WINDSOR — PRIVACY POLICY
Last updated: March 2026
Overview
Windsor is a personal AI aide designed to reduce friction in your day. This policy explains what information we collect, why, and how it is protected. We collect the minimum necessary to make the app work.
1. Information We Collect
Automatically collected
Anonymous device identifier — When you first open Windsor, we create an anonymous account via Firebase Authentication. This generates a random ID (e.g. x7k2...) that is never linked to your name, email, or any identity. It exists solely to associate your device with your briefings.
Push notification token — A Firebase Cloud Messaging token is saved so your morning briefing can be delivered to your device. It is stored server-side against your anonymous ID only.
Information you provide
Your name and form of address — Used to personalise responses. Stored locally on your device.
Home and work address — Used to fetch traffic conditions for your commute. Stored locally on your device and sent to the Google Maps Directions API only when a traffic update is requested.
Briefing time preference — Stored locally on your device.
Mood check-ins — Stored locally on your device and never transmitted to our servers.
Processed transiently
Conversation messages — Sent to our secure backend (Firebase Cloud Functions) which forwards them to Anthropic's Claude API. Messages are not stored on our servers beyond the duration of the request.
Briefing scripts — The text of your generated morning briefing is stored temporarily in Firebase Storage (linked to your anonymous ID) to enable audio playback and push delivery. Audio files are retained for 7 days then automatically deleted.
2. Calendar and Location Access
Windsor may request access to your device calendar to include today's events in briefings. Calendar data is read locally on your device and sent only to our secure backend to generate your briefing script. It is not stored.
Location access (if granted) is used solely to determine local weather conditions via the Open-Meteo API. Coordinates are sent directly to Open-Meteo and are not stored by us.
3. Third-Party Services
Windsor uses the following third-party services, each subject to their own privacy policies:
We do not sell your data to any third party, nor do we use it for advertising.
4. Data Security
All communication between the app and our backend uses HTTPS. API keys for third-party services are stored exclusively in Firebase Secret Manager and are never embedded in the app. Your profile data is stored locally using your device's secure storage.
5. Data Retention
Local device data is deleted when you reset Windsor or uninstall the app.
Briefing audio files in Firebase Storage are deleted after 7 days.
Your anonymous Firebase account and associated FCM token are deleted upon request.
6. Children's Privacy
Windsor is not directed at children under 13 and we do not knowingly collect information from children.
7. Your Rights
You may request deletion of all server-side data associated with your anonymous account by contacting us at the address below. Because we do not collect your name or email, you will need to provide your anonymous device ID (visible in app settings under About).
8. Changes to This Policy
We will post any material changes here with an updated date. Continued use of the app after changes constitutes acceptance.
Contact
hello@joiandlaff.com