# Privacy Policy **Last updated:** May 2026 Pensum is operated by Product Experience Group ("we", "us", "our"). This policy describes how we handle your data when you use the Pensum Obsidian plugin, CLI, MCP server, website, and related services. **The short version:** Your vault data stays on your device. We don't see it, store it, or process it. The only data that reaches our servers is your license key (for validation) and anything you explicitly send us (contact form, support emails). ## What stays on your device - **Your entire vault.** All tasks, meeting notes, project files, wiki entries, and any other markdown content. Pensum reads and writes files in your vault locally. None of this data is transmitted to our servers. - **The sidecar index** (`.pensum/index.json`). This is a local index of your vault entities. It stays in your vault and syncs only through whatever sync mechanism you use (Obsidian Sync, iCloud, Syncthing, etc.). - **API keys.** Your Anthropic and OpenAI API keys are encrypted with AES-256-GCM and stored in the plugin's local settings file. They are never transmitted to Pensum's servers. They are sent only to the respective AI providers when you use AI features. - **Meeting recordings.** Audio files are stored locally in your vault. They are never sent to Pensum's servers. ## What leaves your device ### License validation When you enter a Pro license key, the plugin sends your **license key** and a **random device ID** to our license server (`api.pensum.dev`) to verify your license. This happens on activation and approximately every 7 days. No vault data, file names, task content, or usage patterns are included in this request. ### AI provider calls (Pro BYO) When you use AI features with your own API keys, your device sends data directly to the AI provider (Anthropic or OpenAI). This includes: - **Smart Capture / Smart Triage:** task descriptions and your project list - **Meeting transcription:** audio file sent to OpenAI - **Meeting summarization / action extraction:** transcript text sent to Anthropic - **Stub expansion:** wiki stub title and source context sent to Anthropic These calls go directly from your device to the provider. Pensum's servers are not involved. Your provider's privacy policy governs how they handle this data. ### AI provider calls (Pro All-in-One) When you use AI features on the All-in-One plan, data is routed through our API proxy (`ai.pensum.dev`) for billing purposes. We do not store, log, or retain the content of these requests beyond what is necessary to complete the API call. Audio files for transcription are streamed through the proxy and not retained. ### Contact form and support When you use the contact form or email support@pensum.dev, we receive your email address and message. These are used solely to respond to your inquiry. Support messages are stored for up to 90 days. ## Analytics ### License server Our license server records anonymized validation events (success/failure counts, unique active licenses per day). This data is aggregated and does not include vault content, file names, or task descriptions. We use PostHog for analytics processing. ### Marketing website We do not currently use analytics on the marketing website. If we add analytics in the future, we will update this policy and use a privacy-respecting service. ### Plugin The Pensum plugin does not collect any telemetry or analytics. It makes no network calls to our servers other than license validation (Pro users only). ## Cookies The Pensum website does not use tracking cookies. Essential cookies may be set by our infrastructure providers (Cloudflare) for security purposes (e.g., bot protection). ## Third-party services | Service | What it receives | Their privacy policy | |---|---|---| | Anthropic | Task descriptions, transcripts, stub content (when you use AI features) | [anthropic.com/privacy](https://www.anthropic.com/privacy) | | OpenAI | Meeting audio (when you transcribe) | [openai.com/privacy](https://openai.com/privacy) | | Paddle or Lemon Squeezy | Payment information (when you purchase Pro) | Linked at checkout | | Cloudflare | Web traffic (hosting and DNS) | [cloudflare.com/privacypolicy](https://www.cloudflare.com/privacypolicy/) | | PostHog | Anonymized license validation events | [posthog.com/privacy](https://posthog.com/privacy) | ## Data retention | Data | Retention | |---|---| | License records | Active for the duration of your subscription; deleted 90 days after cancellation | | Contact form submissions | 90 days | | License validation logs | 90 days (aggregated, no PII) | | Vault data | Local to your device; we never have it | ## Your rights You have the right to: - **Access** any personal data we hold about you (limited to: license key, email from purchase, device IDs) - **Delete** your data by emailing support@pensum.dev - **Port** your vault data at any time (it's already markdown files on your device) - **Opt out** of AI features (turn off in settings; no data sent to providers) For EU/UK residents: you may exercise your rights under GDPR by contacting support@pensum.dev. Our merchant-of-record (Paddle or Lemon Squeezy) acts as data processor for payment information. ## Children Pensum is not directed at children under 13. We do not knowingly collect data from children. ## Changes We may update this policy. Material changes will be communicated via the Pensum plugin (update notes) and posted here. The "last updated" date at the top reflects the most recent revision. ## Contact Product Experience Group Email: support@pensum.dev