Haven shows you where your sensitive data lives, which services you've forgotten, who can see it, and what's worth fixing — across every cloud account and device you use. Everything runs on your computer. We never see your files.
A 15-year-old Gmail has 150,000 messages. A decade of Drive has tens of thousands of files. No human will audit that — and yet the sensitive data is all there: tax returns, medical records, plaintext passwords, API keys, driver's license scans. The industry has a name for this in the enterprise. Consumers have nothing.
How many documents contain your SSN, your driver's license, your bank account numbers, your medical records — actually?
Spread across Gmail, Outlook, Drive, OneDrive, iCloud, Dropbox, local folders, screenshot archives, and forgotten backups.
Former coworkers. Ex-partners. Defunct vendor accounts. Public links from 2017 and old SSO grants that still work today.
Remediation requires navigating cloud platforms, account deletion pages, and password resets. Haven turns it into one list.
Every old tax return, every public link, every account that still has your data is one more thing a breach can reach. Security people call this your attack surface. Haven calls it the stuff you forgot you were still carrying — and helps you put most of it down.
A breach doesn't care how old the file is. The tax return you shared in 2017, the password you emailed yourself, the folder a former coworker can still open — each one is live, reachable, and waiting. The fix isn't more locks. It's having less to lock.
Haven maps every exposed item across your email, drives, and devices — the things you'd never find by hand.
Revoke a stale share, delete a forgotten attachment, cut off old access — each in one reversible click.
What's left is small, known, and yours. If the worst happens, there's simply less of you out there to find.
A smaller surface is the only security gain you keep even after you stop paying attention.
Grant Haven read access to Gmail, Outlook, Proton Mail, Google Drive, OneDrive, or iMessage — or point it at the local files on your device. OAuth tokens stay in your system keychain. We never see them.
Detection runs on your computer. For the small number of ambiguous cases that need a second opinion, Haven sends a small, anonymized excerpt for a verdict — more on exactly where that goes below.
Review findings ranked by severity, then remediate them in a click — archive an email, revoke a share, save a password to your manager. Every remediation is reversible for 30 days, so your posture score climbs as you resolve things and you never have to be afraid to click.
Haven uses purpose-built detection engines designed specifically for finding personal data — not a general-purpose AI sitting in the cloud reading your files.
Your dashboard opens with a single posture score and the handful of things worth fixing today. Filter by source, select in bulk, act with one click — and know that every action has a 30-day undo.
Every action you take on a finding is a remediation. Haven logs each one with a timestamp, the connector, and whether it succeeded — and for 30 days, any remediation is one click from being reversed. That safety net is the whole point: you clean up fast because nothing you do is permanent.
Type a question the way you'd say it — "where are my tax documents?", "what's exposed externally?" — and Haven answers from the index it built on your machine. It's search over your findings, not a chatbot: the question is parsed on your device, with no message bodies read and nothing sent to a server.
Connect a source and Haven scans it on your computer, identifies the sensitive items and exposures hiding inside — old tax returns, plaintext passwords, public shares, account-takeover forwarding rules — and lets you remediate each finding with one reversible click.
Two optional detectors look for the content that's most damaging if a device is lost, stolen, or used for extortion. Both are off by default, and content involving minors is never flagged.
Coming soon: iCloud Mail
We designed Haven assuming our own cloud could be breached. Even in the worst case, an attacker would find account metadata and anonymous counts — never your files, never your findings, never readable content.
Scanned on your computer, never uploaded.
The list of sensitive items, stored locally and encrypted.
Derived from your OS keychain. Never leaves the device.
So you can sign in across devices.
Handled by our payments provider.
Aggregate detection counts and fingerprints — never content, never your findings.
The same decade of forgotten files and exposed credentials looks different depending on what you stand to lose.
You hold other people's sensitive data — client SSNs, privileged strategy, financial records. Haven finds where it's exposed across your email and drives, on your own machine, so confidentiality doesn't quietly fail.
Personal security for lawyersAPI keys in a notes file. Tokens pasted into old emails. A secret shared in Slack two years ago. Haven scans your machine and accounts for the credentials you've left exposed — and helps you rotate or vault them.
What Haven catchesBefore you merge accounts, share a drive, or pass on an old laptop — see everything sensitive a decade of digital life left behind. Old passwords, forgotten documents, things you'd rather not carry forward.
How a scan worksPreparing for a public role means your old digital life becomes someone else's research project. Haven runs that audit first — privately, on your own machine — so you can close the gaps before anyone goes looking.
Talk to usMost new Haven users find dozens of exposed sensitive items in their first scan — old tax returns shared with strangers, plaintext passwords pasted into emails, ID scans sitting in screenshot folders. One critical fix typically pays for a year of Haven.
Prices below are our working hypothesis for launch. First 1,000 paying users will be grandfathered regardless of final pricing.