Your family's privacy is the foundation

1. 1.
   Your data belongs to your family. We collect only what's necessary to run the service like email, payment details, anonymized telemetry (page visits, button clicks, etc. but never page or chat content), and nothing more.
2. 2.
   Zero knowledge at rest. Your stored data is fully encrypted at rest. Our devs cannot read it, even if we wanted to. Server admins cannot access it either thanks to confidential compute implementation.
3. 3.
   Minimal data in transit. When your messages are processed by the AI assistant, only the needed portion of context is sent to the cloud LLM server, encrypted over TLS, and never used to train AI models under commercial terms.
4. 4.
   No data selling, no ads, no profiling. We have only one single business model, subscription. We will never sell your data, show you ads, or build profiles to monetize your family's information.
5. 5.
   Radical transparency. Where we have limitations, like necessity of using cloud AI for inference, we tell you exactly how it works rather than hiding behind vague language.

Information You Share With Your Assistant

During onboarding and normal use, you may share the following with your Polipo assistant. All of this is stored exclusively inside your family's encrypted container, not in any central Polipo database:

Information We Do Handle Directly

A small amount of information necessarily passes through our infrastructure outside of your encrypted container:

Information We Do Not Collect

We do not collect location data, contacts from your phone, photos or media (except media you explicitly share with the assistant, which are stored encrypted inside the container), biometric data, or data from other apps on your device.

What Happens When You Send a Message

When you send a message to Polipo, the minimum context needed to generate a helpful response is sent to our AI inference provider (currently Anthropic & Gemini) over an encrypted TLS connection. The AI processes your message and returns a response. Here's what's important to understand:

Our Roadmap Toward Self-Hosted AI

We recognize that sending any data to a third-party AI provider, even with no-training agreements and TLS encryption, is a trust dependency. As open-source AI models mature, we are actively working toward self-hosted inference that would keep all processing within our confidential computing environment, eliminating even short-term third-party data exposure. We will update this policy as that capability becomes available.

Google Workspace

If you connect Google Calendar, Gmail, Google Drive, or Google Sheets, Polipo accesses these services using OAuth 2.0 tokens that you explicitly authorize. We request only the permissions necessary for the features you use. You can revoke access at any time through your Google Account settings. We do not store copies of your Google data beyond what is needed for active session context.

External Messaging Channels

Messages sent through these platforms are delivered to Polipo via secure, encrypted connections. However, the third-party platform itself also processes and stores its own copy of the conversation according to its own privacy policy. Specifically:

• WhatsApp and Telegram store encrypted versions of messages on their servers. While these messages are encrypted, the platforms have their own data retention and access policies.
• SMS messages are transmitted through your mobile carrier and our telephony provider (Telnyx). Carriers and Telnyx may retain message metadata or content in accordance with their own policies and applicable law.
• Alexa and other voice assistants process your voice commands through their own AI systems before passing the text to Polipo. Amazon (or the relevant provider) retains data according to their privacy policy.

We encrypt all data received from these platforms the moment it reaches our servers and apply the same per-family isolation and encryption protections described above. However, we cannot control what the third-party platform retains on their end. We recommend reviewing each platform's privacy policy before choosing to use it as a channel for Polipo.

Payment Processing

Payments are handled by Stripe. We do not store your credit card number or payment credentials on our servers. Stripe's handling of your payment information is governed by their privacy policy.

We use your information for the following purposes and no others:

• To provide and operate the service: managing your family's calendar, tasks, reminders, grocery lists, and other household functions.
• To personalize your experience: remembering your preferences, your family's schedules, and context from prior conversations to provide proactive, helpful assistance.
• To communicate with you: sending push notifications, SMS reminders, or email summaries that you've opted into.
• To improve the service: analyzing anonymized, aggregated usage patterns (not conversation content) to fix bugs and build better features.
• To ensure security: detecting and preventing unauthorized access or abuse.

We do not use your data for advertising, profiling, or any purpose beyond operating the service you've signed up for.

We share your information only in these limited circumstances:

• AI inference providers (currently Anthropic & Gemini): minimal message context, encrypted in transit, never used for model training. May be briefly retained for abuse monitoring per commercial terms.
• Connected services you authorize (Google Workspace, Telnyx for SMS/voice, Stripe for payments): only the data necessary to perform the integration you requested.
• Legal requirements: if required by law, subpoena, or court order. We will notify you unless legally prohibited from doing so.
• Business transfers: in the event of a merger or acquisition, your data would remain subject to this privacy policy.

We retain your data only as long as you are using the service. You can delete or destroy the entire family pod at any time, wiping all data you shared to date with your assistant.

• Conversation history: stored in your family's encrypted container for as long as your account exists. You can delete individual conversations or your entire history at any time.
• Connected service tokens: OAuth tokens are stored only while the integration is active. Revoking access deletes the token.
• AI processing: your conversations are never used to train AI models. The inference provider may retain data for a short period for safety and abuse monitoring, after which it is deleted.
• Account deletion: when you delete your account, your family's container and all data within it are destroyed. Since we cannot read the encrypted contents, there is nothing to selectively retain.

Regardless of where you live, we provide every Polipo user with the following rights:

For users in the European Union, United Kingdom, or California, you have additional rights under GDPR, UK GDPR, or CCPA respectively, including the right to object to processing, restrict processing, and lodge complaints with supervisory authorities. Contact us at privacy@polipo.ai to exercise any of these rights.

Polipo is designed for families, which means children's information may be part of the household data you share. We treat all family data with the same high level of protection described in this policy. We do not knowingly collect personal information directly from children under 13 (or the applicable age in your jurisdiction) without parental consent. The parent or guardian who sets up the family account is responsible for managing children's information within Polipo.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Polipo app or via email at least 30 days before the changes take effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your family's data, we'd love to hear from you: