Privacy policy.

Haven is a desktop application that scans content you already have — email from Gmail and Outlook, files from Google Drive and OneDrive, and local .mbox export files — and shows you what it found. The application runs on your computer; the bulk of scanning happens on your computer; the results are stored on your computer.

The company — Haven Protect, LLC — receives a small, aggregate daily payload describing how the application is being used in counts, plus signed-channel fetches when the application checks for updates, plus crash reports if you opt in, plus — for the Tier 3 second-opinion tiebreaker (section 05) — bounded ≤2 KB excerpts of the small fraction of messages our on-device Tier 2 classifier cannot decide confidently, in one round-trip per message, discarded after the verdict is returned. With the exception of the Tier 3 carve-out, none of these payloads carry message content, message identifiers, file paths, or finding details. This is by architecture, not by promise: the bundled outbound network broker rejects any traffic that is not on a fixed, source-visible allowlist, and you can inspect every outbound request the application has made on the Network Activity settings tab.

If you stop using Haven, your local data stays where it is — on your computer — until you delete it. The company has never had your message content, your findings, or your OAuth tokens.

"Haven," "we," "our," and "us" refer to Haven Protect, LLC, a Wyoming limited liability company. "Haven" also refers to our desktop application of the same name and the website at havenprotect.app.

You can reach us at privacy@havenprotect.app for any privacy question, request, or complaint, and at legal@havenprotect.app for security disclosures, terms-of-service questions, and other legal notices.

Our registered agent and mailing address for legal notices is on file with the Wyoming Secretary of State and available on request.

Three architectural facts are load-bearing for the rest of this policy:

The application is bundled. The user interface and the scanning engine ship as a single signed installer. They do not download executable content from a Haven server after install. Application updates are delivered through a separately signed update channel that you can inspect in the Network Activity log.

Outbound network access is deny-by-default. The Haven application contacts only a small, fixed set of network destinations: a signed-update server, a signed-rules-pack server, a signed-model server, the daily-aggregate telemetry endpoint, the optional crash-report endpoint, the Tier 3 cloud-inference endpoint (section 05), and (after you authorize Gmail) Google's OAuth and Gmail API endpoints. Every other outbound request is blocked at the application boundary by the bundled egress broker. You can see every outbound request the application has made on the Network Activity settings tab, exportable as a signed JSON file for independent review.

The local store is encrypted. Haven keeps findings, scan history, and your Gmail OAuth tokens in a SQLCipher database whose key lives in your operating system's credential store (Windows Credential Manager today; macOS Keychain when the macOS build ships). The database file is unreadable without that key.

These facts explain why the rest of this policy looks unusual. Most software privacy policies describe what a company does with data it has collected on its servers. Haven's architecture means the company has structurally never had most of the data the policy would otherwise speak to.

The following data is processed only on your computer and is never transmitted to Haven Protect, LLC or to any other party:

• The full content of every email Haven scans, including bodies, attachments, headers, and metadata. Tier 1 (deterministic pattern matching) and Tier 2 (a bundled on-device classifier) operate on this full content locally. The single qualified exception — bounded excerpts sent for Tier 3 adjudication of items Tier 2 cannot decide confidently — is described separately in section 05.
• The findings produced from those scans, including the redacted snippets, the matched detector identifiers, and the file paths or message identifiers that produced them.
• Your Gmail OAuth refresh and access tokens. Tokens are stored only in the OS-managed credential store; the bytes never leave the application's Rust core.
• The encryption key for the local SQLCipher store, generated on first run and stored in the OS credential store.
• Tier 2 classifier verdicts (the bundled DistilBERT model that decides whether a message warrants closer review). Tier 2 inference runs entirely on your device.
• Tier 3 adjudication verdicts (whether a Tier-2-flagged message actually discloses sensitive content). The verdict itself feeds the local findings list and is not transmitted onward; the Tier 3 round-trip that computes the verdict is the carve-out described in section 05.
• The list of accounts you have connected and the list of files you have ingested.
• The contents of every action you take in Haven (Archive, Label, Trash, Mark resolved, Undo).

