TwoRaven
Effective 2026-04-25

Privacy Policy

TwoRaven is personal AI infrastructure: you connect your own digital services to a private workspace, and an AI agent answers questions across them. This policy explains what data we collect, where it lives, who can see it, and how to remove it.

Draft. This is the operator’s honest description of how the service works today. It is intended to be reviewed by counsel before being treated as a binding legal agreement. If you spot something that looks wrong, email us at hello@tworaven.ai.

What we collect

Account identity

When you sign up, our authentication provider Clerk stores your email address, name (if you provide it), and a unique account identifier. We do not store your password — Clerk handles that and supports social sign-in (GitHub, Google).

Integration data you connect

Each integration you connect grants TwoRaven a scoped set of data from a third-party service. Examples include calendar events from Google Calendar, listening history from Spotify, transactions and balances from your bank via Plaid, browsing activity from browser history imports, and messages from iMessage if you install the desktop app and enable that collector. You see the full list of connected sources on the Sources tab and can disconnect any of them at any time.

Chat content

Messages you send to the AI agent — and the agent’s replies — are stored so you can come back to past conversations. You can mark a session as incognito, in which case nothing for that session is written to durable storage. You can also delete any thread from the sidebar at any time, which removes both your messages and the agent’s replies for that session.

Usage metrics for billing

We record per-call cost (input/output tokens × provider price) for every LLM request your account makes. This is what we use to enforce your monthly budget and to surface spend on your account page. No prompt or response content is included in the cost record — just the provider, model, agent that made the call, token counts, and timestamp.

Where it lives

TwoRaven runs on Neon (managed Postgres). Every user gets a separate database schema, isolated by Postgres row-level security. Cross-user data — the mapping from your account ID to your schema, your tier, and platform-wide cost telemetry — lives in a separate public schema with no per-row content.

Sensitive columns are encrypted at rest above and beyond the disk-level encryption Neon already provides:

  • OAuth tokens for connected integrations are encrypted with AES-256-GCM in the “token” key namespace.
  • Message bodies, email bodies, and chat content are encrypted with AES-256-GCM in the “sensitive” key namespace before being written.
  • Larger blobs (uploaded files, audio captures, screen frames) are encrypted client-side and stored in Cloudflare R2; only the per-user metadata index lives in Postgres.

Third parties we use

TwoRaven is built on top of vendors. Each one sees only the slice of data necessary for its job; none of them have access to your full account.

  • Clerk — authentication, sign-in / sign-up flows, session management. Sees your email, name, and login activity.
  • Neon — managed Postgres host. Sees the contents of your database (encrypted at rest, encrypted in transit).
  • Cloudflare R2 — object storage for blobs. Sees opaque encrypted bytes; we hold the keys.
  • Stripe — payment processing for the Pro subscription. Sees billing details (card, address, name, email); never sees product content. We store a Stripe customer ID and subscription state, never card numbers.
  • Plaid — bank linking and transaction sync. You authenticate with your bank inside Plaid Link; Plaid returns an access token we encrypt and use to fetch transactions. Plaid’s end-user privacy policy applies in addition to ours.
  • AWS Bedrock (and direct Anthropic / OpenAI as fallbacks) for LLM inference. The model receives the prompt your agent constructs, which may include excerpts from your data; we do not opt into provider-side training-data programs.
  • Open-Meteo for weather and geocoding lookups. Receives only the lat/lon and city name you set.
  • Vercel for hosting. Sees IP addresses and request/response metadata for the duration of normal request handling (routine web hosting telemetry).

Who can see your data inside TwoRaven

The operator (Benjamin Rothman) has administrative access to the infrastructure. We do not read your prompts or stored content as a matter of course; routine debugging uses cost telemetry and per-collector counters, not the underlying data. We do not sell, rent, or barter your data, and we do not enrich third-party profiles with it.

How long we keep it

Connected-source data persists as long as the source is connected. If you disconnect a source, the access token is destroyed; the historical data already collected is retained until you delete your account.

Chat messages persist until you delete the thread or your account. Incognito sessions are not durably stored.

Usage telemetry (LLM cost rows) is retained for accounting and budget enforcement; we do not promise to delete these on a fixed schedule but will purge them on full account deletion.

Your rights

You can:

  • See every connected source on the Sources tab, and disconnect any of them.
  • Delete any chat thread from the threads rail.
  • Request export of all data associated with your account by emailing hello@tworaven.ai. We will return a machine-readable archive within 30 days.
  • Request deletion of your account and all associated data by emailing the same address. The schema, blobs, and account record will be dropped within 30 days.

Children

TwoRaven is not directed at children under 18. We do not knowingly accept signups from anyone we believe to be under 18. If you become aware of an account belonging to a child, email us and we will close it.

Changes

We will update this policy as the service evolves. Material changes (new data categories, new processors, retention changes) will be announced via email to all active accounts at least seven days before they take effect.

Contact

Questions, requests, or concerns: hello@tworaven.ai.