Legal

Privacy Policy

Last updated: April 22, 2026

Twang ("we", "us", "our") is an AI-native email client for macOS developed by GroundUp Ventures Ltd. This policy describes how we handle your data.

Our core principle

Twang is a desktop application. Your emails, contacts, and data are stored locally on your Mac in an encrypted database. We do not have access to your email content except as described below when you opt into cloud AI inference.

What data stays on your Mac

  • All email content (messages, attachments, threads)
  • Contact information and relationship data
  • AI-generated signals, drafts, and tags
  • Search history and saved searches
  • Voice profile and writing style analysis
  • Local AI model files (Privacy mode)
  • Your encrypted SQLite database (AES-256 via SQLCipher)

What leaves your Mac

  • Gmail API: Twang connects to Gmail to sync your emails. This uses Google's OAuth 2.0. We never see or store your Google password. Email content is fetched directly from Gmail to your Mac.
  • Cloud AI inference (default): In Cloud mode, Twang sends thread content to OpenRouter for triage and drafting. We use Mistral Small 3.1 (classification) and Llama 3.3 70B (drafting). Content is PII-sanitized before sending. Names, email addresses, phone numbers, and sensitive data are replaced with pseudonyms locally, sent to the model, and de-sanitized on return. Switch to Privacy mode to keep inference entirely on your Mac using a local model (Gemma 4B).
  • Push notifications: Gmail sends a notification ID (not email content) to our relay server when new mail arrives. This contains only your email address and a numeric history ID.
  • Invite validation: When you enter an invite code, the code, your name, and email are sent to our validation server.
  • Auto-update check: Twang periodically checks for updates via a Cloudflare Worker. This request contains your current version number and platform. No personal data.
  • HubSpot (optional): If you connect HubSpot, contact and interaction data is synced to your HubSpot account via their API.

What we do not do

  • We do not read, store, or have access to your raw emails outside the opt-in cloud AI path described above
  • We do not sell your data to anyone
  • We do not use your data for advertising
  • We do not track your behavior with analytics by default
  • We do not share your data with third parties beyond the services listed above

PII sanitization (Cloud mode)

Before any email content is sent to a cloud AI provider, Twang's PII sanitizer replaces sensitive information with pseudonyms:

  • Email addresses → [EMAIL_1], [EMAIL_2]
  • Phone numbers → [PHONE_1], [PHONE_2]
  • Names → [PERSON_1], [PERSON_2]
  • Company names → [COMPANY_1], [COMPANY_2]
  • Credit card numbers, SSNs, API keys → [REDACTED]

The AI sees sanitized text. After inference, pseudonyms are restored locally on your Mac. The AI provider never receives the original PII.

Data encryption

Your local database is encrypted with AES-256 via SQLCipher. The encryption key is derived from your macOS Keychain. API keys and OAuth tokens are stored in the macOS Keychain, not in the database.

Data deletion

You can delete all local data at any time via Settings → Data & Privacy → Secure Wipe. This overwrites the database with random bytes, removes Keychain entries, and deletes cached files. Your Gmail account is not affected.

Third-party services

  • Google Gmail API — for email sync (governed by Google's Privacy Policy)
  • OpenRouter — for Cloud mode inference (optional, PII-sanitized)
  • Supabase — for push notification relay and invite validation (no email content)
  • Cloudflare — for auto-update checks and website hosting
  • GitHub — for app distribution via Releases

Children's privacy

Twang is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

We may update this policy as Twang evolves. Material changes will be communicated via the app's update notes. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions about privacy? Email [email protected].

Note: This document is a working draft tailored to current alpha behavior. It will be reviewed by counsel before public launch. If you spot something that needs updating, email [email protected].