Bob — Private AI + Collective Intelligence
Bob is a personal AI agent for managing your finances, bills, subscriptions, documents, and life admin. This policy explains what data we collect, why, how it is stored, who can access it, and what rights you have.
We designed Bob with privacy as a structural requirement, not a feature. Your data is encrypted so that only you can read it. We cannot access your data even if we wanted to.
Bob processes your personal financial and administrative data. As this is a single-user personal system operated by you, the processing falls under the household exemption (Article 2(2)(c) UK GDPR) — purely personal or household activity.
We process your username, email address, and hashed password on the basis of contractual necessity (Article 6(1)(b) UK GDPR) — these are required to provide the service.
If you opt in to the Swarm, anonymous trait data is processed on the basis of your explicit consent (Article 6(1)(a) UK GDPR). You can withdraw consent and disable the Swarm at any time.
Bob ingests emails and documents that may contain names, email addresses, and correspondence from third parties (banks, insurers, service providers). This data is processed only for your personal household purposes, is not shared beyond the AI processing described in Section 5, and is not used for any commercial purpose.
| Data | Purpose |
|---|---|
| Username, email, password | Account authentication |
| Encryption passphrase | Vault encryption (not stored by us) |
| Bank transaction CSVs | Financial tracking and categorisation |
| Documents (bills, contracts, statements) | Knowledge organisation and renewal tracking |
| Chat messages | AI conversation and memory |
| Memory facts (told to Bob in conversation) | Persistent knowledge base |
| Source | Data | Access |
|---|---|---|
| Gmail | Email sender, subject, body | Read-only via OAuth 2.0 |
| Google Calendar | Event title, time, location | Read-only via OAuth 2.0 |
| Google Drive | Documents and statements | Via OAuth 2.0 |
| Google Contacts | Contact names and details | Read-only via OAuth 2.0 |
You grant Google API access directly through Google's OAuth consent screen. You can revoke access at any time via your Google Account settings.
| Data | How it is created |
|---|---|
| Subscription records | Detected from transaction patterns |
| Memory facts | Cross-referenced from transactions + emails |
| Thread summaries | AI-generated from ingested content |
| Daily briefings | AI-generated morning email |
| Task records | Created via AI tool calling in conversation |
| Audit log | API access and action records |
| Aspect | Detail |
|---|---|
| Database | SQLite (WAL mode, FTS5) — one per user |
| Encryption at rest | LUKS2 (AES-XTS, 512-bit key, Argon2id derivation). Your passphrase is the only key. |
| Encryption in transit | TLS 1.2+ via Let's Encrypt certificate (Caddy auto-TLS) |
| Isolation | Each user runs in their own encrypted Docker container. No shared database. No cross-user access. |
| Network | UFW firewall: only ports 22 (SSH), 80 (→HTTPS), 443 (HTTPS) open |
| Authentication | API keys (SHA-256 hashed at rest), password-based sessions |
| Audit logging | All API actions logged with timestamp, user, action, and IP |
When your Bob container is stopped (e.g., after a server restart), your encrypted vault is locked. The data on disk is unreadable ciphertext. Nobody — not us, not any administrator — can read it without your passphrase.
| Service | Data shared | Purpose | Safeguard |
|---|---|---|---|
| OpenAI | Thread content, transaction summaries, user queries | AI chat, summarisation, briefing generation | API terms prohibit use of inputs for model training |
| Resend | Email address, briefing content | Daily briefing email delivery | Transactional-only processor; DPA available |
| Google APIs | OAuth tokens; access to Gmail, Calendar, Drive, Contacts | Email/calendar/document ingestion | User-granted OAuth consent; revocable at any time |
| Google Cloud Platform | Encrypted disk volumes | Infrastructure hosting | GCP encryption-at-rest; LUKS2 provides additional layer |
No other third-party services receive your data.
The Swarm is disabled by default. No anonymous traits are shared until you explicitly enable it in your account settings.
If you opt in, Bob extracts and shares:
Swarm insights are only generated when at least 5 bots share traits in the same cohort. No individual bot's data is ever surfaced directly.
| Data type | Retention | Rationale |
|---|---|---|
| Account data (username, email, password hash) | Until account deletion | Required for service operation |
| Bank transactions | Indefinite (within your vault) | Financial record-keeping; tax purposes |
| Emails and documents | Indefinite (within your vault) | Personal correspondence archive |
| Memory facts | Until superseded, expired (TTL), or manually deleted | Active knowledge base |
| Subscription records | Until cancelled + 12 months | Renewal tracking and spending analysis |
| Audit logs | 12 months | Security review |
| Daily briefings | Not stored (delivered via email) | Retention is controlled by your email provider |
| Swarm traits | 90 days (TTL) | Collective intelligence freshness |
| Policy acceptance records | Duration of account | Legal compliance |
Under UK GDPR, you have the following rights:
You can request a full export of all data Bob holds about you. Use the Export My Data feature in your account settings, or email support@algorythmics.life. We will respond within 30 days.
You can correct any data in Bob at any time — edit memory facts, update subscription records, or re-categorise transactions via the chat interface.
You can delete your account at any time. Deletion triggers cryptographic erasure — your entire encrypted vault (database, documents, emails, memory, Swarm traits) is destroyed. This is irreversible and verifiable.
You can export your data in JSON format via the data export feature. This includes all transactions, subscriptions, memory facts, threads, messages, tasks, and audit logs.
You can disable the Swarm at any time to stop anonymous trait sharing. You can unsubscribe from daily briefing emails. You can revoke Google API access via your Google Account.
You can object to any processing by contacting support@algorythmics.life. Given the household exemption basis, most processing is under your direct control.
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
Bob does not use cookies, analytics, tracking pixels, advertising, or telemetry of any kind. See our Cookie Policy for formal confirmation.
Bob is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.
Your encrypted data is hosted on Google Cloud Platform in the United States. GCP provides appropriate safeguards under the UK-US Data Bridge. Additionally, LUKS2 encryption means that data at rest is unreadable without your passphrase regardless of jurisdiction.
OpenAI processes data in the United States under their standard contractual clauses.
We may update this policy from time to time. Material changes will be notified via email at least 14 days before taking effect. The version number and effective date at the top of this page will be updated accordingly.
For privacy questions, data subject access requests, or complaints: