Caspian Privacy Policy

Caspian runs locally on your Mac. It connects to data sources you authorise (Gmail, Google Calendar, iMessage, Apple Calendar, Apple Notes, Contacts, browser history, and others) and uses them to draft replies, prepare briefings, surface conflicts, and otherwise act as a personal chief of staff. Most processing happens on your device. Where AI features require server-side processing, the rules in Section 4 apply.

Information You Provide

• Account information: email address and name used to sign in.
• Connected accounts: when you sign in to Google through Caspian, we receive OAuth access and refresh tokens scoped to the permissions you grant. We never see your Google password.
• Support communications: messages you send to our team.

Information Collected Automatically

• Usage and diagnostic data: anonymised data about feature usage, app version, macOS version, and crash reports, used to maintain stability and improve the product.

Data Accessed Through Google APIs

When you connect Google, Caspian accesses Gmail and Google Calendar data on your behalf, scoped to the OAuth permissions listed in Section 3. This data is used solely to provide the features you request inside Caspian.

Caspian requests the following OAuth scopes. We request only the scopes necessary to provide the Service.

• https://www.googleapis.com/auth/gmail.readonly — read Gmail messages and labels so Caspian can search your inbox, summarise threads, surface urgent items in your briefing, and provide context for replies.
• https://www.googleapis.com/auth/gmail.modify — label, archive, organise, mark as read, and send Gmail messages on your behalf when you ask Caspian to triage your inbox or send replies you have authored or approved.
• https://www.googleapis.com/auth/calendar — read your calendar for daily briefings, meeting prep, and scheduling context, and create or modify events when you ask Caspian to.

You can review and revoke these permissions at any time at myaccount.google.com/permissions.

We use the data Caspian accesses to:

• Provide Caspian’s core features: briefings, search, triage, draft suggestions, calendar prep, and reply generation.
• Authenticate you to Google and refresh access tokens so the Service continues to work without re-prompting you.
• Send transactional communications such as account verification, billing, and security alerts.
• Diagnose technical issues using anonymised diagnostic data.
• Respond to support requests.

We do not use Google user data for advertising or any purpose unrelated to Caspian’s core functionality.

Caspian’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we affirm that Caspian:

• Uses Google user data only to provide or improve user-facing features that are prominent in the Caspian experience.
• Does not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with the user’s explicit consent.
• Does not use Google user data for serving advertisements, including retargeted, personalised, or interest-based advertising.
• Does not allow humans to read Google user data, except with the user’s affirmative agreement for specific user-supplied messages, when necessary for security purposes (such as investigating abuse), to comply with applicable law, or for the app’s internal operations where the data has been aggregated and anonymised.

Caspian uses large language models to generate briefings, summarise threads, draft replies, and answer your questions about your data.

Local Processing

Where possible, Caspian processes your data on your device using local models. When processing happens locally, your data never leaves your Mac.

Server-Side Processing

Some advanced features require server-side AI processing. When this occurs:

• Data is transmitted using TLS encryption.
• Data is processed transiently for the duration of the request (typically seconds) and is not persisted on our servers afterward.
• Our AI infrastructure providers are contractually prohibited from retaining your data or using it for any purpose other than completing the request.

No Use of Workspace Data for AI Training

Caspian does not use Google Workspace data (Gmail or Google Calendar content obtained through the scopes listed in Section 3) to develop, train, fine-tune, or improve any generalised or non-personalised AI or machine learning model. We do not share Google Workspace data with third parties for the purposes of training their AI/ML models.

Your Control

You can disable server-side AI features at any time in Caspian’s settings, restricting all processing to your local device.

Caspian is designed local-first. The data Caspian reads is stored on your Mac in ~/.caspian and is not uploaded to our servers in normal operation, with the following exceptions:

• Encrypted backups: when you opt in to cloud backup, an encrypted snapshot of your local database is uploaded so the Service continues to work when your Mac is offline. Snapshots are encrypted on your device with a key you control.
• OAuth refresh tokens: stored in our cloud so the Service can re-authenticate to Google without prompting you.
• Transient AI requests: described in Section 6.

We implement encryption in transit (TLS), encryption at rest for stored data, regular security reviews, and access controls. No system is completely secure. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities in accordance with applicable law.

