Security

How Twang handles your email.

Last updated: April 22, 2026

Twang treats your inbox like portfolio data. Local-first, encrypted, and no telemetry without your consent.

Where your data lives

  • On your Mac: every email, contact, draft, signal, and search you see in Twang. Stored in an encrypted SQLCipher database (AES-256) under your macOS user directory.
  • In Gmail: your actual mailbox. Twang is a Gmail client. It reads and writes through Gmail's official API.
  • In OpenRouter (Cloud mode only): the thread content being analyzed. PII-sanitized before leaving your Mac. Not retained by OpenRouter beyond the inference request.
  • Never on our servers: raw email content, contacts, or drafts. We do not mirror your inbox.

Encryption

  • At rest: AES-256 via SQLCipher on your Mac.
  • In transit: HTTPS (TLS 1.2+) everywhere. Gmail, OpenRouter, Supabase push relay, and auto-update checks.
  • Keys: OAuth tokens and API keys are stored in the macOS Keychain, not in the app database. You can revoke them at any time from Google's security panel.

The AI boundary: Cloud mode vs. Privacy mode

Twang gives you an explicit, per-session choice.

  • Cloud mode (default): triage and drafting run on hosted models (Mistral Small 3.1 and Llama 3.3 70B, via OpenRouter). Thread content is PII-sanitized locally, then sent over HTTPS. The provider sees pseudonyms. Not your names, addresses, or numbers. After inference, pseudonyms are restored on your Mac. Expect ~$1.50/user/month of inference cost.
  • Privacy mode (opt-in): triage and drafting run on a local LLM (Gemma 4B on Apple Silicon GPU). Your email never leaves your Mac. Throughput is lower but latency is consistent.

You can switch modes in Settings → AI & Agents at any time.

Subprocessors

The complete list of services your Mac talks to when Twang is running:

  • Google (Gmail API) — mailbox sync. Governed by Google's policies.
  • OpenRouter — Cloud mode inference only. Not used in Privacy mode.
  • Supabase — push-notification relay (notification IDs only, no content) and alpha invite validation.
  • Cloudflare — auto-update check and website hosting.
  • GitHub — signed build distribution via Releases.
  • HubSpot (optional): if you connect it, Twang calls their API with contact and interaction data you choose to sync.

Telemetry

By default, Twang sends zero behavioral analytics. We do not install Mixpanel, PostHog, Google Analytics, or Sentry without your explicit opt-in. Crash reports are off by default and can be enabled per-session in Settings → Data & Privacy.

What we do not claim (yet)

Twang is in private alpha. We are not yet SOC 2 certified, ISO 27001 certified, or HIPAA-eligible. If your firm requires any of these for deployment, write to us. We will not claim a certification we do not hold.

Reporting a vulnerability

If you discover a security issue in Twang, please email [email protected]. We respond to every security report within 72 hours and credit you in the release notes if the issue is fixed. Please do not publicly disclose the issue until we've had a chance to address it.

Data deletion

You can wipe all Twang data from your Mac at any time via Settings → Data & Privacy → Secure Wipe. This overwrites the database with random bytes, removes Keychain entries, and deletes cached files. Your Gmail mailbox is not affected.

For the technical source-of-truth — partners, retention windows, PII pseudonymization details — read the Privacy Attestation. For your rights under these practices, read the Privacy Policy and Terms of Service.