Privacy attestation

What gets sent, what doesn't, and what happens to it.

Last updated: May 1, 2026

Twang is an AI-powered email client. The product only works because we send small slices of your email to cloud LLMs to classify threads, draft replies, and answer questions about your inbox. This page tells you exactly what gets sent, what doesn't, and what happens to it.

What stays on your Mac

Your email content lives on your laptop, encrypted at rest with SQLCipher (AES-256). The encryption key sits in your macOS Keychain, not in a config file. Twang reads from this local database to render your inbox, search, and run AI features. We have no backup of your email on our servers. We do not see your full inbox. We never have.

What gets sent to the cloud, and when

When you use an AI feature — like asking the Chief of Staff "when's my next flight?", or letting Twang draft a reply — Twang sends a small excerpt (typically about 5 lines) of the relevant message to a cloud LLM. The excerpt is what the model needs to do its job. Most of the message body, your full inbox, your attachments, and any thread you've marked as Privacy mode never leave your Mac.

This only happens when you take an AI action. Opening a thread, archiving it, searching, or just using the inbox as an inbox sends nothing. We do not run background AI on your data unless you explicitly enable it (and even then, see Privacy mode below).

What we strip before sending — PII pseudonymization

Before any prompt leaves your Mac, Twang runs a sanitizer over it. The following categories are replaced with pseudonyms:

  • Names — "Shira Cohen" → Person_A
  • Email addresses — "[email protected]" → Email_B
  • Phone numbers — "+1 (415) 555-0142" → Phone_C
  • Credit cards — "4532-1234-5678-9010" → Card_D
  • Social Security Numbers — "123-45-6789" → SSN_E
  • Israeli ID numbers — "123456782" → IsraeliId_F
  • API keys — "sk-or-v1-abcdef…" → ApiKey_G
  • JWT / OAuth tokens — "eyJhbGc…" → Token_H

The cloud LLM never sees the real values. When the response comes back, Twang restores the pseudonyms locally so you see "Shira" in your draft, not "Person_A". The mapping table lives in memory for the duration of one AI call and is discarded immediately after. The implementation is in src-tauri/src/privacy/sanitizer.rs in our public repo.

What our cloud LLM partners see

  • The pseudonymized excerpt of one message.
  • The pseudonymized subject line.
  • The task hint (e.g. "classify this email", "draft a reply").
  • The model and request settings.

What our cloud LLM partners do not see

  • The full message body.
  • Your other messages in the thread (unless explicitly attached).
  • Your contact list.
  • Your attachments, photos, or files.
  • Your full inbox.
  • Any thread you've marked as Privacy mode.
  • Your real names, emails, phones, IDs, or keys (those are pseudonymized — see above).

Cloud LLM partners we use

For users on Twang's managed plan (alpha invite redeemed), AI calls route through proxy.twang.io (a Cloudflare Worker we run) which then forwards to:

  • Mistral La Plateforme — for fast classification (Mistral Small 3.1).
  • Groq — for drafting (Llama 3.3 70B).
  • OpenRouter — fallback when Groq is unavailable.

For free-tier users (no managed invite), AI calls go directly to OpenRouter via the user's own API key. Twang never sees the API key after the user pastes it into Settings; it's stored locally in macOS Keychain.

We do not use Anthropic, OpenAI, Google, or Microsoft for inference. We have written agreements with each partner covering: prompts are processed in flight, not used for training, and discarded according to their published retention windows. We re-evaluate this list quarterly and announce any addition before it goes live.

Your email never trains a model

Each of our partners has confirmed that prompts sent through Twang are not retained for training. Mistral La Plateforme: zero retention by default. Groq: zero retention. OpenRouter: forwards to upstream providers, each of which we vet individually.

If a partner ever changes this — meaning they want to use prompts for training — we will switch off that partner before the change takes effect, or migrate to one who continues to honor the no-training stance. We monitor partner ToS changes and treat any retention-policy regression as a security incident.

What Twang stores on its own servers

Almost nothing. Specifically:

  • Supabase Auth session tokens — so you can sign in once and have AI work across launches. These are short-lived JWTs; we never see your password (Supabase handles auth).
  • Monthly usage counters — anonymous integers in a subscriptions table (e.g. "this user has used 45,000 tokens this month") so we can bill the managed plan correctly.
  • Stripe webhook events — when your subscription changes. We see your Stripe customer ID and the event type; not your card.
  • Alpha invite codes — the list of who's been invited, and whether each code has been redeemed.

That is the entire list. We do not store: your email, your contacts, your attachments, your AI prompt history, or your AI response history. We could not show you a single email of yours from our servers because we don't have any.

Privacy mode — local-only AI

If you pick Privacy mode in Settings → AI (or during onboarding), Twang routes every AI call to a local model running on your Mac (Gemma 4B, ~3GB on-disk). No prompt leaves your laptop.

The IRON RULE in our code: inference_mode=privacy + valid managed JWT in keychain must NEVER hit the proxy. We have unit tests that lock this behavior in place — if a future code change tries to fall back to cloud from privacy mode, our build fails.

Privacy mode requires at least 24GB of RAM. Below that threshold, Gemma plus your normal app load thrashes swap, so we disable the option at install rather than ship a broken experience.

Retention windows

  • Email content — your Mac, encrypted. Until you delete it locally.
  • AI prompts in flight — cloud partner. Per their published policy, typically zero retention.
  • AI responses — your Mac, encrypted. Until you delete the thread.
  • Supabase auth tokens — Supabase managed by us. Until you sign out or revoke (≤30 days).
  • Usage counters — our Supabase. Reset monthly; aggregate logs kept 12 months.
  • Stripe events — our Supabase + Stripe. 7 years (tax/financial records).

Your rights

  • Export your data — Settings → Data → Export. You get a JSON dump of everything Twang has stored locally on your Mac.
  • Delete your account — Settings → Account → Delete. We purge your Supabase auth row, your subscription row, your usage counters, and your invite-redemption record. The local SQLCipher database on your Mac stays on your Mac (we cannot reach it); the uninstall instructions tell you how to delete it.
  • Switch to Privacy mode at any time — your future AI calls go local. Past prompts that already left your Mac were already discarded by our partners per their retention policy; we have no way to "recall" them.
  • Audit the source — our app code is open-source. The PII sanitizer, the proxy router, the IRON RULE tests — all readable.

Compliance

  • GDPR — Twang processes EU residents' data on the basis of legitimate interest (delivering an email client they asked for). The partners listed above have GDPR-compliant data-processing agreements with us. EU residents can exercise their rights via the controls listed above or by emailing [email protected].
  • CCPA — California residents have the same controls. We do not sell personal information.
  • HIPAA — Twang is not HIPAA-compliant. Do not use it for protected health information.
  • SOC 2 / ISO 27001 — Not yet audited. We're a small team; this is on the roadmap when revenue justifies the audit cost.

Reporting and contact

For security disclosures, email [email protected]. We respond to security disclosures within 72 hours and aim to resolve critical issues within 7 days. We do not (yet) run a paid bug bounty program, but we will publicly credit reporters who follow responsible disclosure.

Changes to this attestation

We update this page when our architecture changes in ways that affect what data flows where. Major changes (a new partner, a change in PII handling, a change in retention) trigger an in-app modal on next launch with a "Read full attestation" button that brings you back to this page.

For the high-level summary, read Security. For the legal frame, read the Privacy Policy and Terms of Service.