Privacy Architecture

What leaves your device.
What doesn't.
And why we can't change that.

This is not a privacy policy. Those documents exist to protect companies. This document exists to explain how the product actually works — and why the architecture, not our promises, is your real protection.

By default, nothing leaves your device.

Throwbak is local-first. Your record lives on your machine — entries, photos, face recognition data, embeddings, and the full SQLite database. We don't have a server receiving your archive. We don't have a storage bill for your data. There's nothing to breach because there's nothing on our side.

The product works offline. It always will. Cloud sync is optional and additive — the local record is always complete and always yours.

Three AI tiers. Three different data stories.

Local Tier

Everything runs on your machine via Ollama. Nothing is sent anywhere. Not a single character of your entries leaves your device. Ever.

Throwbak AI

Synthesis queries — the text you've written, only OPEN and MEMOIR classified entries — are sent to Anthropic's Claude API to generate synthesis. Photos are never sent. Face data is never sent. GPS coordinates are never sent. PRIVATE, SEALED, and VAULT entries are never sent. This block is enforced in the Rust core before the HTTP request is constructed. There is no UI setting that overrides it.

BYO Key

Identical to the Throwbak AI tier in terms of what is and isn't sent — same Rust-enforced blocks — but you provide your own Anthropic API key and pay Anthropic directly. Your key is stored in your OS keychain, not on our servers.

Five tiers. The inner ones are architecturally inaccessible.

Every entry carries a classification. The classification determines what can physically leave your device. This isn't a settings toggle — it's enforced at the data layer before any network code runs.

Open

Shareable. Can be included in hosted AI synthesis. Can be sent to named connections.

Memoir

Default. Can be included in hosted AI synthesis. Visible only to named connections.

Private

Never sent. Never included in synthesis. Local only.

Sealed

Never sent. Encrypted with a separate key derived from your passphrase. Requires explicit session unlock to access. We cannot read these.

Vault

Never sent. Argon2id key derivation. Deliberate unlock required every session. We are not capable of reading these. This is not a policy statement — it is a description of the cryptographic architecture.

What we know about you.

If you use only the Local AI tier: nothing. We have no telemetry, no analytics, no error reporting, no usage data. The app doesn't call home.

If you use the Throwbak AI tier: we know that synthesis requests were made, roughly when (API call timestamps), and the text content of those requests. We don't store this. The request goes to Anthropic, the response comes back, nothing is logged on our side. Anthropic's data processing agreement governs what they do with it — we chose them specifically because their enterprise agreement prohibits using customer data to train models without opt-in.

Your account email, if you create one for cloud sync. That's it.

What happens if Throwbak disappears.

Your record is Markdown files and a SQLite database on your machine. Both are open, readable formats that work without Throwbak installed. You can open the Markdown files in any text editor. You can query the SQLite database with any SQLite client. Your data is not in a proprietary format and it is not held hostage by our existence.

If we shut down, your archive survives intact. The only thing that stops working is hosted AI synthesis — and that just means falling back to the local tier.

We wrote this document because we wanted to be able to look at it ourselves and feel good about what it says. If something in here isn't true, we want to know about it. Architecture can be audited. Trust is built on that.