Last updated: May 2026
This Privacy Policy describes how Cantic Ltd, a company registered in the United Kingdom (“Cantic”, “we”, “us”, or “our”), collects, uses, stores, and discloses information in connection with your use of the PocketBot mobile application (the “App”). PocketBot is a service provided by Cantic Ltd. This policy applies to all users of the App and forms part of the agreement between you and Cantic.
The nature of the App is material to the scope of this policy. PocketBot is a personal assistant that, subject to your authorisation, connects to third-party services you already use — including email, calendar, messaging, and document services — ingests the activity and content within them, processes that material into summaries (“briefings”) and a curated list of items that may require your attention, and, on your instruction, performs actions on your behalf. The provision of these functions necessarily requires the receipt, storage, and processing of a substantial volume of your personal information. This policy sets out those arrangements in full.
By using PocketBot, you consent to the collection and use of information as described in this policy. If you do not agree to these terms, you should not use the App.
Contact: For any privacy enquiry, contact anton.may@new.ox.ac.uk.
The App does not require an email address, password, or other personal registration. Your account is generated automatically from a limited set of non-identifying identifiers:
Your workspace and its contents are organised under this pseudonymous identity. We do not independently hold your real-world name unless it appears within content you elect to connect, as described in Section 2.2.
This is the most significant category of information we process. When you authorise the App to connect to a third-party service — for example Gmail, Google Calendar, Google Drive, Slack, Outlook, or Notion — the App ingests the relevant activity and content from that service onto our server. Depending on the service and the access scopes you grant, this may include:
Connected-service content is recorded as discrete events in our database and is retained so that your briefings remain consistent over time and the assistant has the context required to function. For the avoidance of doubt, the substantive contents of your connected services are received by our server and transmitted to an artificial-intelligence service for processing, as described in Section 4.
The App does not merely store ingested content; it processes that content to generate derived outputs. On a recurring basis, the App synthesises your connected-service activity into the following:
These outputs are derived from your data and are stored on our server under your pseudonymous identity. They are used solely for your benefit and for the operation of the assistant.
When you instruct the App to perform an action — such as drafting a reply, sending an email, posting a message, scheduling an event, or creating a document — it invokes an autonomous action agent. To carry out the instruction, this agent may access fuller content from your connected services than is required for a briefing (for example, the complete body of an email thread rather than an excerpt) and compose the corresponding action.
Actions that alter anything in the outside world are subject to your approval. The agent proposes an action, and you determine whether it proceeds. We record information relating to this process — including logs of agent runs, the permissions you have granted or withheld for particular categories of action, and records of computational usage — in order to maintain an auditable record, to give effect to your preferences, and to operate the service reliably.
We store your subscription plan tier and the opaque transaction identifiers necessary to verify your purchase and determine your entitlements. We do not receive or retain any payment or billing information (see Section 8).
In addition to your connected services, and only with the device permissions you expressly grant, the App may access certain signals from your device to provide the assistant with additional context. Each is optional, individually revocable, and used solely to provide relevant context to the assistant:
| Signal | What We Access | Purpose |
|---|---|---|
| Location | Approximate or precise coordinates | To provide the assistant with geographic context for the items it surfaces and the actions you request |
| Microphone | Speech you dictate, transcribed on-device | To enable voice input to the assistant; raw audio is not transmitted to our server |
| Notifications | Permission to deliver push and local notifications | To notify you of briefings, proposed actions awaiting your approval, and time-sensitive items |
Background operation: on Android, the App may run a foreground service to maintain its connection to our server. Where it does so, the operating system displays a persistent notice. You may disable any of these signals at any time by revoking the corresponding permission in your device settings.
The following data is held locally on your device and is not transmitted to our servers:
We process your information for the following purposes:
The App's functions depend on large language models, which are not run on your device but are invoked in the cloud. This section describes that processing.
The AI processing is performed by Amazon Web Services (AWS) Bedrock, a managed cloud service operated by Amazon Web Services, Inc., which hosts the Anthropic Claude family of models used by the App. This processing takes place in AWS data centres in the United States. Refer to the AWS Privacy Notice and the AWS Service Terms.
To perform its functions, the App transmits to AWS Bedrock the material the models require to process your information. This may include:
On a regular basis, a Claude model reviews your latest activity against your stored context and produces an updated briefing, amends your to-do list (creating, closing, or reprioritising items), and updates your “soul” profile.
