Skip to content
← Back to home

Privacy Policy

Last updated: March 21, 2026

This Privacy Policy describes how Beckett AI (“Beckett,” “we,” “us,” or “our”) collects, uses, stores, and shares your personal information when you use the Beckett service (the “Service”), including our web application, mobile application, and related features.

1. Information We Collect

Information you provide

  • Account information: email address, display name, and authentication credentials.
  • Content you create: messages, notes, journal entries, tasks, events, habits, contacts, projects, recipes, media library items, and any other information you share through the Service.
  • Connected service data: when you connect third-party accounts (such as Google, Todoist, or Apple Calendar), we access and process data from those services at your direction.
  • Files and images: photos, documents, and other files you upload.
  • Communications: messages you send to our support team.

Information collected automatically

  • Device information: device type, operating system version, and app version (collected during push notification registration).
  • Location: approximate location (city-level) when you grant location permission, used for weather and time-based features. Location data is processed in real-time and not stored persistently beyond your city and country for account personalization. You can deny location access and Beckett will function without it.
  • Usage data: anonymized, aggregated page views and performance metrics collected through privacy-focused analytics tools. This data cannot identify individual users.
  • Session data: IP address and browser/device identifier associated with your login session, used for security and fraud prevention.

Information derived from your use

  • AI-extracted knowledge: Beckett processes your messages and content to extract structured notes, identify people and topics, organize information, and provide personalized responses.
  • Emotional context: If you opt in to mood tracking, Beckett periodically analyzes your messages and journal entries to understand general emotional context (described in Section 4 below).
  • Search embeddings: mathematical representations of your notes and messages, used to power semantic search within your account. These embeddings cannot be reverse-engineered into readable text.

2. How We Use Your Information

We use your information to:

  • Provide the Service: process your messages, generate AI responses, store your content, sync connected services, and deliver notifications.
  • Personalize your experience: tailor responses based on your preferences, schedule, location, and (if opted in) emotional context.
  • Improve the Service: using aggregated, de-identified data to understand usage patterns and improve features. We do not use your individual content for this purpose.
  • Communicate with you: send login links, notifications, account alerts, and (with your consent) product updates.
  • Ensure security: detect and prevent fraud, abuse, and unauthorized access.
  • Comply with law: respond to legal requests and enforce our terms.

We do not sell your personal information. We do not share your data for advertising, marketing by third parties, or behavioral targeting.

3. AI Processing

Beckett uses third-party AI service providers to process your messages and generate responses. When you send a message, the following data may be included in the AI processing context:

  • Your current message and recent conversation history
  • Relevant notes and information from your account (retrieved by semantic similarity)
  • Your schedule, tasks, and habits (for context-aware responses)
  • Your display name, timezone, and general location (for personalization)

Our AI service providers process your data via their APIs under contractual obligations that prohibit them from using your data for model training. Your conversations are not used for advertising or model training by any party.

We also use a separate AI service provider to generate mathematical search embeddings from your notes and messages. Only text fragments are sent for this purpose, and the provider does not retain them for model training.

For a complete list of AI service providers, see our Subprocessor List.

4. Emotional Context Analysis

Beckett offers an optional emotional context feature that, when enabled, periodically analyzes your messages and journal entries to understand general emotional dimensions. This feature:

  • Requires your explicit opt-in. Emotional context analysis is off by default and only activates when you enable it in your account settings.
  • Extracts general emotional signals and a brief narrative summary, stored as periodic snapshots associated with your account. These snapshots help Beckett respond with appropriate tone and sensitivity.
  • Only processes days with meaningful conversational activity. Routine operational messages are excluded.
  • Uses a third-party AI service provider for analysis, subject to the same contractual protections described in Section 3.

You can disable emotional context analysis at any time from your account settings. Disabling it stops future analysis but does not automatically delete existing snapshots. To delete existing emotional context data, you can delete your account.

Emotional context data is never shared with third parties beyond the AI processing described above, and is subject to the same security protections as all other account data.

5. Third-Party Service Providers

We use third-party service providers to operate the Service. Each provider processes your data only as necessary to provide its specific function, under contractual obligations to protect your data. Our providers include:

  • AI service providers for conversation processing and semantic search
  • Cloud infrastructure providers for application and database hosting
  • Email delivery providers for login links and notifications
  • Payment processors for subscription billing (we do not store credit card numbers)
  • Apple for iOS authentication, push notifications, and in-app purchases
  • Analytics providers for anonymized, aggregated usage data
  • Error monitoring for identifying and fixing technical issues (no personal data is transmitted)

For the complete list of providers by name, see our Subprocessor List.

