pocket Chief!
download privacy terms

privacy

Privacy Policy

Last updated: July 15, 2026

Key points

  • Pocket Chief! stores settings, chat, Current Work, Activity, timeline, review, and related records in a local workspace on your computer.
  • Raw screenshots are processed on your device and are not uploaded. They are not written to disk by default; optional local retention is 1, 3, 7, or 30 days.
  • If you sign in or use Pocket Chief Cloud, Starwish stores account, session, wallet, ledger, and Cloud usage metadata needed to run the service.
  • Direct Cookies checkout is hosted by Lemon Squeezy. We send the account email and an internal purchase reference to create the checkout, but we do not receive your full card details.
  • AI features may send selected text and context needed for a request to the model provider you use. Raw screenshots are not included.
  • Production builds may send limited crash diagnostics and product-health events.
  • Direct and Steam identities and commercial records remain in separate realms, even when both builds use the same local workspace on one OS account.
  • We do not intentionally send API keys, raw screen contents, chat text, OCR text, screenshots, or raw Steam IDs in product analytics.

1. Who we are

Pocket Chief! is provided by STARWISH LIMITED, NZBN 9429053547750, based in Wellington, Aotearoa New Zealand ("Starwish", "we", "us", or "our").

For privacy questions, contact us at aki@starwish.co.nz.

2. Information stored on your device

Pocket Chief! is a desktop app. It may store information locally on your computer, including:

  • app settings, model choices, permissions, and feature preferences;
  • API keys, provider settings, or encrypted Cloud session credentials used by the model source you configure;
  • chat history, generated summaries, assistant state, and local memories;
  • Current Work items, Activity facts and cards, timeline entries, daily or weekly reviews, recaps, and Todo provenance;
  • locally processed OCR evidence, internal Activity batches and analysis records, and optional screenshot artifacts when Activity recording is enabled; and
  • local debug logs used to diagnose app problems.

Raw screenshots are processed on your device and are not uploaded. By default they are processed in memory and are not written to disk. If you choose local screenshot retention, the available retention periods are 1, 3, 7, or 30 days. Pocket Chief deletes retained screenshot artifacts after the selected period through its local cleanup process.

Raw OCR evidence is retained locally for 14 days. Internal Activity batch, observation, and analysis records are retained locally for 30 days. User-visible Activity summaries, timeline entries, recaps, and Current Work entries and provenance remain in the local workspace until you delete them. These periods apply to the current Activity implementation and may be shortened if you delete local data sooner.

Uninstalling the app may not remove all local app data created by your operating system.

3. Information that may leave your device

When you use AI features, Pocket Chief! selects the context needed for the request. Depending on the feature, this may include your message, relevant recent chat, selected Current Work or Todo content, Activity summaries, locally redacted OCR text, voice transcript text, and limited request metadata such as model or task type. Raw screenshots are not sent to Pocket Chief Cloud or an AI model provider.

With Remote BYOK, the app sends the request directly from your device to the provider you configure using the API key stored on your device. Pocket Chief Cloud does not receive that API key. With Pocket Chief Cloud, the app sends the selected request content to Starwish, and Starwish forwards the necessary content to the model provider used for the Cloud task. The applicable provider's terms and privacy policy also apply.

Production builds may send sanitized crash and error diagnostics to Sentry. These diagnostics are intended to exclude request bodies, API keys, local usernames, URL queries, prompt text, OCR text, chat content, screenshots, replay recordings, and full logs.

Production builds may send product-health analytics to PostHog, such as app version, operating system, feature usage, success or failure categories, and an anonymous install ID or hashed Steam-derived analytics ID. These events are designed not to include raw Steam IDs, API keys, chat text, screen text, OCR text, screenshots, or prompt content.

Our website, hosting provider, CDN, and download servers may process standard technical data such as IP address, user agent, request URL, timestamps, and download status.

4. Pocket Chief Cloud account and usage data

If you create an account, sign in, receive starter Cookies, or use Pocket Chief Cloud, Starwish may store Cloud service records in our backend, including your email address, internal user ID, hashed session tokens, OTP and rate-limit records, wallet/Cookies balance and status, ledger entries, Cloud task type, provider, model, token counts, estimated provider cost, charged Cookies, latency, status, error codes, idempotency records, admin actions, and audit records.

Direct accounts use an email address and one-time password verification. Starwish may store the email address, internal Direct user ID, hashed or encrypted session credentials, verification and rate-limit records, and account status needed to provide the Direct service. Steam builds use Steam authentication. Valve may provide Starwish with a Steam authentication ticket, verification result, and Steam account identifier needed to authenticate the Steam realm and deliver its Cloud balance or entitlements. Raw Steam IDs are not sent in PostHog product analytics.

Cloud requests process the message and context needed to complete the request and may forward that content to the model provider used for Pocket Chief Cloud. Our Cloud usage, wallet, and ledger records are designed not to store prompt text, response text, raw OCR text, screenshots, API keys, or full local logs.

5. Direct payments through Lemon Squeezy

Direct and Steam are separate commercial realms. Their identities, sessions, wallets, Cookies balances, ledger entries, orders, refunds, and entitlements do not merge or transfer between realms. A Direct email identity is not used as a Steam identity, and a Steam identity is not used as a Direct account.

Direct and Steam builds opened by the same operating-system user may read the same OS-user-scoped local workspace. This lets local Activity, chat, Current Work, and review history remain together on that computer. It is not Cloud sync, Steam Cloud, cross-device recovery, or a transfer of commercial assets.

When an eligible signed-in Direct user starts a Cookies checkout, Starwish sends Lemon Squeezy the account email address, selected product variant, locale, an internal purchase reference, and checkout return details. The purchase reference links the resulting order to the Pocket Chief account that started checkout. Changing the receipt email at checkout does not change which Pocket Chief account receives Cookies.

Lemon Squeezy acts as merchant of record and hosts the checkout. Lemon Squeezy and its payment providers process the customer, billing, tax, fraud, and payment information entered there under the Lemon Squeezy Privacy Policy. Starwish does not receive or store your full card number or card security code.

Starwish receives order and refund events needed to deliver and reconcile Cookies. We may store the Pocket Chief purchase reference, Lemon Squeezy order and checkout identifiers, product and variant identifiers, currency, amounts, tax, refund totals, receipt link, delivery status, and related wallet and ledger records.

Purchases made through Steam are processed by Valve under Steam's terms and privacy policy. Starwish may receive and store the Steam realm identity, product or entitlement identifiers, transaction status, refund or reversal status, and related wallet, ledger, and audit records needed to deliver and reconcile the purchase. Starwish does not use Steam purchase records to credit a Direct account.

6. Permissions

Pocket Chief! may ask your operating system for permissions such as microphone access, accessibility access, or screen recording access.

These permissions are used for features such as push-to-talk voice input, desktop interaction, screen text review, and activity summaries. You can deny or revoke operating-system permissions, but the related features may stop working.

7. How we use information

We use information to provide the app, run AI features, authenticate accounts, maintain Cloud wallet and usage records, remember your settings, maintain local history, improve reliability, prevent abuse, support updates, and understand product health.

8. Service providers

We use third-party providers to operate parts of the Service. The provider and data involved depend on the feature and distribution channel you use:

  • the AI provider selected for Remote BYOK, or used by Pocket Chief Cloud, processes the selected request content and metadata described in section 3;
  • Sentry processes sanitized crash and error diagnostics;
  • PostHog processes limited product-health analytics;
  • hosting, CDN, and download providers, including Amazon Web Services where used, process standard request and delivery logs;
  • Lemon Squeezy and its payment providers process Direct checkout, payment, tax, fraud, and refund information; and
  • Valve and Steam process Steam identity, distribution, purchase, and refund information.

These providers process information under their applicable agreements and privacy terms.

9. Your choices and rights

You can control many local features in the app, including model configuration, activity recording, screen recording permissions, voice permissions, and local review data. You can also delete local app data using in-app controls where available or your operating system's app data tools.

You may ask us for access, correction, or deletion of personal information that we hold about you by contacting aki@starwish.co.nz. Some requests may not apply to data stored only on your own device, because we do not have access to it.

10. Children

Pocket Chief! is intended for users aged 18 and over. We do not knowingly collect personal information from children under 13, or under 16 where that higher age applies.

11. Changes

We may update this policy from time to time. If we make material changes, we may notify you through the app, on the website, or by updating the date above.