Skip to content
← Back to home

Privacy Policy

Last updated: July 1, 2026

This Privacy Policy describes how Beckett AI (“Beckett,” “we,” “us,” or “our”) collects, uses, stores, and shares your personal information when you use the Beckett service (the “Service”), including our web application, mobile application, and related features.

1. Information We Collect

Information you provide

  • Account information: email address, display name, and authentication credentials.
  • Content you create: messages, notes, journal entries, tasks, events, habits, contacts, projects, recipes, media library items, and any other information you share through the Service.
  • Connected service data: when you connect third-party accounts or device services (such as Apple Calendar), we access and process data from those services at your direction.
  • Files and images: photos, documents, and other files you upload.
  • Communications: messages you send to our support team.

Information collected automatically

  • Device information: device type, operating system version, and app version (collected during push notification registration).
  • Location: approximate location, including city/country and rounded latitude/longitude when you grant location permission, used for weather, local context, and travel-aware features. You can deny location access and Beckett will function without it.
  • Usage data: anonymized, aggregated page views and performance metrics collected through privacy-focused analytics tools. This data cannot identify individual users.
  • Session data: IP address and browser/device identifier associated with your login session, used for security and fraud prevention.

Information derived from your use

  • AI-extracted knowledge: Beckett processes your messages and content to extract structured notes, identify people and topics, organize information, and provide personalized responses.
  • Text embeddings: mathematical representations of your notes and messages. These embeddings are not stored as readable text.

2. How We Use Your Information

We use your information to:

  • Provide the Service: process your messages, generate AI responses, store your content, sync connected services, and deliver notifications.
  • Personalize your experience: tailor responses based on your preferences, schedule, and location.
  • Improve the Service: using aggregated, de-identified data to understand usage patterns and improve features. We do not use your individual content for this purpose.
  • Communicate with you: send login links, notifications, account alerts, and (with your consent) product updates.
  • Ensure security: detect and prevent fraud, abuse, and unauthorized access.
  • Comply with law: respond to legal requests and enforce our terms.

We do not sell your personal information. We do not share your data for advertising, marketing by third parties, or behavioral targeting.

3. AI Processing

Beckett uses Venice for chat and personalization AI processing. Beckett uses OpenAI for text embeddings. Beckett uses Google for user-requested image generation or media enrichment.

When you send a message, the following data may be included in the AI processing context:

  • Your current message and recent conversation history
  • Relevant notes and information from your account
  • Your schedule, tasks, and habits (for context-aware responses)
  • Your display name, timezone, and general location (for personalization)

For a complete list of AI service providers, see our Subprocessor List.

4. Third-Party Service Providers

We use third-party service providers to operate the Service. Each provider processes your data only as necessary to provide its specific function, under contractual obligations to protect your data. Our providers include:

  • AI service providers for chat and personalization AI processing, text embeddings, user-requested image generation, and media enrichment
  • Cloud infrastructure providers for application and database hosting
  • Email delivery providers for login links and notifications
  • Payment processors for subscription billing (we do not store credit card numbers)
  • Apple for iOS authentication, push notifications, and in-app purchases
  • Analytics providers for anonymized, aggregated usage data
  • Diagnostics for identifying and fixing technical issues

Diagnostics may include technical context such as app version, device model, operating system version, screen or view name, performance data, and crash or hang details. We use this information to identify and fix technical issues, not for advertising.

For the complete list of providers by name, see our Subprocessor List.

5. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Industry-standard encryption for stored credentials and authentication tokens
  • Database-level isolation ensuring each user's data is accessible only to their account
  • Hashed session tokens (original tokens are not stored)
  • Access controls limiting operator access to account metadata for debugging and support

No security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

6. Who Can See Your Data

Beckett operators may access account metadata (email address, usage statistics, subscription status) for debugging, support, and billing purposes. We do not read your notes, messages, journal entries, or other content unless you explicitly ask us to help with a support issue or unless required by law.

We may disclose your information if required to do so by law, regulation, legal process, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Beckett, our users, or the public.

7. Data Retention

We retain your data according to the following schedule:

  • Account data (notes, messages, entities, habits, tasks, events, projects, and other content) — retained for the lifetime of your account. You can delete individual items at any time.
  • Connected service credentials — retained (encrypted) until you disconnect the integration or delete your account. Disconnecting an integration stops Beckett's future access and deletes Beckett's local credentials; for integrations that support provider-side revocation or Item removal, Beckett also requests provider-side removal as part of the integration-specific disconnect flow.
  • Session data (IP address, device identifier) — retained for the duration of the session and automatically purged after session expiration or revocation.
  • Usage and billing records — retained for up to 7 years as required by applicable tax and financial regulations.
  • Analytics data — anonymized and aggregated; not linked to your account and not subject to individual deletion requests.
  • Waitlist and access request data — retained until you request deletion or your account is created, whichever comes first.

When you delete your account, all personally identifiable data is permanently removed from our active systems. This action is irreversible. Some data may persist in encrypted backups for a limited period, after which it is permanently destroyed.

8. Your Privacy Rights

All users

Regardless of where you live, you can:

  • Export your data — download everything Beckett knows about you in a machine-readable format from your account settings.
  • Delete your account — permanently remove your account and all associated data from your account settings.
  • Edit your information — correct your personal information directly in the app or by contacting us.
  • Disconnect connected services — revoke access to connected third-party services where available.
  • Opt out of non-essential emails — manage your email preferences from your account settings.

California residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

  • Right to know — request the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to delete — request deletion of your personal information, subject to certain legal exceptions.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out of sale/sharing — we do not sell your personal information or share it for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information — you may request that we limit our use of sensitive personal information (including location, health-related information, and message contents) to what is necessary to provide the Service.
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.
  • Automated decision-making — Beckett uses AI to process your messages and derive insights. You have the right to opt out of automated decision-making technology that produces legally or similarly significant effects. To exercise this right, contact us at the address below.

