Privacy Policy
Effective: [EFFECTIVE_DATE — insert before publication]
Operator: labsly, operated by [LEGAL_ENTITY_NAME] ("labsly," "we," "us").
Contact: support@labsly.com
The short version
We collect as little personal data as possible. Most labsly apps work entirely on your device and never send your content anywhere. We do not sell your data. We do not run third-party advertising trackers. We do not use third-party analytics that profile you. When an app does need to talk to a server (cloud sync, AI features), we tell you, ask permission, and let you turn it off.
If you only read one section, that's it. The rest is the detail a regulator or an attorney needs.
1. Who we are and what this policy covers
labsly is a publisher of Mac software for professionals — designers, writers, analysts, operators, and the AI agents who work alongside them. This Privacy Policy covers:
- The labsly website (
labsly.comand subdomains). - Each labsly app distributed through the Mac App Store or directly: Dais, Cairn, Systema, Witness, Atlas, Meridian, VoidRepublic, and any future labsly app that links to this policy.
- Any account you create at
labsly.comfor purchases, subscriptions, or support.
Where an individual app collects or uses data differently from the universal policy, we call that out in §4 below.
2. Information you provide to us
You only give us personal information when you choose to:
- Email address. When you contact support, sign up for our mailing list, or create a labsly.com account for a direct-sale subscription.
- Support requests. Whatever you write to us, plus any attachments you choose to send (logs, screenshots).
- Payment information. Handled by Apple (App Store purchases) or Stripe (direct purchases). labsly never sees your full card number.
3. Information collected automatically
By default, labsly apps collect no automatic telemetry. If you opt in to crash diagnostics or product analytics in a specific app's settings, we may collect:
- App version, OS version, hardware model.
- Crash stack traces and non-content diagnostic logs (no document content, no audio, no screenshots).
- Coarse feature-usage counts (e.g., "wizard completed: 1") — never tied to a stable identifier unless you have an account.
Apple's App Store provides anonymous, aggregated download and crash statistics that we receive whether or not you opt in; that is governed by Apple's privacy policy, not ours.
4. Per-app data practices
Each labsly app's specific practices:
Dais
- Audio recordings stay on your Mac unless you opt in to cloud transcription or cloud LLM critique.
- Default speech-to-text uses on-device frameworks (Apple Speech, WhisperKit).
- If you opt in to cloud LLM critique, transcript text (not audio) is sent to your chosen provider (Anthropic or OpenAI) under their privacy terms.
- Audio files are stored in your sandboxed app container; you can export or delete them at any time.
Cairn
- Manuscripts are stored locally by default.
- Optional CloudKit sync keeps drafts mirrored to your private iCloud — Apple-managed, end-to-end encrypted, never accessible to labsly.
- On-device LLM critique (Apple FoundationModels, MLX) processes your text locally.
- Optional cloud LLM critique sends prose excerpts (not full manuscripts unless you choose) to your selected provider.
Systema
- Project files (.systema JSON) live on your Mac in a folder you choose.
- LLM features are off by default. When enabled, they call Anthropic Claude or OpenAI using either (a) your own API key stored in Keychain, or (b) a metered labsly relay (see §6).
- Stakeholder names, causal-loop content, and other project text are sent to the chosen LLM only at the moment you invoke a feature.
Witness
- Screenshots and URLs you submit are analyzed locally by default using on-device vision-language models (vllm-mlx, Apple FoundationModels).
- Optional cloud analysis sends the image and any related metadata to your chosen LLM provider.
- Witness never silently captures your screen — every capture is initiated by you.
Atlas
- Strategy graph data stored locally.
- Optional sync via CloudKit. No third-party telemetry.
Meridian
- All financial data stays on your Mac. Holdings, transactions, account balances — none of it leaves your device.
- Optional cloud LLM advisor sends only the specific question text and anonymized portfolio summary you choose to share, never raw account data, and only when you press the button.
- Meridian is not investment advice (see Terms).
VoidRepublic
- Local-first; details to be added as features stabilize.
5. What we do with information
- Provide and maintain the apps and the website.
- Answer support requests.
- Send service emails (receipts, security notices, major version updates).
- With your explicit opt-in: occasional product announcements (one-click unsubscribe).
- Improve the apps using aggregated, non-identifying signals only.
We do not use your data to train labsly's AI models. Where a third-party LLM is involved, we instruct the provider not to retain your inputs for training (Anthropic and OpenAI both honor this for API traffic by default; we configure accordingly).
6. Sharing with third parties
We share the minimum necessary data with:
| Party | Purpose | What they receive |
|---|---|---|
| Apple | App Store distribution, payments, CloudKit sync | Account email (App Store), aggregate diagnostics, your CloudKit data (encrypted, inaccessible to labsly) |
| Stripe | Direct (non-App-Store) payments | Email, billing details |
| Cloudflare | Website hosting, DNS, edge caching | Standard web request metadata (IP, user agent) |
| Anthropic (Claude API) | LLM features when you opt in | The specific prompt text you send |
| OpenAI | LLM features when you opt in | The specific prompt text you send |
| Plausible | Privacy-friendly website analytics | Aggregated, cookie-free page views |
| Email provider | Sending receipts and announcements | Email address only |
We do not sell, rent, or trade your personal information to anyone.
7. Data retention
- App content on your Mac: retained until you delete it. labsly cannot reach it.
- CloudKit-synced content: retained per your iCloud settings; managed by Apple.
- Account data on labsly.com: retained while your account is active and for up to 24 months after closure for tax/audit purposes, then deleted.
- Support emails: retained up to 36 months for service continuity, then deleted.
- Crash diagnostics: retained up to 90 days, then aggregated or deleted.
8. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data ("right to be forgotten").
- Export your data in a portable format.
- Restrict or object to certain processing.
- Withdraw consent for any optional processing at any time.
- Lodge a complaint with your local data protection authority.
To exercise any of these, email support@labsly.com. We will respond within 30 days.
For California residents (CCPA/CPRA): you have the rights above plus the right to know what personal information we collect, the right to opt out of sale or sharing of personal information (we don't do either), and the right to non-discrimination for exercising your rights.
For EU/EEA/UK residents (GDPR): the legal bases on which we process your data are (a) contract performance for service delivery, (b) consent for optional features (cloud LLMs, marketing emails), (c) legitimate interest for fraud prevention and aggregated product improvement.
9. Children's privacy
labsly apps are not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact support@labsly.com and we will delete it.
10. International data transfers
labsly is operated from the United States. The website is served from Cloudflare's global edge — your requests typically terminate near you. When you opt in to a cloud LLM, your prompts are sent to that provider's infrastructure (typically US-based). By using the apps and opting into cloud features, you consent to this transfer.
For EU/UK users, we rely on Standard Contractual Clauses and the providers' own transfer safeguards.
11. Security
We follow standard practices appropriate for our scale:
- TLS 1.2+ for all network traffic.
- API keys and tokens stored in macOS Keychain.
- App data sandboxed by macOS app sandbox.
- No shared databases — most apps have no labsly server at all.
- Regular dependency and vulnerability scanning.
No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you within 72 hours of confirmation, as required by GDPR.
12. Changes to this policy
We will post any changes here with a new effective date. For material changes, we will also notify account holders by email and surface a notice in-app. Your continued use after the effective date constitutes acceptance.
13. Contact
Questions, requests, or complaints:
support@labsly.com
[LEGAL_ENTITY_NAME], [BUSINESS_ADDRESS]