Privacy
Your email lives on your Mac. We never get a copy. The AI works on a stripped-down version — names, emails, and numbers swapped out before anything leaves your computer.
01
Not on our servers. Encrypted on disk so it doesn't sit there in plain text. We don't keep a copy.
02
Names, emails, phone numbers, and identifiers get swapped for placeholders before anything goes to the AI. It works on the meaning, not on you.
03
Our servers see counts, not contents. The most we ever see is "Bryan made 47 requests today."
No jargon. Real answers.
Will you read my email?
No. Your email lives on your Mac, not our servers. We never get a copy.
What about your AI — does it see my stuff?
It gets a stripped-down version. Names, emails, phone numbers, addresses, and identifiers get swapped for placeholders before anything leaves your Mac — so the AI works on the meaning, not on you. The AI provider (Anthropic) holds prompts for 30 days under their standard policy, but with the placeholders, those prompts aren't tied back to you.
Where does my data live?
On your Mac. Encrypted on disk so it isn't sitting there in plain text. We don't keep a copy.
What if someone steals my laptop?
Same protection as anything else on your computer — your Mac password, FileVault, the works. We don't add a separate layer beyond what macOS already does.
Do you sell my data?
No. We don't sell it, share it, or use it to train anything. You pay for the app — that's the whole deal.
Can your employees peek?
No. Our servers don't store the contents of what you send. The most we can see is "Bryan made 47 requests today" — counts, not contents.
Do tracking pixels in marketing emails know I opened them?
Today: yes, the same way they would in any other email client that loads remote images. Apple Mail's "privacy proxy" approach (load images through a relay that hides your IP) is the model we want — it's a near-term roadmap item, not a launch claim. We'd rather tell you the truth than wave a flag we don't fully own yet.
Will Gmail know LSTN is reading it?
Only that an app with your permission is reading it — same as any email client. We use read-only access. We can't send, delete, or change anything in your account.
How do I log into LSTN?
Email and password — same as any web app. You set it up on getlstn.com.
What if I want everything gone?
One button. Wipe Everything. Your messages, your account, your keys — all of it, in one click.
Every prompt that crosses the wire to Anthropic's API is routed through a local pseudonymizer that swaps real names, emails, phone numbers, organizations, places, dollar amounts, addresses, SSNs, and credit-card numbers for placeholder tokens (<P1>, <E1>, <H1>, etc.). The mapping lives in stack memory for the duration of the request and is discarded immediately after; it's never written to disk and never sent over the network. Email body PROSE still goes through (the AI needs to read what you got) — just stripped of identifying tokens.
Email subjects and bodies are encrypted at rest with AES-256-GCM (CryptoKit). The encryption key is stored on-device, tied to your Mac. macOS protections (FileVault, your account password) gate access to the device itself; we don't add a separate password layer on top. The "what we sent to Claude" audit log is also encrypted at rest.
Cross-device sync (when it ships) uses client-side encryption: your Mac generates a 256-bit key, gives you a recovery code, then encrypts every payload before upload. Supabase only ever stores ciphertext. The key never leaves your devices.
The Cloudflare Worker that proxies Anthropic calls logs only counts and status codes — never the request body, never the response body. Anthropic itself retains API requests for 30 days under their standard policy; we're working on getting Zero Data Retention enabled. Until then, the pseudonymization above is what keeps a leak there from being tied back to you.
Short list. Each one named, and what they actually see.
| Service | What they see | Why |
|---|---|---|
| Anthropic | The text of your messages with names, emails, phone numbers, addresses, and identifiers replaced by placeholders. Standard 30-day API retention applies; the placeholders mean it isn't tied back to you. | Powers the AI synthesis. |
| Cloudflare | Request timestamps and byte counts. Encrypted in transit. | Hosts the network pipes between your Mac and our services. |
| Supabase | Your account email and subscription state. Future synced data is encrypted before it ever arrives. | Account storage. |
| Stripe | Email and payment method. | Handles billing. |
| Resend | Email address (sender + recipient). | Sends you account emails (welcome, receipts). |
| That an app with your permission is reading your inbox. Read-only. | You connected your Gmail to LSTN. |
One Brief. Your whole life. Nobody watching.
Join Beta Read the legal Privacy Policy →