Effective July 12, 2026
Privacy Policy
QuietHand is a personal communication assistant designed around a local encrypted record and explicit user decisions. This policy explains what data the app accesses, why it uses it, where it goes, and how to remove it.
Google data QuietHand accesses
When you connect Google, QuietHand accesses the Google data needed for the features you enable:
- Gmail: messages, threads, headers, labels, account address, and mailbox-change history.
- Google Calendar: calendar and event details, including availability; the app can create an event after you approve it.
- Google Contacts: names, email addresses, and contact details used to resolve people and relationships.
How QuietHand uses Google data
QuietHand uses this data to show connected-account status, identify relevant conversations, build the owner’s private relationship context, prepare suggested replies, detect scheduling requests, check calendar conflicts, and perform a reply or calendar action after the user approves it. These are visible productivity features in QuietHand.
QuietHand does not sell Google user data, use it for advertising or credit decisions, expose it to data brokers, or use it to train or improve an AI model beyond the individual user’s personalized QuietHand features.
Storage and processing
- On the Mac: imported records, relationship context, prepared cards, and the audit ledger are stored in a SQLCipher-encrypted local database. Google OAuth tokens are stored in macOS Keychain.
- OAuth broker: Cloudflare transiently processes the authorization code and Google token response at
connect.quiethand.ai. QuietHand application code does not store or log those bodies. - Personalized AI: when the owner enables the drafting brain, the relevant message content and context are sent through the owner’s authenticated Claude command-line account to Anthropic to triage and draft for that owner. Tools are disabled for these model calls. Anthropic’s handling is governed by the owner’s agreement with Anthropic.
- Optional phone relay: if enabled, selected app state is sent to Supabase as end-to-end encrypted envelopes. A Google connection started on mobile also uses a single-use, 10-minute Supabase row containing the state hash and an authorization code encrypted to the Mac. Supabase receives ciphertext and transport metadata, not the keys needed to read the content.
QuietHand operators do not read Google user data unless the user gives explicit consent for specific support, access is required to address a security incident, or access is legally required.
Retention, revocation, and deletion
QuietHand retains its local encrypted working record until the owner deletes it. Disconnecting Google revokes the Google grant when reachable and removes the local OAuth token, stopping future access. Existing local records are retained so a reconnect can resume without reprocessing; they can be deleted separately.
See the data deletion instructions to revoke Google access and remove local and optional relay data. A user can also revoke QuietHand from the Google Account third-party connections page.
Security
QuietHand uses TLS in transit, PKCE and single-use OAuth state, macOS Keychain for secrets, encrypted local storage, signed audit records, narrow authenticated interfaces, and encryption for optional relay content. No system can guarantee absolute security.
Google Limited Use disclosure
QuietHand’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Changes and contact
Material changes will be published here with a new effective date and, when required, presented for consent before a new use of Google data begins. For privacy questions or deletion help, use the contact form at quiethand.ai.