If you uninstall Haven, you choose whether to delete the local SQLCipher store. The company has no way to read it remotely and no way to compel its retention.

Four outbound channels are relevant for your privacy. Each is described below in the order it would appear in your Network Activity log, which itself is the verifiable record — every outbound request the application has made appears on the Network Activity settings tab, and the log is exportable as a signed JSON file for independent review.

Daily aggregate telemetry. Once per day, Haven submits a small JSON payload describing how the application is being used, in aggregate. Every field is either a bounded enumeration (Haven uses a fixed list of payload types and failure reasons, documented in source) or a count. The payload contains the application version, the operating-system family, a randomly generated install identifier that is not derived from your hardware or your accounts, the number of scans completed since the last payload, the number of findings produced bucketed by severity, the number of remediation actions bucketed by action type, the number of OAuth flow attempts and outcomes bucketed by reason, and the number of model and rules updates applied. The payload does not contain message content, message identifiers, account identifiers, file paths, finding snippets, or anything that could re-identify a person. You can opt out of telemetry from the Settings page; the opt-out is the last telemetry event sent on your install.

Crash reports. If you opt in, Haven will submit crash reports when the application fails. Crash reports are scrubbed before submission to remove file paths, environment variables, command-line arguments, and any string that resembles a credential, an OAuth token, an email address, or a snippet of email content. The scrubber is open to review in the haven-scrubber crate. Crash reporting is off by default in the Phase 1 build.

Signed-channel fetches. When the application checks for application updates, rules-pack updates, or model updates, those requests appear in our server logs as ordinary web traffic — IP address, time, the channel name, and the manifest version requested. These requests contain no information about your mailbox or your findings. We do not combine these logs with telemetry; they are kept short-lived and used to operate the channels and to publish update-availability rates in the transparency report.

Tier 3 adjudication. Tier 2 is a bundled on-device classifier that runs on every message and decides whether the message warrants closer review. Tier 3 is the second-opinion tiebreaker that runs only on the small fraction of messages Tier 2 cannot decide confidently — about 0.8% of messages in measured real inboxes, almost entirely promotional / digest content where a topical keyword overlapped with a sensitive class. For each such message, the application sends a bounded excerpt — up to 2 kilobytes of message text plus the class label Tier 2 flagged — to a Haven-operated chat-completions endpoint in one round-trip. The endpoint returns a single verdict word (confirmed, refuted, or insufficient). The excerpt is not persisted on the hosted side beyond what is necessary to compute the verdict in that request, and no message content is logged in plaintext by Haven. The hosted-side audit log records only the body-hash prefix and the class label, not the excerpt itself; the same body-hash-plus-class summary appears in your local Network Activity log so the two sides reconcile.

Tier 3 runs on Haven-owned GPU infrastructure operated under Haven Protect, LLC's exclusive operational control. The serving environment is configured for zero retention at the application layer and ephemeral storage at the infrastructure layer; the configuration and a quarterly third-party verification of it are published in the transparency report (section 06 of that document covers container-image provenance, access-control posture, and the zero-retention attestation). The upstream model is a Google Gemma 4 open-weights model running on Haven-controlled hardware; the model version and the serving container's build provenance are pinned in the transparency report.

Every Tier 3 call is visible in the Network Activity settings tab; the local row records the body-hash prefix, the class label, and the verdict the model returned, never the excerpt itself.

When you connect a Google account, Haven asks Google for permission under two scopes — one for Gmail, one for Google Drive. You may grant both or either; Haven uses each scope only for the purpose described below. Haven's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. The full compliance statement is in section 16.

