Privacy Policy

Last updated: 2026-05-10 · Beta

Privacy is a feature of LSTN, not a footnote. We're explicit below about what stays on your Mac, what crosses to our servers, what reaches third parties, and what we don't collect at all.

The short version

Your mail and messages stay on your Mac. Encrypted at rest with AES-GCM.
What goes to Anthropic: synthesis prompts that include excerpts of your signals (titles, body snippets, sender names, dates) — sent through our Cloudflare Worker so we can audit cost + outages.
What goes to our server: account email, hashed password, Stripe customer ID, an audit log of Claude API calls (counts and timing — not content), and any feedback you submit. If you use cross-device sync (when iOS/iPad ship), synthesized signals also sync — encrypted with a key only you hold.
What we don't collect: usage telemetry, click tracking, analytics, cookies, advertising IDs, third-party trackers.

1. Information we collect

From you, directly

Account email and password. Stored in Supabase Auth. Passwords are salted + hashed; we never see the plaintext.
Payment information. Card details go directly from your browser to Stripe via Stripe Elements; we never see, store, or process them. Stripe returns a customer ID we keep linked to your account.
Feedback you explicitly submit. When you tap thumbs-down on a signal or send a note from Settings → "Tell us what you think," we store the feedback content (signal title, your note, app version) so we can act on it. We use it to drive product changes; we don't sell it or share it with third parties.

From your Mac, processed locally

Mail, messages, calendar events, contacts, reminders, notes, browser history, and watched folder contents from sources you connect (Gmail, Apple Mail, iMessage, Apple Calendar, Apple Contacts, etc.).
This data is read by the LSTN Mac app and stored in an encrypted SQLite database on your Mac (AES-GCM via SQLCipher; the master key lives in your macOS Keychain).
It does not leave your Mac in raw form. Excerpts of it cross to Anthropic at synthesis time (see §3 below).

From the Worker (operational logs)

Each call your Mac makes through our Anthropic proxy creates a row in an audit log: timestamp, user ID, model used, approximate input token count, response status, latency. The prompt content is not stored. If Anthropic returns an error, the first 500 characters of the error response are stored for debugging — this may include a fragment of the failing prompt in rare cases.
Standard request logs (IP, User-Agent, response code) are retained briefly by Cloudflare and Supabase for security and abuse-prevention purposes.

2. Information we don't collect

Usage telemetry. The Mac app does not report which screens you visit, how often you open it, which signals you click, or any other behavioral data.
Cookies and trackers. getlstn.com uses no analytics cookies, no advertising pixels, no third-party trackers. The site sets a small handful of strictly-necessary functional cookies only via Stripe and Supabase during signup/checkout.
Advertising identifiers. None.

3. What we send to Anthropic

LSTN's intelligence comes from Claude, Anthropic's large language model. To produce your daily Brief, the Mac app sends the following to Anthropic via our Cloudflare Worker:

Excerpts of recent emails and messages (subject lines, sender/recipient identifiers, body snippets — not necessarily full message bodies).
Calendar event titles, attendees, dates.
Snippets from documents in folders you've explicitly added.
Names of people LSTN has resolved through your Contacts.
Anonymous, aggregated cross-user feedback patterns (no individual user content) so the prompt knows what signals other users have rated as noise.

Anthropic processes these requests under their own Privacy Policy. We have not yet enabled Anthropic's Zero Data Retention option, meaning Anthropic may retain prompts for up to 30 days for trust and safety review. We're in the process of requesting ZDR; until that lands, please understand that prompt content is briefly visible to Anthropic.

4. What we send to other third parties

Service	What we share	Why
Stripe	Email, payment method (card), billing address.	Process your subscription. Stripe is the source of truth for billing.
Supabase	Email, password hash, account metadata. Encrypted signal payloads (when cross-device sync is active).	Authentication and database hosting.
Cloudflare	Request metadata (IP, User-Agent), proxied API request bodies in transit.	Hosts our Worker and the LSTN.dmg download.
Anthropic	Synthesis prompts (see §3).	Generate your daily Brief.
Resend	Email address, message content (welcome email, sign-in link, feedback alerts).	Send you transactional emails.
Google (when connected)	OAuth scopes you grant (Gmail readonly, Calendar readonly, Contacts readonly).	Read your Gmail / Calendar / Contacts to build the Brief. The actual content stays on your Mac after fetching.

5. Cross-device sync

When iPad and iPhone apps ship and you opt in to sync, your synthesized signals (the Brief output, not your raw mail) are uploaded to Supabase encrypted with a master key stored in your iCloud Keychain. We do not have access to that key and cannot read your synced signals on the server. If you lose access to your iCloud Keychain, your synced signals on our server become unreadable and must be regenerated locally.

6. Data retention and deletion

Account data: kept as long as your account is active.
Audit log entries: retained for 12 months for cost analysis and abuse detection, then purged.
Stripe records: kept for the legally-required period (typically 7 years for tax/financial records).
Mail content on your Mac: stays as long as you keep the LSTN app installed. The app's "Wipe Everything" command in Settings removes the local database. Uninstalling the app also removes it.

To delete your account and personal data from our servers, email hi@getlstn.com. We process deletions within 30 days. You can also export the data we hold about you on request.

7. Security

Network traffic is TLS 1.2+ end to end. The local SQLite database on your Mac is encrypted with AES-GCM via SQLCipher. The encryption key lives in your macOS Keychain. Passwords are hashed by Supabase using bcrypt-equivalent algorithms; we never see plaintext passwords. No security control is perfect; we recommend you also enable FileVault on your Mac so the local database is protected at the OS level too.

8. Children

LSTN is not intended for users under 18. We don't knowingly collect data from children. If you believe a child has signed up, contact us and we'll delete the account.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data; to object to certain processing; or to lodge a complaint with a supervisory authority. Email hi@getlstn.com to exercise any of these rights.

10. Changes to this Policy

If we materially change how we collect or use data — for example, enabling Anthropic ZDR, adding a new third-party processor, or changing retention periods — we'll notify you by email and update the "Last updated" date above.

11. Contact

Questions, corrections, or requests: hi@getlstn.com.