Privacy Policy

Last updated: May 12, 2026

What we collect

Account data: Email address (or Apple ID) and hashed password when you create an account.

Device tokens: iOS push notification tokens, used solely to deliver agent alert push notifications to your device.

Agent notifications: Agent name, message, and severity are forwarded from your Mac to our backend only to deliver push notifications to your iOS device. We do not store notification content after delivery.

What we don't collect

By default, we do not collect your code, terminal output, file contents, browsing history, or any data from your AI agents. The local Unix socket server runs entirely on your machine. Notification content is forwarded transiently and not persisted. See "Notification summaries" below for the one optional exception.

Local data

The Zestful macOS app communicates with agents via a Unix domain socket at /tmp/zestful.sock with a local authentication token stored at ~/.config/zestful/local-token. This data never leaves your machine unless you are logged in and have iOS push notifications enabled.

Notification summaries (optional)

If you enable transcript capture in the Zestful CLI by setting scraper.emit_text=true (off by default), we use a small language model from Anthropic to generate a one-sentence summary that ships alongside the push notification to your phone — so you can see what the agent was doing without unlocking your device.

To produce the summary, short excerpts of your agent session — prompt and response previews (truncated to 1024 bytes each), tool names, and file paths — are sent to Anthropic's API. This data is processed under Anthropic's API terms; it is not retained by Anthropic for model training. The full transcript never leaves your machine.

Setting scraper.emit_text=false (the default) disables this feature and prevents any transcript content from being sent to third parties. The summary feature can also be disabled server-side per-user.

Third-party services

We use Supabase for authentication, Apple Push Notification service (APNs) for iOS push delivery, and Anthropic's API for the optional notification summaries described above. Your data is handled according to their respective privacy policies.

Data deletion

You can delete your account at any time from the Settings tab in the app. This removes all associated data from our servers.

Contact

Questions? Email privacy@zestful.dev.