← Back to Home

Security Architecture

A technical deep-dive into how TL;2DO protects your data through a zero-trust, local-first design.

📱

Local-First

Processing happens in RAM on your device. No cloud database sync.

🔑

BYOK Model

Bring Your Own Key. You control the API access, not us.

🛡️

Zero Telemetry

We don't know who you are or what you're extracting.

The "No Middleman" Promise

Most AI productivity apps work by proxying your data: you send your emails to their server, they process it, and send you the result. This creates a massive security target.

TL;2DO is different. We removed the middleman entirely. The app runs locally on your phone and talks directly to the services you use (Gmail, Slack, Gemini, Groq). Our company servers are never involved in the data loop.

TRADITIONAL AI APPS (The Risky Way) [Your Phone] ---> [Company Server] ---> [LLM Provider] ^ | (Stores your data for "training" or "logs") | (Single point of failure for hackers) ---------------------------------------------------------------- TL;2DO ARCHITECTURE (The Secure Way) [Your Phone] | +---> (Direct IMAP/HTTPS) ---> [Gmail / Slack / Jira] | ^ | | | (In-Memory Processing) | (Your Credentials) | | +---> (Direct HTTPS) --------> [Gemini or Groq API] ^ | (Your API Key) [Original Device LLC Servers] <--- (We are NOT in this loop)

Data Flow & Storage

1. Credential Storage

Your passwords, API tokens, and AI keys are stored using the OS-native hardware-backed secure storage:

  • iOS: Keychain Services (AES-256 encryption, protected by FaceID/TouchID context)
  • Android: Android Keystore System (Hardware-backed security module)

These credentials never leave your device. They are only retrieved into memory for the split second needed to authenticate a network request.

2. Processing Lifecycle (RAM-Only)

When you run an extraction task:

  1. The app fetches messages directly from the source (e.g., Slack) into volatile memory (RAM).
  2. The text is pre-processed (PII stripping, HTML cleaning) in RAM.
  3. The prompt is sent to Google's Gemini or Groq's API via an encrypted HTTPS connection.
  4. The result is received and parsed.
  5. Original message bodies are discarded from memory immediately (unless you explicitly open the "Thread Detail" view).

3. Persistence

We persist metadata (thread IDs, timestamps, subject lines) and the generated task list to a local SQLite database on your phone. This database is sandboxed within the app's private storage area and cannot be accessed by other apps.

Honest Disclosure

Your email content is sent to Google Gemini or Groq for AI analysis.

This is the current reality of AI technology. On-device AI models are not yet powerful enough for accurate task extraction. To provide useful results, we must use cloud-based LLM services.

This means Google or Groq can see the content of emails you choose to analyze. While they have their own privacy policies, we cannot guarantee what happens to your data once it reaches their servers.

We wish we could offer fully on-device AI processing, but the technology isn't there yet. When powerful on-device models become available, we will adopt them.

AI Privacy & Training

Do AI providers train on my data?

No. TL;2DO uses professional-grade API protocols. According to Google's Enterprise Data Policy and Groq's Privacy Policy, data submitted via their APIs is not used to train their foundation models.

Because you use your own API Key (BYOK), you are the customer of record with these providers. This gives you enterprise-grade privacy guarantees that consumer "free" chatbots do not offer.

Frequently Asked Questions

What happens if I lose my phone?

Since data is stored locally, it is as secure as your phone's lock screen. If your phone is encrypted (standard on modern iOS/Android) and locked, your data is inaccessible. Remote wiping your phone destroys the data permanently.

Can your employees see my emails?

Absolutely not. We have no technical way to access your data. We do not have a "god mode" admin panel because we don't have a database of your content.

How do you make money if you don't sell data?

We charge a simple subscription fee ($1/month). We are a software business, not a data business. You are the customer, not the product.

Why do you need "Read" permissions for Gmail?

To summarize your emails, the app must be able to download them to your device. This permission is strictly used for the functional purpose of the app and is never abused.