https://www.googleapis.com/auth/gmail.modify — Gmail. This is the single scope Haven requests for all Gmail functionality. It covers three uses: (1) Reading messages for scanning. Haven fetches message bodies, headers, and attachment metadata into the application's local process, where Tier 1 (deterministic pattern matching) and Tier 2 (the bundled on-device classifier) operate on the full content. The single qualified exception — bounded ≤2 KB excerpts of the small fraction of messages Tier 2 cannot decide confidently, sent to a Haven-operated Tier 3 endpoint for adjudication — is described in section 05 and visible per-call in the Network Activity log. Outside of that specific Tier 3 carve-out, we do not transmit Gmail message content to Haven Protect, LLC's servers or to any other party. (2) Reading account-security settings. Haven reads your server-side forwarding rules and message filters to detect account-takeover indicators (active forwarding to external addresses, suspicious filters that delete or mark-read sensitive mail). This data is processed locally and is never transmitted to Haven's servers. (3) Remediation actions. When you choose to Archive, add a Label, or move a message to Trash in the dashboard, Haven executes that mutation directly from your computer to Google's API. The action and its outcome appear in Haven's local activity log and 30-day undo trail. We do not modify your mailbox without an explicit user action; we do not send messages on your behalf; we do not delete messages permanently. Haven requests gmail.modify rather than a read-only scope because the remediation actions in use (3) require write access; uses (1) and (2) would function with a read-only scope alone.

https://www.googleapis.com/auth/drive — Google Drive. This scope lets Haven read your Google Drive files and their sharing configuration so the local scanner can identify sensitive findings and overly-broad sharing. Haven uses it to fetch file content and sharing-graph metadata into the application's local process, where the same Tier 1 / Tier 2 / Tier 3 pipeline described in section 05 applies. Additionally, when you choose a remediation action in the dashboard — such as restricting a file's sharing to specific people or removing a public link — Haven executes that change directly from your computer to Google's API. We do not access Drive files outside of the scanning and remediation actions you initiate; we do not upload, move, or delete files. Haven requests the full drive scope rather than a read-only variant because sharing-graph remediation requires write access; file scanning would function with a read-only scope alone.

Your Google data is processed locally except for the bounded Tier 3 cloud-inference carve-out in section 05. Haven uses information received from Google APIs solely to provide and improve the user-facing features described in this policy. We do not transfer Google API data to third parties except (a) as required by law, or (b) as necessary to provide and improve those features. The Tier 3 carve-out transmits bounded excerpts to Haven-owned infrastructure under Haven Protect, LLC's exclusive operational control; that infrastructure is not a third party. We do not use Google API data to train any general-purpose AI or machine-learning model. We do not use Google API data for advertising. We do not allow humans to read Google API data except where you explicitly request support that requires it, where it is necessary for security purposes (such as investigating abuse), or where required by applicable law.

The website at havenprotect.app is a static site served by nginx. It does not run analytics, advertising trackers, or third-party tag managers. It does not set cookies of its own; the only browser-local storage it uses is a single localStorage key (haven-tweaks) that records your dark-mode preference, and your standard browser cache for the static assets.

If you submit your email address to the waitlist form on the site, that address is stored in an inbox we monitor for the purpose of sending you an invitation to try Haven. We will not share waitlist addresses with third parties for marketing. You can ask us to delete your address at any time by emailing privacy@havenprotect.app.

Our web server records standard request metadata — IP address, user-agent, time, requested path, response status — in time-limited operational logs. We use those logs to operate the site and to investigate abuse. We do not combine them with telemetry from the desktop application.

The desktop application contacts only the parties listed below. Adding a new destination requires a signed application or rules-pack update, which is publicly visible.

Tier 3 inference runs on Haven-owned infrastructure, not on a third-party provider. The serving environment is operated under Haven Protect, LLC's exclusive operational control, hosted at a colocation facility in the United States. The hosting provider sees container network traffic but not application data; the container is configured for zero retention at the application layer and ephemeral storage at the infrastructure layer, and the configuration is verified quarterly by a third-party audit published in the transparency report. Because Haven does not delegate Tier 3 processing to an outside party, no inference provider is listed in the table above. The infrastructure-hosting provider is named in the transparency report as our infrastructure partner rather than as a subprocessor.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not enable any third party to do either on our behalf.

Haven is built around a small set of security mechanisms designed to make the trust posture verifiable, not just stated:

• The Windows installer is signed with an Authenticode certificate, and the application embeds an Ed25519 release-signing public key that it uses to verify rules-pack, update-manifest, and model-manifest deliveries at runtime.
• The local data store is SQLCipher-encrypted with a key held in the operating system's credential store.
• The outbound network broker is deny-by-default, with a typed allowlist visible in the Network Activity log.
• Crash reports are scrubbed for credentials, tokens, email addresses, and content snippets before submission.
• Telemetry payloads are aggregate counts only; the schema is open and the bounded slug universe is enforced by tests.
• An independent external security audit is part of the M5 milestone, and the result will be summarized in the public transparency report.

No software is perfectly secure. If you discover a vulnerability, please email legal@havenprotect.app with details. We commit to acknowledging valid security reports within five business days.

Depending on where you live, you may have rights under the General Data Protection Regulation (GDPR), the United Kingdom GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA), or other privacy laws. These rights typically include the right to know what personal information we hold about you, to access it, to correct it, to have it deleted, to opt out of its sale or sharing, and to restrict its processing.

Because of the way Haven is built, the practical answer to most of these requests is short and honest:

• Right to access. The personal information we hold associated with your install is a randomly generated install identifier, the daily aggregate counts produced by your install since you started using Haven, and (if you submitted it) your waitlist email address. We can produce this on request.
• Right to deletion. We can delete the aggregate counts associated with your install identifier and your waitlist email address. We cannot delete content we never collected; that data is on your computer and you can delete it directly.
• Right to correction. The data we hold is counts and a randomly generated identifier; there is little to correct. If your waitlist email address is wrong, write to us at privacy@havenprotect.app and we will update or remove it.
• Right to opt out. Telemetry can be turned off in the Settings page, with no loss of application functionality. Crash reporting is off by default and you can leave it off. We do not sell or share personal information for cross-context behavioral advertising.

To exercise any right, email privacy@havenprotect.app. We will not retaliate against you for exercising any privacy right.

Haven is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@havenprotect.app and we will delete it. In jurisdictions where local law sets a higher minimum age (for example 16 in some EU member states under GDPR), that local law applies.

Haven Protect, LLC operates from the United States. The aggregate telemetry, crash reports, and waitlist contact data we receive are processed and stored in the United States. The bounded ≤2 KB Tier 3 excerpts (section 05) are processed in the United States on Haven-owned infrastructure. If you use Haven from outside the United States, your interactions with our infrastructure involve a transfer of that data to the United States. Where required, we rely on the European Commission's Standard Contractual Clauses or equivalent transfer mechanisms for transfers from the European Economic Area, the United Kingdom, and Switzerland to the United States.

Outside the bounded Tier 3 carve-out described in section 05, Haven does not transmit your mailbox content or finding details. Aggregate telemetry, crash reports, and signed-channel fetches carry no message content or finding details, so those channels do not subject Gmail content or scan content to a cross-border transfer by us.

We retain the data we receive only as long as we need it for the purposes described in this policy:

• Daily aggregate telemetry: retained for thirteen months, after which the install-level rows are deleted; only fully anonymized period-over-period summaries persist.
• Crash reports: retained for ninety days from receipt, then deleted.
• Signed-channel access logs: retained for thirty days from receipt, then deleted.
• Marketing-site request logs: retained for thirty days from receipt, then deleted.
• Waitlist email addresses: retained until you ask us to delete them, or until twenty-four months after your last interaction with us, whichever is sooner.
• Local SQLCipher store on your device: retained until you delete it. We have no remote control over its lifetime.

We may update this policy from time to time. When we do, we will change the effective date at the top of the page. For changes that materially expand the categories of data we collect or the parties we share data with, we will give in-app notice before the change takes effect, and where required by law we will obtain your consent.

For privacy questions, requests under sections 10 or 13, or complaints, please email privacy@havenprotect.app.

For security disclosures and other legal notices, please email legal@havenprotect.app.

If you would prefer to contact us by mail, write to Haven Protect, LLC, c/o our registered agent in Wyoming. The current registered-agent address is on file with the Wyoming Secretary of State and available on request.