Pithy is a personal dashboard that connects to your existing services to help you stay informed. This policy explains what data Pithy collects, how it is used, and your rights regarding your information.
Information Pithy Collects
Account Information
When you create an account, Pithy collects:
Email address (for authentication and account recovery)
Password (stored as a secure hash, never in plain text)
Connected Services
When you connect third-party services (Google, Microsoft, Slack, Mastodon, Bluesky, Readwise), Pithy stores:
OAuth tokens (encrypted at rest) to access your data on those services
API keys you provide (encrypted at rest)
Pithy accesses data from these services only as needed to display information in your dashboard. This may include emails, calendar events, social media posts, and other content depending on which services you connect.
Dashboard Content
Pithy stores:
Your panel configurations (layout, settings, instructions)
Cached content from recent requests to your connected services
Chat conversations with the AI assistant
Personal preferences and memories you choose to save
Pithy does not store data from old requests to your services or any summaries beyond those currently visible in your dashboard or chat history.
Usage Data
Pithy tracks:
AI model usage
API calls to external services
Whether or not and how often you have Pithy open and are viewing your dashboard
We do this to minimise costs and the impact of unnecessary calls to AI models.
Waitlist Information
When you join the waitlist, Pithy collects:
Email address and name
Device information (browser, operating system, device type)
Screen dimensions and color scheme preference
Language and timezone settings
Referrer URL and any marketing campaign parameters
This information helps Pithy understand its audience and improve the product before launch. Waitlist data is retained until you request removal or the waitlist is closed.
How Your Information Is Used
To provide the service: Displaying your connected data in dashboard panels
To power AI features: Your queries and relevant context are sent to the AI provider (Anthropic) to generate responses
To maintain your account: Authentication, password resets, and account management
To track usage: Monitoring API costs and token consumption
Data Security
OAuth tokens and API credentials are encrypted at rest using Fernet symmetric encryption
Passwords are hashed using Argon2, a modern secure hashing algorithm
All connections use HTTPS/TLS encryption in transit
Database access is restricted and authenticated
A note on encrypted credentials: Because Pithy needs to use your stored credentials to connect to services on your behalf, the encryption keys are held server-side. This means Pithy technically has the capability to decrypt these credentials. However, Pithy does not inspect, log, or display decrypted credentials, and no administrative interface exists that would allow anyone to view them. Access to credentials would require deliberate code changes or systems access to Pithy's production environment.
Third-Party Services
Pithy integrates with external services. When you connect these services:
Pithy accesses your data according to the permissions you grant
Your data on those services remains subject to their privacy policies
Pithy uses Anthropic as its AI provider; queries and context are processed by their systems
Google API Services
Pithy's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, Pithy:
Only uses data from Google APIs to provide and improve user-facing features that you see and interact with in Pithy (such as displaying your emails, calendar events, tasks, drive files, and YouTube subscriptions in your dashboard)
Does not use Google user data for serving advertisements
Does not transfer Google user data to third parties except as necessary to provide the service (for example, sending relevant context to our AI provider when you interact with the assistant), with your consent, for security purposes, or to comply with applicable law
Does not allow humans to read your Google user data unless you give affirmative consent (for example, contacting support about a specific issue), it is necessary for security purposes (such as investigating abuse), it is required to comply with applicable law, or the data has been aggregated and anonymised
You can revoke Pithy's access to your Google account at any time by disconnecting the integration from your dashboard, or by removing access in your Google Account permissions.
AI and Connected Data
Pithy connects an AI assistant to your personal data and, in some cases, to the web. This combination is powerful but carries inherent considerations worth understanding:
The AI can read content from your connected services (emails, calendar, social feeds) to provide relevant assistance. This data is sent to the AI provider when you interact with the assistant.
The routine process of fetching and updating panels uses an AI model to summarise the data it fetches from your connected services. This model does not have access to the web or any other tools. It only has access to the data that is provided to it.
The Pithy assistant can access the same data, and is able to make use of tools to fetch content from the web, as well as to take actions on your behalf. It will always ask you to approve significant actions before taking them.
Because the AI has web access, it is possible that external content could influence AI responses, or the actions the AI takes. You should be alert to this possibility, and should take care to review any actions the AI proposes before approving them.
These capabilities are the point of Pithy: bringing your information together with AI to save you time. Being aware of how they work helps you use them confidently.
Data Retention
Your data is retained for as long as your account is active. You can disconnect integrations at any time, which removes stored credentials for that service.
You can delete your Pithy account at any time. If you delete your account, all of your information will be immediately deleted, except for your email address, which is retained in order for us to know that your account did once exist.
If you delete your account, your data may persist for some time in backup files of Pithy's production environment, but will eventually be entirely removed as we delete old backups.