Last updated: March 5, 2026
Carson is designed with privacy as a core principle. We collect only what is necessary to provide and improve the service, and we are transparent about what data goes where.
The following data is stored locally on your device and is never transmitted to BrogdonCo or any third party:
To process your requests, Carson sends your commands to the AI provider configured in the app (Claude, Grok, or Gemini). This is necessary for Carson to understand your intent and generate responses. Only the content needed to fulfill your request is sent. Your conversation history, files, and other local data are not transmitted unless directly relevant to a specific command you initiate.
Each AI provider has its own privacy policy governing how it handles data received through its API. We encourage you to review the privacy policy of your chosen provider.
When using voice input, audio is processed by Apple's Speech framework by default. If you use ElevenLabs for text-to-speech or speech-to-text, audio data is sent to ElevenLabs for processing. No audio recordings are stored by Carson.
API keys for AI providers and voice services are stored in your Mac's Keychain, which provides hardware-level encryption. BrogdonCo never has access to your API keys. For subscription plans that include API access, requests are routed through our proxy server, which holds its own keys — your device never receives or stores those keys.
If you purchase a subscription or lifetime license, your purchase is processed by RevenueCat and Apple (for App Store purchases) or Stripe (for website purchases). BrogdonCo receives only the information necessary to verify your entitlement: a user identifier, entitlement tier, and transaction verification data. We do not receive or store your payment details.
For website purchases, your email address is used to link your purchase to your app. A verification code is sent to confirm ownership. Your email is stored only for the purpose of entitlement verification.
To prevent abuse of the free trial, Carson generates a one-way hash of your device's hardware identifier. This hash is sent to our server to track trial status. The hash cannot be reversed to identify your device, and no other device information is collected.
Carson runs inside macOS App Sandbox, which restricts the app to only the files and system resources you explicitly grant access to. Carson cannot access files or data outside of its sandbox without your permission.
Carson will never modify, move, or delete your files, emails, reminders, calendar events, or any other data without your explicit confirmation. All potentially destructive actions are previewed before execution and require your approval.
Carson does not include any analytics frameworks, telemetry, or tracking. We do not collect usage statistics, crash reports, or behavioral data.
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date. We will not materially reduce the privacy protections described here without providing notice through the app or on our website.
If you have questions about this privacy policy or how Carson handles your data, contact us at [email protected].