← Back to Eddie

Privacy Policy

Last updated: 2026-05-07

A note from Eddie

Right. Privacy policy. The legally binding bit, where I tell you exactly what data Eddie collects, where it lives, and what I do and don't do with it.

I'll keep it straight. My whole job is filtering your inbox, your captures, and your money — that only works if you trust me with them. So here's the deal in plain English, then the formal stuff below.

  • Your data lives in Sydney, on Fly.io, in a Postgres database I run.
  • Anthropic (Claude) is the only AI provider I send your text to.
  • I never store the full body of your emails — metadata and a 200-character snippet, that's it.
  • Voice notes get transcribed by OpenAI Whisper (interim — I'm moving this in-house). The audio is discarded after transcription.
  • Financial transaction descriptions are encrypted at rest. Account numbers and balances never leave Fly.
  • Hit the HAL 9000 button in Settings and everything goes — synchronously, no soft-delete, OAuth revoked at Google. No coming back.

— Eddie

1. Who runs Eddie

Eddie is operated by Tim Griffiths trading as SpinStart, based in Sydney, Australia. Contact: tim@spinstart.com.

This policy describes how Eddie ("we", "us", "the service") collects, uses, stores, and discloses personal information when you use the Eddie web application at app.hieddie.app and the Eddie Telegram bot.

We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

2. What data we collect

2.1 Account data

When you sign up:

  • Email address
  • Display name (if provided)
  • Password — stored as a bcrypt hash; we never see or store the plaintext
  • TOTP (two-factor) secret — encrypted at rest with AES-256-GCM
  • TOTP backup codes — stored as bcrypt hashes; consumed once and never re-shown
  • Profile preferences — timezone, briefing time, theme, Telegram chat ID

2.2 Email data (Gmail integration)

When you connect a Gmail account, we receive an OAuth token (encrypted at rest with AES-256-GCM) and use it to read message metadata and snippets. Specifically, we store:

  • Message IDs, thread IDs, sender, recipients, subject, date
  • A 200-character snippet (Gmail's snippet field)
  • Triage classification result and reasoning

We do not store the full body of any email. When you view or reply to an email, we fetch the body live from Gmail and discard it after the request.

2.3 Voice notes

When you send a voice note via Telegram or the dashboard:

  • The audio is sent to OpenAI Whisper for transcription (see Section 4).
  • The resulting transcript is stored in your Captures.
  • The original audio file is not retained after transcription.

2.4 Financial data (optional)

If you upload a CSV of bank or credit-card transactions:

  • Transaction amount and date are stored as plaintext (required for aggregation in your daily briefing).
  • Transaction description and merchant name are encrypted at rest with AES-256-GCM.
  • The original CSV file is processed in memory and never written to disk.
  • The raw CSV row is not retained by default. If you opt in via Settings → Privacy, raw rows are encrypted and retained for the period you choose (30 / 90 / 365 days, or indefinitely).

We never send account numbers, balances, or BSB/sort-code numbers to any external AI provider. Transaction descriptions may be sent to Anthropic (Claude Haiku) only to categorise unknown vendors that aren't matched by your saved category rules.

2.5 Captures, ideas, follow-ups

Whatever you capture (text, voice transcripts, ideas, commitments, follow-ups) is stored in your account.

2.6 Activity log

We log certain account events (login, password change, MFA reset, admin actions, finance purges) for security and audit purposes. You can view your own log at Settings → Activity.

2.7 Billing data

If you subscribe, Stripe stores your payment details. We store only your Stripe customer ID and subscription status. We never see or store your card number.

2.8 Cookies and sessions

  • eddie-session — HS256-signed JWT, httpOnly, Secure, 24-hour rotation.
  • eddie-mfa-challenge — 5-minute httpOnly cookie issued during MFA login.
  • next-auth.* — used by Auth.js for Google social login.

We do not use any third-party analytics, advertising, or tracking cookies.

3. How we use your data

We use your data only to:

  • Provide the Eddie service (email triage, daily briefings, captures, finance categorisation, content drafts).
  • Authenticate you and protect your account (MFA, audit logs, suspension).
  • Bill you (via Stripe) if you subscribe.
  • Communicate transactional emails (email verification, welcome, password reset — sent via Resend). MFA backup codes are shown once on screen and are deliberately never emailed.
  • Send you your daily briefing via Telegram.