When you instruct the App to act, a Claude model operating as an autonomous agent accesses the content it requires, formulates the proposed action, and — subject to your approval for any action that alters the outside world — executes it through your connected services.
Consent to AI processing: AI-driven processing of your connected-service content is integral to the operation of the App. By connecting a service and using the App, you consent to that content being processed as described in this section. If you do not wish such processing to occur, do not connect the relevant service.
Your workspace — comprising ingested events, briefings, to-do items, your “soul” profile, connection records, action logs, and preferences — is stored in a managed PostgreSQL database, organised under your pseudonymous User ID. Data is encrypted in transit, and server access is restricted to authorised personnel.
Your data may be stored and processed in Europe and the United States. Our sub-processors, including AWS Bedrock, Composio, Nango, and RevenueCat, may process data in the United States.
Where you are located in the European Economic Area (EEA), transfers of your data to the United States are safeguarded by Standard Contractual Clauses approved by the European Commission, or by a provider's adherence to an equivalent data-protection framework. These measures are intended to ensure that your data receives a level of protection substantially equivalent to that guaranteed within the EEA.
Sensitive material held on your device — including authentication tokens and the OAuth credentials for services you connect directly, such as Google and Monzo — is stored within the iOS Keychain by means of Flutter Secure Storage, which provides hardware-backed encryption. Non-sensitive preferences are stored using standard application storage.
The App relies on a limited number of external providers. Each receives only the information required to perform its function and is contractually obliged to protect your data.
Receives your connected-service content, context, and requests in order to perform the AI processing described in Section 4. Does not train on your data and does not retain it after processing.
When you connect third-party services, the App uses Composio and/or Nango to conduct the OAuth authorisation process, to hold the resulting access tokens, and to proxy API requests to those services. These providers therefore hold the credentials that authorise access to your connected accounts and process the API traffic that passes through them. Refer to Composio's Privacy Policy and Nango's Privacy Policy.
Verifies in-app purchases and manages subscription entitlements. RevenueCat receives an application-generated User ID (not linked to your identity), the transaction receipts forwarded by Apple, and your plan tier and expiry. It does not receive your name, email, or payment details. Refer to RevenueCat's Privacy Policy.
Subscriptions are transacted through Apple's in-app purchase system, and push notifications are delivered via the Apple Push Notification service. Apple processes all payments; we do not receive your card details. Refer to Apple's Privacy Policy.
When you connect services — including Gmail, Google Calendar, Google Drive, Google Docs, Sheets, Slides and Tasks, YouTube, Outlook, Slack, Discord, Notion, Reddit, LinkedIn, Strava, Google Maps, and others — the App accesses them through OAuth within the scopes you grant, reading content and performing approved actions. Each such service is governed by its own privacy policy, which you should consult.
If you connect Monzo, the App performs the authorisation on your device and stores the resulting credentials in encrypted secure storage on your device. This connection may make financial information, such as balances and transactions, available to the assistant. You should connect it only if you accept this. Refer to Monzo's Privacy Notice.
Where offered and enabled, a WhatsApp connection enables the assistant to process messaging activity. You should connect it only if you accept that such content will be handled as described in this policy.
If you sign up via the waitlist form on our website (getpocketbot.com), your email address is collected by Tally.so. This is separate from the App and is not linked to your PocketBot account. Refer to Tally's Privacy Policy.
The App offers subscription plans transacted through Apple's in-app purchase system (StoreKit). All payment information is collected and processed solely by Apple. We do not receive or store your card number, billing address, or any other payment detail; we receive only a transaction receipt confirming your subscription status and plan tier.
The App is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have done so, we will delete it promptly. If you believe a child has provided us with data, contact us at anton.may@new.ox.ac.uk.
You may review your briefings, to-do items, and connections within the App at any time. To request a comprehensive export of your server-side data, contact us.
AI-driven processing of your connected-service content is integral to the operation of the App. By connecting a service and using the App, you consent to that processing as described in Section 4. To decline such processing, do not connect the relevant service.
Under Article 6 of the General Data Protection Regulation (GDPR), we process your data on the following legal bases:
If you are located in the European Economic Area, you have the following rights under the GDPR:
To exercise any of these rights, contact anton.may@new.ox.ac.uk. We will respond within 30 days.
We may revise this Privacy Policy from time to time. Where we make material changes, we will update the “Last updated” date above and may notify you within the App. Your continued use of the App after such changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, or wish to exercise any of your data rights, contact us by the following means:
We will respond to all enquiries within 30 days.