Privacy Policy

Last updated: April 9, 2026

HavenAI is a personal cybersecurity product designed around a single principle: your data should stay on your device. This page describes exactly what we do and do not collect, how long we keep it, and your rights. If anything is unclear, reach out at hello@havenai.com.

1. What runs on your device

When you install the HavenAI desktop app, a local agent runs on your computer and monitors activity across four areas: files, running processes, network connections, and (optionally) your email inbox. All scanning, scoring, and threat detection happens on your machine. The following never leave your device:

  • File paths, file contents, and file change history.
  • The list of processes running on your computer or their command lines.
  • The hostnames, IP addresses, or URLs your computer connects to.
  • The contents of any email, including subject lines and message bodies.
  • Your IMAP credentials (stored encrypted in your operating system’s keychain).
  • Browsing history, keystrokes, clipboard, or screen contents (we don’t read these at all).

2. What syncs to the cloud

A small amount of data is synced to our backend so you can see it on the web dashboard and receive notifications:

  • Your account — email address, hashed password, display name.
  • Registered devices — a device name, operating system, and the timestamp of the most recent heartbeat. This is how we show whether monitoring is live on the dashboard.
  • Alert summaries — when the local agent flags something suspicious, a short scrubbed summary (severity, category, description, recommendation) is sent to the cloud so it appears on the dashboard. Full details like exact file paths are stripped on-device before syncing.
  • Your preferences — which monitors are on, notification channels, safelist entries.
  • Anonymous crash reports — if the agent crashes, we receive the error type, stack trace, and agent version. No file paths, process names, or user content is included.

3. What we never collect

  • Behavioral analytics, usage tracking, or session recordings.
  • Advertising identifiers or marketing cookies.
  • Telemetry on which buttons you click or pages you view.
  • Third-party trackers, pixels, or beacons.
  • Location data or device identifiers beyond the device ID you register.

4. How we use alerts

Alerts synced to our backend are used only to:

  • Show them to you on your dashboard.
  • Send you notifications through the channels you’ve enabled (email, SMS, voice).
  • Answer your questions when you ask the built-in chat assistant about an alert.

Alerts are never sold, shared with advertisers, or used to train third-party models. When you ask the chat assistant a question, the alert context for that specific question is sent to an AI provider (currently OpenAI) to generate the response — this is the only case where alert data leaves our backend, and only for the question you actively asked.

5. Retention

Alerts are kept on our backend for up to 90 days. You can delete individual alerts from the dashboard at any time. If you delete your account, all account data, devices, alerts, and preferences are permanently removed within 30 days.

6. Security

  • All network communication between the desktop app and our backend uses TLS.
  • Passwords are hashed with bcrypt; we never store them in plaintext.
  • Email and account credentials on your device are encrypted using your operating system’s secure storage (macOS Keychain, Windows DPAPI).
  • Authentication uses short-lived access tokens and refresh tokens.

7. Your rights

You can view, export, or delete any data we hold about you at any time:

  • View — the dashboard shows everything that exists on our backend about your account.
  • Delete individual alerts — use the dashboard alerts page.
  • Unlink a device — use Settings in the dashboard or desktop app. This wipes the device record and all alerts tied to it.
  • Delete your account — email us at hello@havenai.com and we’ll permanently remove everything within 30 days.

8. Children

HavenAI is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have, contact us and we’ll delete it.

9. Changes to this policy

If we make material changes to this policy, we’ll update the date at the top and notify you through the dashboard before they take effect. Continued use of HavenAI after a change means you accept the updated policy.

10. Contact

Questions or requests about privacy: hello@havenai.com