We share data only with the following named service providers, each under contract to protect your data and prohibited from secondary use. Where Google user data is transmitted, the receiving party is explicitly identified below.

Providers that may receive Google user data

• Large language model (Anthropic, Claude family): when server-side AI features are used, including briefings, summarization, and contextual reply drafting, Gmail and Google Calendar content may be transmitted to Anthropic for the duration of an inference request and is not retained. Anthropic processes the request under a zero-retention data processing agreement.
• Voice AI brain (OpenAI, gpt-realtime): when you place or receive a voice call with Caspian, OpenAI processes the conversation. If Caspian surfaces Gmail or Google Calendar content during the call (for example, reading an email aloud), that content enters the OpenAI Realtime conversation context as text. OpenAI processes it for the duration of the call.
• LLM observability (Raindrop): full prompt and completion text from Caspian’s AI inferences are sent to Raindrop for telemetry, debugging, and quality monitoring. This may include Gmail or Google Calendar content embedded in those prompts. Raindrop retains this data for observability purposes only and is contractually prohibited from using it for any other purpose.
• Managed email transport (stableemail.dev): an opt-in alternative to Google’s Gmail API for outbound mail. When this transport is selected by the user, the email body, recipients, and subject are sent to stableemail.dev for delivery. The default Gmail send path uses Google’s API directly and bypasses this provider.

Providers that do not receive Google user data

• Application hosting (Vercel): runs Caspian’s server-side functions. Receives passed-through data only for the duration of a request and does not retain it.
• Database and storage (Supabase): persistent backend for OAuth refresh tokens (encrypted at rest), conversation metadata, and encrypted snapshots of your local Caspian database. Snapshot contents are encrypted on your device before upload; Supabase cannot read them.
• Voice telephony (Twilio): handles the PSTN audio stream for voice calls. Audio is transmitted to OpenAI for processing; Twilio does not retain call audio beyond standard telephony-provider retention.
• Voice relay hosting (Railway): hosts a WebSocket bridge between Twilio and OpenAI for voice calls. Audio transits but is not stored.
• Messaging relay (Linq): outbound iMessage and SMS delivery on your behalf. Receives only the outbound message content and recipient. Does not receive Gmail or Google Calendar content.
• Web search and enrichment (stableenrich.dev, including Exa and Firecrawl): when you ask Caspian to research a person, company, or URL, the search query or target URL is sent to these services. Gmail and Google Calendar content is not transmitted.
• Outbound voice tasks (stablephone.dev): when you ask Caspian to place a call on your behalf, a phone number and task description are sent. Gmail and Google Calendar content is not transmitted unless explicitly included in your task description.
• File upload (stableupload.dev): when an image or file needs to be hosted for a tool to process it, the file is sent here. Gmail and Google Calendar content is not transmitted.
• Usage analytics (Amplitude): anonymized feature-usage and crash diagnostic events. No Gmail, Google Calendar, or other user content is transmitted.

We do not sell your personal information or your Google user data.

We may also disclose information if required by law, legal process, or government request, or to protect the rights, safety, or property of NOX, our users, or others.

• Account information: retained while your account is active and for up to 30 days after deletion to allow recovery.
• OAuth tokens: retained while your Google connection is active. Revoked tokens are deleted within 30 days.
• Google Workspace data: not stored on our servers in normal operation. When server-side processing occurs, data is held transiently (typically seconds) and not persisted.
• Encrypted snapshots: retained while cloud backup is enabled. Deleted within 30 days of disabling backup or deleting your account.
• Diagnostic data: retained for up to 90 days.

Depending on your location, you may have some or all of the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data, subject to legal retention requirements.
• Portability: request your data in a structured, machine-readable format.
• Withdraw consent: revoke Google permissions at myaccount.google.com/permissions or disconnect any source from inside Caspian at any time.

To exercise any of these rights, email us at team@heynox.com. We will respond within 30 days.

Caspian is operated from the United States. If you access Caspian from outside the US, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection.

Caspian is not intended for users under 18. We do not knowingly collect personal information from children. If we discover that we have collected data from a person under 18, we will promptly delete it.

We may update this Privacy Policy from time to time to reflect changes to our practices, the Service, or legal requirements. For material changes, we will provide notice via email or in-app notification at least 30 days before the changes take effect. The “Last updated” date above indicates the most recent revision.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

NOX Devices, Inc.
team@heynox.com