Privacy Policy
Last updated: May 15, 2026
The short version
Posthorn reads your email, calendar, messages, and chat to compose your briefings — but that data lives on your devices, not ours. We don't have a server that can see your inbox. We don't train AI models on your data. We don't sell or share anything.
What data Posthorn accesses
To do its job, Posthorn reads from accounts and apps you connect. With your authorization, it accesses:
- Gmail — message metadata (sender, subject, date, labels) and message bodies, for any accounts you connect. Posthorn uses Google's
gmail.modifyOAuth scope so it can also archive, mark-read, create drafts, and create filters on your behalf — but only after you explicitly ask, and never to send mail. - Google Calendar — events from calendars you connect, including titles, times, locations, attendees, and descriptions. Posthorn uses the
calendar.readonlyscope. - Google Chat — messages from spaces and DMs in workspaces where you've authorized Posthorn. Uses
chat.spaces.readonly+chat.messages.readonlyscopes. - Slack — messages from DMs, group messages, and channels you're a member of, via Slack User OAuth tokens you grant per workspace.
- iMessage / Apple Messages — recent messages from
chat.dbon your Mac. Read locally; never transmitted off your device. - Apple Notes — content of notes modified recently. Read locally via AppleScript; never transmitted off your device.
- Telegram — messages you send to your Posthorn bot. Used to process commands and corrections.
- Local code repositories — git activity (commit counts, recent commit messages) from folders you've configured. Read locally.
Where your data lives
Your data — including everything Posthorn reads from the sources above — is stored on your own Mac, in a SQLite database and supporting files inside your user library directory. We do not run servers that copy this data, mirror it, or have access to it.
If you opt in to multi-device sync (so your iPhone can show briefings when your Mac is asleep), only the rendered output of your briefings and the action queue is synced — and it is end-to-end encrypted on your Mac before leaving the device, using a key derived from your password that we never see. The encrypted blob is stored in our cloud relay; we have no ability to decrypt it. This is the same architectural pattern Signal uses for messages and 1Password uses for vaults.
How the AI processing works
Posthorn uses large language models to compose briefings and parse your replies. The LLM provider is your choice:
- Bring your own API key (default). You configure your Anthropic or OpenAI key in Posthorn's settings. Your data is sent directly from your Mac to the LLM provider's API; Posthorn does not proxy or store these requests. The LLM provider handles your data under their own privacy policy (Anthropic / OpenAI). Anthropic and OpenAI both offer "do not train on my data" defaults for API access.
- Local LLM. If you configure Posthorn to use Ollama or another local model, no data leaves your Mac for LLM processing.
- Managed (Pro Plus tier). Posthorn provides the LLM. In this mode, prompts are sent through our backend to the LLM provider on your behalf. We do not retain prompt content. We use the same providers' "do not train" defaults.
What we do NOT do
- We do not sell, rent, or share your personal data with third parties.
- We do not train AI models on your data.
- We do not use your data for advertising.
- We do not aggregate or analyze your data across users.
- We do not read your encrypted cloud-synced data — we cannot, even if compelled.
- We do not access data from accounts you haven't explicitly connected.
Your rights and controls
Because your data lives on your device, you have full control:
- Export — Posthorn lets you export everything it knows (memory, tasks, action history) as plain markdown + SQLite at any time. Settings → Export.
- Delete — Disconnect any account at any time; delete its data from Posthorn at any time. Settings → Accounts → Disconnect.
- Revoke OAuth — You can revoke Posthorn's access to your Google, Slack, or other accounts via those providers' own security settings, independently of Posthorn.
- Uninstall — Removing Posthorn from your Mac removes its local database and all stored data.
- Encrypted cloud data — If you've used multi-device sync, you can delete your encrypted blob from our cloud at any time via Settings → Sync → Delete cloud data.
Google API Services User Data Policy
Posthorn's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer information received from Google APIs to others except as needed to provide or improve user-facing features that are prominent in the app, and we do not use the information for advertising. We do not allow humans to read the information unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Posthorn's internal operations and even then only when the information has been aggregated and anonymized.
Children
Posthorn is not directed to children under 13. If you believe a child has provided us with personal information, contact us and we'll delete it.
Changes to this policy
If we update this policy, we'll change the "Last updated" date and, for material changes, notify you inside the app before the change takes effect.
Contact
Questions, requests, or concerns? Email privacy@posthorn.app.