforce appear grayed out in Pia’s settings UI; defaults appear normally.