6. Google Integration & Limited Use Disclosure

When you connect your Google account, Beckett requests access to the following scopes:

  • gmail.readonly — Read your emails so Beckett can summarize and triage your inbox.
  • gmail.send — Send emails on your behalf when you ask Beckett to draft and send a message.
  • calendar.readonly — Read your calendar events so Beckett can brief you on your schedule.
  • calendar.events — Create and update events when you ask Beckett to manage your calendar.
  • contacts.readonly — Read your contacts to auto-populate your knowledge graph with people you know.

How Google data is handled:

  • Google data (emails, calendar events, contacts) is accessed on-demand and processed in-memory. It is not stored in our database, except for the Google email address associated with your credential.
  • OAuth tokens are encrypted at rest using industry-standard encryption.
  • Disconnecting your Google account or deleting your Beckett account revokes your tokens at Google.
  • Google data is used solely to populate your personal knowledge graph and respond to your requests. It is not used for AI model training.
  • Google data is not sold, shared, or transferred to any third party for advertising, analytics, or any other purpose.

Beckett's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Industry-standard encryption for stored credentials and authentication tokens
  • Database-level isolation ensuring each user's data is accessible only to their account
  • Hashed session tokens (original tokens are not stored)
  • Access controls limiting operator access to account metadata for debugging and support

No security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

8. Who Can See Your Data

Beckett operators may access account metadata (email address, usage statistics, subscription status) for debugging, support, and billing purposes. We do not read your notes, messages, journal entries, or other content unless you explicitly ask us to help with a support issue or unless required by law.

We may disclose your information if required to do so by law, regulation, legal process, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Beckett, our users, or the public.

9. Data Retention

We retain your data according to the following schedule:

  • Account data (notes, messages, entities, habits, tasks, events, projects, and other content) — retained for the lifetime of your account. You can delete individual items at any time.
  • Emotional context snapshots — retained as periodic records for the lifetime of your account while the feature is enabled.
  • Connected service credentials — retained (encrypted) until you disconnect the integration or delete your account. Tokens are revoked at the provider upon removal.
  • Session data (IP address, device identifier) — retained for the duration of the session and automatically purged after session expiration or revocation.
  • Usage and billing records — retained for up to 7 years as required by applicable tax and financial regulations.
  • Analytics data — anonymized and aggregated; not linked to your account and not subject to individual deletion requests.
  • Waitlist and access request data — retained until you request deletion or your account is created, whichever comes first.

When you delete your account, all personally identifiable data is permanently removed from our active systems. This action is irreversible. Some data may persist in encrypted backups for a limited period, after which it is permanently destroyed.

10. Your Privacy Rights

All users

Regardless of where you live, you can:

  • Export your data — download everything Beckett knows about you in a machine-readable format from your account settings.
  • Delete your account — permanently remove your account and all associated data from your account settings.
  • Edit your information — correct your personal information directly in the app or by contacting us.
  • Opt out of emotional context analysis — disable mood tracking from your account settings at any time.
  • Disconnect integrations — revoke access to any connected third-party service from your account settings.
  • Opt out of non-essential emails — manage your email preferences from your account settings.

California residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

  • Right to know — request the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to delete — request deletion of your personal information, subject to certain legal exceptions.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out of sale/sharing — we do not sell your personal information or share it for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information — you may request that we limit our use of sensitive personal information (including precise geolocation, health-related inferences, and message contents) to what is necessary to provide the Service.
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.
  • Automated decision-making — Beckett uses AI to process your messages and derive insights. You have the right to opt out of automated decision-making technology that produces legally or similarly significant effects. To exercise this right, contact us at the address below.

Categories of personal information collected: identifiers (email, name, IP address), internet activity (usage analytics), geolocation data, professional information (if shared), education information (if shared), inferences (emotional context, AI-generated notes), and sensitive personal information (precise geolocation, health-related information, contents of communications).

To exercise your California privacy rights, use the controls in your account settings or contact us at [email protected]. We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice). You may designate an authorized agent to make a request on your behalf.

Colorado residents (CPA)

If you are a Colorado resident, you have the right to:

  • Access — confirm whether we are processing your data and access it.
  • Correct — correct inaccuracies in your personal data.
  • Delete — delete your personal data.
  • Data portability — obtain your data in a portable, usable format.
  • Opt out of targeted advertising — we do not engage in targeted advertising.
  • Opt out of profiling — opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.
  • Sensitive data consent — we will obtain your consent before processing sensitive data, including precise geolocation and health-related inferences.

To exercise your rights, use your account settings or email [email protected]. We will respond within 45 days. You may appeal a denied request by contacting us, and if unsatisfied, you may contact the Colorado Attorney General.

Other US state residents

If you reside in Connecticut, Virginia, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, Nebraska, Iowa, or another state with a comprehensive privacy law, you generally have rights to access, correct, delete, and port your personal data, as well as to opt out of targeted advertising, data sales (we do not sell data), and certain types of profiling.