Categories of personal information collected: identifiers (email, name, IP address), internet activity (usage analytics), geolocation data, professional information (if shared), education information (if shared), inferences (AI-generated notes), and sensitive personal information (location, health-related information, contents of communications).

To exercise your California privacy rights, use the controls in your account settings or contact us at [email protected]. We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice). You may designate an authorized agent to make a request on your behalf.

Colorado residents (CPA)

If you are a Colorado resident, you have the right to:

  • Access — confirm whether we are processing your data and access it.
  • Correct — correct inaccuracies in your personal data.
  • Delete — delete your personal data.
  • Data portability — obtain your data in a portable, usable format.
  • Opt out of targeted advertising — we do not engage in targeted advertising.
  • Opt out of profiling — opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.
  • Sensitive data consent — we will obtain your consent before processing sensitive data, including location and health-related information.

To exercise your rights, use your account settings or email [email protected]. We will respond within 45 days. You may appeal a denied request by contacting us, and if unsatisfied, you may contact the Colorado Attorney General.

Other US state residents

If you reside in Connecticut, Virginia, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, Nebraska, Iowa, or another state with a comprehensive privacy law, you generally have rights to access, correct, delete, and port your personal data, as well as to opt out of targeted advertising, data sales (we do not sell data), and certain types of profiling.

We honor universal opt-out mechanisms, including the Global Privacy Control (GPC) signal, as required by applicable state laws.

To exercise your rights under any state privacy law, use your account settings or contact [email protected].

Washington state residents — health data

Under the Washington My Health My Data Act, information related to your wellness habits, health notes, and similar health-adjacent data constitutes “consumer health data.” We collect and process this data only with your consent. You have the right to:

  • Know what consumer health data we collect and how it is used
  • Withdraw consent for the collection of consumer health data at any time
  • Request deletion of your consumer health data

We do not sell consumer health data. We share it with AI service providers only as necessary to provide the Service, as described in Sections 3 and 4.

European Economic Area, United Kingdom, and Switzerland (GDPR/UK GDPR)

If you are located in the EEA, UK, or Switzerland, the following additional provisions apply:

  • Legal basis for processing: We process your data based on (a) your consent (for connected services, and marketing emails), (b) performance of our contract with you (for providing the Service), (c) our legitimate interests (for security, fraud prevention, and service improvement), and (d) compliance with legal obligations.
  • Special category data: Information you share may include data that constitutes special category data under Article 9 of the GDPR. We process this data only as permitted by applicable law.
  • Your rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. You also have the right to withdraw consent at any time and the right not to be subject to solely automated decision-making that produces legal or similarly significant effects.
  • Right to explanation: You may request meaningful information about the logic involved in automated processing that significantly affects you, including how AI-generated responses are informed by your data.
  • Data transfers: Your data is transferred to and processed in the United States. We rely on appropriate transfer mechanisms, including Standard Contractual Clauses and applicable adequacy frameworks, to ensure your data receives adequate protection during transfer.
  • Right to complain: You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights.

To exercise your rights, contact [email protected]. We will respond within 30 days.

9. International Data Transfers

Beckett's infrastructure is based in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. We apply the same privacy and security protections to all users regardless of location.

For transfers of personal data from the EEA, UK, or Switzerland, we use legally approved transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure adequate protection of your data in transit and at rest.

10. Children's Privacy

Beckett is not directed to children or teenagers under 18. We do not knowingly collect personal information from anyone under 18. If we become aware that a person under 18 has created an account, we will delete the account and associated data.

11. Cookies and Tracking

Beckett uses essential cookies only — specifically, authentication tokens required to keep you logged in. We do not use advertising cookies, tracking cookies, or third-party cookies.

Our analytics tools operate without cookies and do not track users across websites. They collect anonymized, aggregated data (page views, performance metrics) that cannot identify individual users.

We do not respond to “Do Not Track” browser signals because we do not engage in cross-site tracking. We do honor Global Privacy Control (GPC) signals as required by applicable state laws.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within the timeframe required by applicable law (generally within 72 hours of becoming aware of the breach, or as otherwise required by your jurisdiction). The notification will describe the nature of the breach, the categories of data involved, and the steps we are taking in response.

We will also notify applicable regulatory authorities as required by law, including state attorneys general and, where applicable, EU/EEA supervisory authorities.

13. Location Data

Beckett may request access to your device's location to provide weather-based context and location-aware features. Location data is:

  • Used to provide weather, localized time-based features, and travel detection.
  • Stored as city/country and rounded latitude/longitude for account personalization.
  • Never shared with third parties beyond what is necessary for weather lookups (which receive approximate location only, with no user identity).
  • Optional — you can deny location access and Beckett will function without it.

14. Sensitive Data

Through normal conversation, Beckett may process information that could be considered sensitive under various privacy laws, including:

  • Health and wellness information — habits, health notes, meal plans, and fitness-related content you share.
  • Financial information — budgets, spending notes, or financial goals you discuss.
  • Personal relationships — information about people, events, and personal circumstances.
  • Location — when you grant location permission.
  • Contents of communications — your messages to Beckett.

This data is processed solely to provide personalized assistance. It is never used for profiling for advertising, sold to third parties, or shared beyond what is described in this policy. Where required by applicable law, we obtain your explicit consent before processing sensitive data.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service and by email at least 30 days before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was most recently revised. Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

16. Contact

For privacy-related questions, data requests, or concerns:

We aim to respond to all privacy requests within 30 days (or the shorter period required by your jurisdiction's applicable law).