We do not:

  • Sell your data.
  • Share your data with advertisers.
  • Use your data to train AI models (see Section 4).
  • Allow humans on our team to read your emails, captures, or finance data, except where you explicitly request support that requires it, or where required by law.

4. Third-party services and data flows

Eddie relies on the following third-party services. Each is named here because data passes through it.

Service Purpose Data sent Location
Anthropic (Claude API) Email triage, briefing generation, draft replies, finance categorisation of unknown vendors Email metadata + snippets, capture text, transaction descriptions (no account numbers) United States
OpenAI (Whisper, TTS) Voice transcription, briefing audio (interim — being replaced with self-hosted models) Audio files (Whisper); briefing text (TTS) United States
Google (Gmail API, OAuth) Reading and sending email on your behalf OAuth tokens; per-request email fetches Global
Telegram (Bot API) Briefing and nudge delivery, voice capture Briefing text, voice files Global
Stripe Billing Payment details (you provide directly to Stripe) Global
Resend Transactional email Recipient email, message body United States / EU
Fly.io Hosting (app + database) All data at rest Sydney, Australia

4.1 Anthropic data handling

We send your data to Anthropic under their commercial API terms. Per those terms, Anthropic does not train its models on data submitted through the API. Prompt caching is enabled for cost efficiency; cached content has a 5-minute TTL.

4.2 OpenAI data handling (interim)

OpenAI is currently used for voice transcription (Whisper) and text-to-speech briefings. Per OpenAI's API data policy, API data is not used to train OpenAI models. We are working to replace OpenAI with self-hosted models (whisper.cpp and Kokoro-82M) running inside Fly.io Sydney; once that ships, audio will never leave Fly.

5. Google API Services User Data Policy ("Limited Use")

Eddie's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve the Eddie features the user has signed up for (email triage, drafting, sending, calendar reading).
  • We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features (e.g. sending email metadata to Anthropic for triage), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to the user.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data, except: with the user's affirmative consent for specific messages, where necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or where the data has been aggregated and anonymised for internal operations.

6. Data retention

  • Active account: data is retained for as long as your account is active.
  • Email metadata and snippets: retained while your Gmail connection is active. Disconnecting a Gmail account does not delete past metadata; use the HAL 9000 button or contact support for that.
  • Voice audio: discarded immediately after transcription.
  • Raw CSV rows: off by default. If opted in, retained for the period you choose (30 / 90 / 365 days, or indefinitely) and encrypted at rest. You can purge them at any time from Settings → Privacy.
  • Activity log: retained while your account is active.
  • Account deletion: when you press HAL 9000 (Settings → Account → Delete account), all your data is synchronously and permanently deleted from our database. OAuth tokens are revoked at Google. There is no soft-delete, no archive, no recovery.

7. Security

  • All data is hosted on Fly.io Sydney (Postgres + app machines).
  • OAuth tokens, TOTP secrets, and sensitive finance fields are encrypted at rest with AES-256-GCM.
  • Passwords and backup codes are stored as bcrypt hashes.
  • Sessions use HS256-signed JWTs with 24-hour rotation.
  • Two-factor authentication (TOTP) is available and strongly encouraged.
  • Database queries are scoped per user via row-level security (RLS).
  • Every API endpoint enforces rate limiting and input validation.

No system is invulnerable. If we become aware of a security incident that affects your data, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

8. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access your data — visible in the dashboard at app.hieddie.app.
  • Correct your data — editable in Settings.
  • Delete your data — use the HAL 9000 button (Settings → Account → Delete account), or email tim@spinstart.com for assistance.
  • Withdraw consent — disconnect any integration at any time, or delete your account.
  • Complain — to us first at tim@spinstart.com, and if unresolved, to the OAIC at oaic.gov.au.

9. Children

Eddie is not directed at children. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, contact tim@spinstart.com and we'll delete the account.

10. International users

If you use Eddie from outside Australia, your data will be transferred to and stored on servers in Sydney, Australia. By using Eddie, you consent to this transfer.

11. Changes to this policy

We'll post any material changes to this page and update the "Last updated" date at the top. For significant changes (new third-party processors, expanded data collection), we'll also email you.

12. Contact

Questions, complaints, deletion requests: tim@spinstart.com

Tim Griffiths / SpinStart Sydney, Australia