We honor universal opt-out mechanisms, including the Global Privacy Control (GPC) signal, as required by applicable state laws.

To exercise your rights under any state privacy law, use your account settings or contact [email protected].

Washington state residents — health data

Under the Washington My Health My Data Act, information related to your mental health, emotional state, wellness habits, and similar health-adjacent data constitutes “consumer health data.” We collect and process this data only with your consent. You have the right to:

  • Know what consumer health data we collect and how it is used
  • Withdraw consent for the collection of consumer health data at any time
  • Request deletion of your consumer health data

We do not sell consumer health data. We share it with AI service providers only as necessary to provide the Service, as described in Sections 3 and 4.

European Economic Area, United Kingdom, and Switzerland (GDPR/UK GDPR)

If you are located in the EEA, UK, or Switzerland, the following additional provisions apply:

  • Legal basis for processing: We process your data based on (a) your consent (for emotional context analysis, connected services, and marketing emails), (b) performance of our contract with you (for providing the Service), (c) our legitimate interests (for security, fraud prevention, and service improvement), and (d) compliance with legal obligations.
  • Special category data: Emotional context analysis processes data that may constitute special category data (health data) under Article 9 of the GDPR. We process this data only with your explicit, specific consent, which you may withdraw at any time.
  • Your rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. You also have the right to withdraw consent at any time and the right not to be subject to solely automated decision-making that produces legal or similarly significant effects.
  • Right to explanation: You may request meaningful information about the logic involved in automated processing that significantly affects you, including how emotional context analysis works and how AI-generated responses are informed by your data.
  • Data transfers: Your data is transferred to and processed in the United States. We rely on appropriate transfer mechanisms, including Standard Contractual Clauses and applicable adequacy frameworks, to ensure your data receives adequate protection during transfer.
  • Right to complain: You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights.

To exercise your rights, contact [email protected]. We will respond within 30 days.

11. International Data Transfers

Beckett's infrastructure is based in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. We apply the same privacy and security protections to all users regardless of location.

For transfers of personal data from the EEA, UK, or Switzerland, we use legally approved transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure adequate protection of your data in transit and at rest.

12. Children's Privacy

Beckett is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will promptly delete their account and all associated data. If you believe a child under 13 is using Beckett, please contact us at [email protected].

Users between 13 and 18 may use Beckett only with the consent of a parent or legal guardian, as described in our Terms of Service. We take additional care to limit data collection and processing for users we know to be minors, consistent with applicable child privacy laws.

13. Cookies and Tracking

Beckett uses essential cookies only — specifically, authentication tokens required to keep you logged in. We do not use advertising cookies, tracking cookies, or third-party cookies.

Our analytics tools operate without cookies and do not track users across websites. They collect anonymized, aggregated data (page views, performance metrics) that cannot identify individual users.

We do not respond to “Do Not Track” browser signals because we do not engage in cross-site tracking. We do honor Global Privacy Control (GPC) signals as required by applicable state laws.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within the timeframe required by applicable law (generally within 72 hours of becoming aware of the breach, or as otherwise required by your jurisdiction). The notification will describe the nature of the breach, the categories of data involved, and the steps we are taking in response.

We will also notify applicable regulatory authorities as required by law, including state attorneys general and, where applicable, EU/EEA supervisory authorities.

15. Location Data

Beckett may request access to your device's location to provide weather-based context and location-aware features. Location data is:

  • Used to provide weather, localized time-based features, and travel detection.
  • Stored at city level for account personalization. Precise coordinates are not retained beyond the initial processing.
  • Never shared with third parties beyond what is necessary for weather lookups (which receive approximate location only, with no user identity).
  • Optional — you can deny location access and Beckett will function without it.

16. Sensitive Data

Through normal conversation, Beckett may process information that could be considered sensitive under various privacy laws, including:

  • Health and wellness information — habits, health notes, meal plans, and fitness-related content you share.
  • Emotional and mood data — derived from your messages and journal entries when you opt in to emotional context analysis.
  • Financial information — budgets, spending notes, or financial goals you discuss.
  • Personal relationships — information about people, events, and personal circumstances.
  • Precise geolocation — when you grant location permission.
  • Contents of communications — your messages to Beckett.

This data is processed solely to provide personalized assistance. It is never used for profiling for advertising, sold to third parties, or shared beyond what is described in this policy. Where required by applicable law, we obtain your explicit consent before processing sensitive data.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service and by email at least 30 days before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was most recently revised. Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

18. Contact

For privacy-related questions, data requests, or concerns:

We aim to respond to all privacy requests within 30 days (or the shorter period required by your jurisdiction's applicable law).