Privacy & security
What alfred_ stores, how it's protected, and what we never do with your data.
This page describes what alfred_ does with your data in plain language. The legal version is in our Privacy Policy.
What we store
- Email content — alfred_ needs to read your email to triage it. Content is encrypted at rest and only used to run your assistant.
- Calendar events — same model. Encrypted, used only for your scheduling.
- OAuth tokens — encrypted; we never have your password.
- Tasks, notes, kanban cards, memory entries — your alfred_-native data, encrypted at rest.
- Conversation history — what you said to alfred_ and what alfred_ said back.
- Activity log — what actions alfred_ took on your behalf, for audit.
What we never do
- Sell or share your data with anyone, ever
- Train models on your email — your content is not used to improve alfred_ or any third-party model
- Read your texts to other people — alfred_ only sees what you text to alfred_, not your full message history
- Store your password — auth is OAuth-based, we never see passwords
Where data lives
- US-based infrastructure (Supabase, Anthropic, OpenAI)
- Encrypted in transit (TLS) and at rest (AES-256)
- Backed up daily, retained per our retention policy
Third parties
We use third parties for specific functions:
- Anthropic (Claude) and OpenAI for language models — your data is processed transiently and not retained beyond the request
- Supabase for storage
- Stripe for billing
- Linq for SMS
Each is contractually bound to handle your data only for the purpose of running your assistant.
Deleting your data
Cancel and request deletion: see Cancel or pause. We delete your data within 30 days of account closure.
Reporting a security issue
Email security@get-alfred.ai with details. We respond within 24 hours.