Vesta Vesta

Privacy Policy

Last updated: April 2, 2026

1. What Vesta Is

Vesta is local-first personal intelligence software. It runs on your device, not on our servers. Your conversations, memories, and personal data are processed and stored locally — Vesta is designed so that your intelligence layer belongs to you.

2. What Data Vesta Accesses

Vesta connects to the services you use to provide intelligent assistance. All data accessed stays on your device unless you explicitly opt into cloud features.

  • Apple ecosystem — Calendar, Reminders, Notes, Mail, and Contacts via macOS system frameworks. Data is read and processed locally.
  • Google ecosystem — Google Calendar, Gmail, and Google Tasks via OAuth 2.0. Data is fetched directly from Google to your device.
  • Local AI inference — Powered by Ollama. All queries are processed on your device and never leave it.
  • Cloud AI providers — Available on the Pro tier only, and strictly opt-in. When enabled, prompts are sent directly from your device to the provider (Anthropic, OpenAI, or Google). Vesta's servers never see the content.

3. How Your Data Is Stored

  • All personal data is stored locally on your device. Memories, conversations, calendar events, emails, and everything else Vesta processes lives on your hardware, encrypted at rest using AES-256 via OS Keychain and Fernet.
  • Vesta's servers handle only: license validation, usage metering (token counts), and software updates.
  • Vesta's servers never receive: message content, calendar events, emails, memories, or any other personal data. We architecturally cannot access it.

4. Google API Scopes & Usage

Vesta requests the following Google API scopes to provide its core functionality:

  • Calendar — Read and write events for scheduling and daily briefings.
  • Gmail — Read messages for inbox triage and briefing generation. Send emails on your command.
  • Tasks — Read and write tasks for task management.

OAuth tokens are stored in your OS Keychain and are never transmitted to Vesta's servers. Vesta's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Retention & Deletion

All your data is stored locally on your device. Delete the app, and you delete the data — there is nothing on our servers to retain. Google OAuth tokens can be revoked at any time through your Google Account permissions page or directly within Vesta's settings.

6. Third-Party Services

  • Cloud AI providers — Anthropic, OpenAI, and Google are available only with an explicit Pro tier opt-in. Your prompts go directly from your device to the provider.
  • Stripe — Used for payment processing only. Vesta does not store your payment details.
  • Minimal, cookieless analytics on vesta-ai.tech only — We use Cloudflare Web Analytics on this marketing website to measure aggregate page views and referral sources. It sets no cookies, stores no personal data, and does not track individual visitors. The Vesta application itself contains no analytics or telemetry. If we ever introduce optional telemetry in the app, it will require your explicit opt-in consent.

7. Children's Privacy

Vesta is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take steps to address the situation.

8. Contact

If you have questions about this privacy policy or Vesta's data practices, contact us:

Andrew Lonati, Founder
TAL Limited
andrew@tal-limited.tech

9. Changes to This Policy

We may update this privacy policy from time to time. Updates will be posted on this page with a revised "Last updated" date. Material changes will be communicated via an in-app notification so you are always aware of what data we access, how it is stored, and your rights.