Privacy Policy

Last Updated: March 31, 2026

Pithy ("we", "our", "us") operates the Pithy service, including the website at pithy.co, the web application, and companion mobile applications for iOS and Android (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information.

Information We Collect

Account Information

When you create a Pithy account, we collect:

• Email address
• Display name
• Account credentials
• Authentication tokens
• Timezone preferences
• Device information (for mobile apps)

Health and Fitness Data

With your explicit permission, our mobile companion apps may collect health and fitness data from:

• Apple Health (iOS): Steps, heart rate, sleep data, workouts, nutrition, body measurements, and other health metrics you choose to sync
• Android Health Connect (Android): Steps, heart rate, sleep data, workouts, nutrition, body measurements, and other health metrics you choose to sync
• Fitbit: Activity data, sleep patterns, heart rate, and other metrics from your Fitbit account (when you connect your Fitbit account)

Important: Health data collection is entirely optional. You control exactly which health data types are synced through your device's health permissions settings. We only collect health data that you explicitly authorize.

Health Data Use Restrictions:

• We will never use health data for advertising or marketing purposes
• We will never sell your health data to third parties
• We will never share your health data with third parties for advertising or marketing
• Health data is used exclusively to provide you with personal insights, tracking, and knowledge management within your private Pithy instance
• Health data is stored securely and encrypted at rest

Calendar Data

With your explicit permission, we may access and sync your calendar data to help you track events and activities. This includes:

• Event titles, descriptions, and times
• Location information from calendar events
• Attendee information
• Recurring event patterns

Calendar data is used solely to provide you with a comprehensive view of your schedule and activities within Pithy. We do not share calendar data with third parties or use it for advertising.

Location Data

Our mobile apps may collect location data when you grant location permissions:

• Foreground location: When actively using location features
• Background location: For passive location history tracking (only if you enable this feature)
• Location data is stored as knowledge items in your personal Pithy instance
• Location tracking can be disabled at any time in your device settings

Media and Activity Data (Android Only)

On Android, with your explicit permission via the Notification Listener permission, our app may capture:

• Media notifications (music, podcasts, audiobooks) from apps like Spotify, YouTube Music, Apple Music, etc.
• This data is used to track what you're listening to and create a personal media history
• We do not access message content, personal notifications, or sensitive information from notifications
• This permission can be revoked at any time in Android settings

Usage Statistics (Android Only)

On Android, with your explicit permission via the Usage Stats permission, our app may collect:

• App usage time and frequency
• Screen time statistics
• This data is used to provide insights into your digital habits
• This permission can be revoked at any time in Android settings

Voice Recordings

When you use voice capture features:

• Audio is uploaded to our servers for transcription
• Transcriptions are stored as knowledge items
• Original audio may be retained or deleted based on your settings
• Voice data is encrypted in transit and at rest

Photos and Images

When you capture or upload photos:

• Images are stored in your Pithy instance
• Optional AI-powered captioning may be applied
• Images are encrypted in transit and at rest

Knowledge Items

The core of Pithy is storing your personal knowledge, which may include:

• Notes and text entries you create
• Imported data from third-party services (Spotify, calendar, social media, etc.)
• Automatically captured data from mobile apps
• Documents and files you upload
• Entities, tags, and relationships you create
• Search queries and interactions

Technical Data

We automatically collect certain technical information:

• IP address
• Browser type and version
• Device type and operating system
• Usage patterns and feature interactions
• Error logs and diagnostic information
• API usage statistics

How We Use Your Information

We use your information to:

• Provide and maintain the Pithy service
• Process and store your personal knowledge and life data
• Enable AI-powered search, insights, and recommendations
• Sync data across your devices
• Process voice recordings into text transcriptions
• Generate daily briefings and summaries
• Improve and optimize the service
• Respond to your support requests
• Send important service notifications
• Detect and prevent abuse or security issues

We do NOT:

• Sell your personal data to anyone
• Use your health data for advertising or marketing
• Share your data with third parties for their marketing purposes
• Train general AI models on your private data
• Access your data without your knowledge or consent

Data Storage and Security

Encryption

• All data is encrypted in transit using TLS 1.3
• Sensitive data is encrypted at rest using industry-standard encryption (AES-256)
• Database backups are encrypted

Data Location

• Your data is stored on secure servers in Germany (European Union)
• Database infrastructure is hosted in AWS eu-central-1 (Frankfurt, Germany)
• Data is replicated for reliability and disaster recovery within the EU

Access Controls

• Your data is private by default and only accessible to you
• Access is controlled through secure authentication (OAuth 2.0, session tokens, API keys)
• Multi-factor authentication is available to enhance account security
• API keys can be scoped with specific permissions

Vaults (Multi-User Collaboration)

Pithy supports "vaults" for selective sharing of knowledge with other users:

• You control which vault each knowledge item belongs to
• Only vault members can access items in that vault
• Vault permissions are enforced at the database level
• You can leave or be removed from a vault at any time

Data Retention and Deletion

Your Control

You have complete control over your data:

• Delete individual knowledge items at any time
• Disconnect third-party integrations to stop data collection
• Revoke mobile app permissions to stop specific data types from being collected
• Delete your entire account and all associated data

Account Deletion

When you delete your account:

• All your knowledge items, entities, tags, and relationships are permanently deleted
• All health data, calendar data, location data, and media data are permanently deleted
• Voice recordings and transcriptions are permanently deleted
• Vault memberships are removed
• This process is irreversible

Data Retention

• Active account data is retained indefinitely while your account is active
• Deleted items may be retained in backups for up to 30 days before permanent deletion
• Technical logs and analytics may be retained for up to 12 months for security and debugging purposes

Third-Party Integrations

Pithy integrates with third-party services when you explicitly connect them:

OAuth-Based Integrations

When you connect a third-party service (e.g., Spotify, Google Calendar, Fitbit):

• We store OAuth access tokens to sync data on your behalf
• We only request the minimum permissions necessary
• You can disconnect any integration at any time
• Disconnecting an integration revokes our access to that service

Data From Third Parties

When you import data from third-party services:

• We collect only the data you authorize
• This data becomes part of your personal knowledge base
• We do not share this data with other third parties
• The privacy policies of those third-party services also apply to data they provide

AI and Machine Learning

How We Use AI

Pithy uses AI and machine learning to:

• Generate embeddings for semantic search
• Extract entities and relationships from your content
• Generate summaries and insights
• Power the AI chat interface
• Provide personalized recommendations

Your Data and AI Training

• Your personal data is NOT used to train general-purpose AI models
• Embeddings and vector representations are generated for your use only
• AI interactions are processed in real-time and not used for model training
• We may use anonymized, aggregated usage patterns to improve the service (not your private content)

Third-Party AI Services

We use third-party AI services (e.g., OpenAI, Anthropic) to process certain features:

• Data is sent to these services only when necessary for processing
• We use enterprise agreements with data processing terms
• Your data is not used by these providers to train their models (per our agreements)
• Voice transcription may use third-party speech-to-text services

Children's Privacy

Pithy is not intended for users under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it immediately.

Your Privacy Rights

Depending on your location, you may have certain privacy rights under applicable laws:

General Rights (All Users)

• Access: View and download your data at any time
• Correction: Update or correct your information
• Deletion: Delete your account and all associated data
• Portability: Export your data in standard formats (JSON, CSV)
• Opt-out: Disconnect integrations and revoke data collection permissions

GDPR Rights (EEA Users)

If you're in the European Economic Area, you also have:

• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with a supervisory authority
• Right to withdraw consent at any time

CCPA Rights (California Users)

If you're a California resident, you have:

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information (note: we do not sell personal information)
• Right to access your personal information
• Right to equal service and price (we will not discriminate for exercising your rights)

To exercise any of these rights, contact us at [email protected].

Health Data Specific Rights

For health data collected through Apple Health or Android Health Connect:

• You can revoke health data permissions at any time through your device settings
• You can request deletion of all health data from Pithy
• You can view exactly what health data types are being synced
• Health data is always opt-in; we never enable it by default

Mobile App Permissions

iOS Permissions

Our iOS app may request:

• HealthKit: To sync health and fitness data
• Location: To track location history
• Camera: To capture photos
• Microphone: To record voice notes
• Notifications: To send alerts and reminders
• Calendar: To sync calendar events

Android Permissions

Our Android app may request:

• Health Connect: To sync health and fitness data
• Location: To track location history
• Camera: To capture photos
• Microphone: To record voice notes
• Notifications: To send alerts and reminders
• Notification Listener: To capture media notifications (optional, for media tracking)
• Usage Stats: To track app usage time (optional, for digital wellness insights)
• Calendar: To sync calendar events

All permissions are requested only when needed and can be revoked at any time through your device settings.

Cookies and Tracking

Session Cookies

We use session cookies to:

• Keep you logged in
• Remember your preferences
• Provide a seamless experience

Analytics

We may use analytics tools to understand how the service is used:

• Usage patterns and feature adoption
• Performance metrics and error rates
• Aggregated, anonymized statistics

We do not use third-party advertising cookies or tracking pixels.

International Data Transfers

If you access Pithy from outside the region where our servers are located, your data may be transferred internationally. We ensure adequate protection through:

• Standard contractual clauses
• Encryption in transit and at rest
• Compliance with applicable data protection laws

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date
• For material changes, we will notify you via email or in-app notification
• Continued use of the Service after changes constitutes acceptance of the updated policy

Data Breach Notification

In the unlikely event of a data breach that affects your personal information:

• We will notify you within 72 hours of discovering the breach
• We will explain what data was affected and what steps we're taking
• We will provide guidance on protecting yourself

Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights:

• Email: [email protected]
• Address: Unit 3 68 Sir John Young Crescent, Woolloomooloo NSW 2011, Australia

For security issues, contact: [email protected]

App Store Compliance

Apple App Store

This app and privacy policy comply with Apple's App Store Review Guidelines, including:

• HealthKit data usage restrictions
• Privacy and data handling requirements
• Transparency in data collection

Google Play Store

This app and privacy policy comply with Google Play's policies, including:

• Health Connect data usage requirements
• Sensitive permissions handling
• User data security requirements

Legal Basis for Processing (GDPR)

For users in the EEA, our legal bases for processing your information are:

• Consent: When you explicitly consent to data collection (e.g., health data, location)
• Contract: To provide the service you've signed up for
• Legitimate Interest: To improve the service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws

Data Controller

Pithy is the data controller for your personal information. We determine how and why your personal data is processed.

By using Pithy, you acknowledge that you have read and understood this Privacy Policy.