Privacy Policy

Last updated: June 4, 2026

Hearth is operated by Verge Labs. This policy explains what data we collect, why we collect it, and your rights over it.

1. Data We Collect

We only collect what's necessary to run the Service:

• Email address. Used to verify your identity via one-time passcode (OTP), to send household invitations, and occasionally to contact you about your account. If you invite someone to your household, their email is stored until the invitation is accepted, revoked, or expires.
• Account identifiers. A randomly generated UUID identifies your user account. Separate UUIDs identify your household, the computers you enroll, the agents you create, and the devices you sign in from. These are not linked to your Apple ID, Google account, or any advertising identifier.
• Display name (optional). If you set a name in your profile, it's stored so household members can identify each other.
• Device identifier and secret. A UUID and cryptographic secret generated on first sign-in are stored in your device's secure storage (iCloud Keychain on iOS, Android Keystore on Android). They authenticate your app to the relay server. Only a hashed version of the secret is ever stored on the server.
• Push notification token. A token from Apple (APNs) or Google (FCM) used solely to deliver notifications to your device. It doesn't identify you personally.
• Household and agent configuration. Names and settings you create for your household, enrolled computers, agent configurations, and working directories are stored on the server. This includes folder paths you designate for agents to work in.
• Permission request data. When an agent asks to take an action, the details of that request (what tool, what input) are relayed through our server to your device. Your response (Allow / Deny / Always Allow) and the timestamp are logged for operational and audit purposes.
• Auto-approve rules. Rules that allow certain actions to proceed automatically — created by tapping "Always Allow," through direct rule management, or via plugin installation — are stored on the server and scoped to the specific agent they apply to. You can view and delete them at any time.
• Subscription data. If you subscribe to Hearth Pro, the transaction ID, product ID, and status from Apple or Google are stored to verify your entitlement. We never receive your payment details.
• Agent activity data. While an agent is running, its step-by-step activity (tool calls, file edits, command output) streams through our server in real time to your device. This data is only held in memory during transit — it is never written to disk or stored on our servers.
• Chat messages. Hearth includes chat rooms where household members (and agents) can exchange messages. The content of those messages, along with the sender name, room, and timestamp, is stored on our servers for as long as your account is active. Messages you delete are soft-deleted (marked as removed) and are purged from active views, but may remain in the database for a short period before permanent removal. Agent-to-chat messages (where an agent posts into a chat room) are stored the same way as human messages.
• OTP request IP address. Logged briefly for rate-limiting abuse on the login endpoint. Not used for tracking or analytics.
• Hearth CLI. The CLI runs entirely on your computer. It stores credentials locally in ~/.hearth/credentials and communicates with the relay server on your behalf. It does not send any additional data to our servers beyond what the app does.
• Google OAuth credentials (optional). If you connect a Google account to use Google Calendar, Drive, or Contacts integrations, we store an OAuth refresh token on the server. It's encrypted to your specific computer's public key (X25519 + ChaCha20-Poly1305), so only the Hearth daemon on that computer can decrypt it. Short-lived access tokens are derived on demand and used only for the specific API call in progress. We also store your Google account email as a label so you know which account is connected.

2. What We Don't Collect

• We don't collect your Apple ID, Google account credentials, or advertising identifiers.
• We don't collect usage analytics, telemetry, or behavioral tracking beyond what's described above.
• We don't use cookies or tracking scripts in the app. The website uses Google Analytics for aggregate traffic statistics; the app does not.
• We don't access files, source code, or any other data on your computer beyond what appears in the permission requests your agents generate.
• Agent activity stream data (tool calls, command output, file edits) is not stored on our servers — only chat room messages are persisted.
• Google user data (calendar events, Drive files, contacts) is passed directly to the agent on your computer. It is not stored on our servers after the API call completes.
• We never use Google user data to train models, serve ads, or for any purpose beyond completing the specific action the agent requested.

3. How We Use Your Data

All data is used solely to operate the Service:

• Authenticating you and keeping your sign-in active across devices.
• Routing permission requests from your agents to your phone and to other approved household members.
• Sending push notifications when agents need a decision.
• Evaluating always-allow rules to automatically approve matching requests.
• Sending and tracking household invitations.
• Verifying your Pro subscription status.
• Making Google API calls on behalf of your agents when you've connected a Google account.

We do not sell your data. We share it only with: (a) Apple APNs and Google FCM for push notification delivery; (b) Apple and Google for subscription verification; (c) our email provider for OTP and invitation delivery; and (d) Google APIs when completing agent actions you've authorized.

Our use of Google API Services adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Storage and Security

• Your device credentials are stored in your platform's secure storage (iCloud Keychain or Android Keystore), encrypted by Apple or Google respectively.
• Account data, household configuration, always-allow rules, push tokens, and subscription records are stored in a database on servers we operate.
• OTPs are stored as SHA-256 hashes and expire quickly after issue.
• All communication uses TLS (HTTPS/WSS).
• Permission request logs are rotated and may be archived to cold storage indefinitely for audit purposes.
• Google OAuth refresh tokens are encrypted at rest (X25519 + ChaCha20-Poly1305, keyed to your computer's public key) and can only be decrypted by the Hearth daemon on that computer.

5. Data Retention

Account records, household data, always-allow rules, and subscription records are kept while your account is active. Permission request logs may be retained indefinitely in pseudonymous form for audit purposes. To delete your account and all associated data, contact us at support@vergelabs.org. We'll remove your user record, household memberships, device registrations, and rules. Archived log entries may remain in pseudonymous form (UUID only).

6. Children's Privacy

Hearth is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have, please contact us and we will delete it promptly.

7. Your Rights

Depending on where you live, you may have the right to access, correct, or delete your personal data, or to object to how we process it. To exercise any of these rights, email support@vergelabs.org. We'll respond in accordance with applicable law.

8. Changes to This Policy

We may update this policy. Changes will be posted here with an updated date. For material changes we'll make reasonable efforts to notify you. Continued use of the Service after changes take effect constitutes acceptance.

9. Contact

Questions about your data or this policy? Email support@vergelabs.org.

10. Google API Services

This section describes how we handle data from Google Calendar, Google Drive, and Google Contacts (People API) if you connect a Google account.

What we access

• Google Calendar (calendar.events): Event titles, times, attendees, descriptions, and locations in calendars you've shared access to.
• Google Drive (drive.file): Files created by Hearth or explicitly opened through Hearth, including names, metadata, and content.
• Google People / Contacts (contacts.readonly): Contact names, email addresses, phone numbers, and job information from your Google Contacts or Workspace directory.

How we use it

Google data is accessed only to complete the specific action your agent is attempting at that moment — for example, checking your calendar before scheduling a meeting, or finding a contact's email address. The data goes directly to the agent running on your computer and is never stored on our servers after the API call finishes.

What we never do with Google data

• Store Google Calendar, Drive, or People data on our servers.
• Use it to train machine learning models.
• Use it for advertising or share it with ad networks.
• Share it with anyone except as needed to complete the API call itself.
• Use it for any purpose other than what you asked the agent to do.

Revoking access

You can disconnect any Google integration at any time from the app. This deletes the stored refresh token from our server immediately. You can also revoke access directly in your Google account security settings at myaccount.google.com/permissions.

Our practices comply with the Google API Services User Data Policy, including the Limited Use requirements.