Intentional recording
Release target: no wake word or continuous listening; only a physical action can begin recording, with an indicator verified on the delivered hardware.
Recordings can contain other people's voices. Transcripts reveal intent. Health data is intimate. The system treats each as a distinct high-sensitivity domain.

What it hears stays yours.
Release target: no wake word or continuous listening; only a physical action can begin recording, with an indicator verified on the delivered hardware.
Extracted context, full transcripts and health use different agent scopes. Raw audio is never an agent scope.
Transport and stored data are encrypted. Raw audio uses short retention and per-user access boundaries.
Agents retrieve only the information required for a request, under user-granted scopes.
The user can see which agent accessed which data, revoke a connector, export history and request deletion.
Tests, previews and demos use fabricated identities, recordings, transcripts and health samples.
Cloud transcription requires a trusted processing component to access audio temporarily. That is not zero-knowledge end-to-end encryption during processing. The intended promise is encrypted private processing, strict access controls, no training on user content, and short raw-audio retention.
This page describes the intended baseline, not a certification. Production launch additionally requires threat modeling, dependency and infrastructure review, incident-response ownership, penetration testing, vendor contracts, backup/deletion verification and region-specific privacy review.
Privacy that holds up is the product.
Reserve your band