Bennett

Privacy Policy

Last updated: May 29, 2026

The short version. Bennett collects only the data it needs to do its job: your email, the things you tell it, your calendar and to-dos, and an audio stream while you're talking to it. We don't sell your data, we don't share it with advertisers, and nothing your family says is ever used to train an AI model. Conversations are encrypted in transit and stored encrypted at rest.

If you want anything deleted, email privacy@trybennett.com and we'll handle it.

Who this covers

This policy covers the Bennett iOS app and trybennett.com. It applies to anyone who uses Bennett, including the household member talking to the device and any family members who share the household.

What we collect

Account information

When you sign up, we collect your email address. We use it to send you a one-time login code (we don't store passwords), to notify you about your account, and to contact you when you ask us to.

What you tell Bennett

Bennett is an assistant — its job is to remember things for you. We store the to-dos, calendar events, notes, and conversation memory your household creates. This data is scoped to your household and is not visible to other households.

Voice

When you talk to Bennett, your microphone streams audio directly from your device to OpenAI's voice service over an encrypted connection. The audio does not pass through our servers. Brief audio clips used for quick-add (e.g., "add milk to my list") are sent to OpenAI for transcription via our backend; we use the transcript and discard the audio.

Calendar (optional)

If you connect Google Calendar, we store an encrypted access token so Bennett can read and write events on the calendar you authorize. We only access the dedicated "Bennett (Household)" calendar Bennett creates, not your other calendars. You can disconnect at any time from Settings, which deletes the token.

Use of Google user data

Bennett's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we access only the dedicated "Bennett (Household)" calendar that Bennett creates; we use this data solely to provide calendar features inside the app; we do not transfer or sell it to third parties; we do not use it for advertising; and no humans read it except as necessary for security, to comply with the law, or where you have given your explicit consent.

Usage information

We log basic usage events server-side — when a request to Bennett happens, how long voice sessions last, which model handled the request — so we can monitor the service and track our own costs. These logs are tied to your account but don't contain conversation content.

What we don't collect

  • No advertising identifiers, no tracking pixels, no analytics SDKs.
  • No device location, contacts, photos, or browsing history.
  • No health data, no financial data.
  • No data from anyone under 13. Bennett is not designed or marketed for children.

Who else sees your data

We use a small number of trusted services to operate Bennett. Each one only receives what it needs to do its job, and we contractually require them to handle your data securely.

  • OpenAI — processes voice conversations and powers Bennett's assistant. OpenAI's API terms specify that data sent through the API is not used to train their models.
  • Google — only if you connect Google Calendar. We use Google's Calendar API to read and write events on the calendar you authorize.
  • Resend — sends transactional emails (login codes, account notifications). Resend receives your email address and the email body.
  • Fly.io — hosts our backend in the United States. Fly receives the same data as our application.
  • Apple — distributes Bennett through the App Store and TestFlight. Apple receives basic install and crash information per its own policies.
  • Cloudflare — hosts trybennett.com (this website) and routes traffic. Cloudflare may receive standard web request metadata.

We do not sell your data, and we do not share it with advertisers, data brokers, or any other third parties beyond the operational providers above.

How long we keep it

Account data, household content, and calendar integrations remain on our servers as long as your account is active. If you delete your account or your household, we delete the associated data within 30 days. Backup copies are removed within 90 days. Server logs are retained for up to 90 days.

You can request a copy or deletion of your data at any time by emailing privacy@trybennett.com.

How we protect it

Everything Bennett sends or receives travels over HTTPS/TLS. Sensitive fields — OAuth tokens, conversation memory — are encrypted at rest with AES-256-GCM using keys we control. Voice audio between your device and OpenAI uses SRTP, an encrypted real-time protocol.

No system is unbreakable, but we treat the data your family trusts us with as seriously as you'd want us to.

Your rights

Wherever you live, you can:

  • Ask us what data we have about you.
  • Ask us to correct something that's wrong.
  • Ask us to delete your account and the data tied to it.
  • Withdraw consent for optional integrations (like Google Calendar) at any time.

Email privacy@trybennett.com for any of the above. We aim to respond within seven days.

Children

Bennett is intended for adults. It is not designed for and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has used Bennett, contact us and we will delete the account.

Changes to this policy

We may update this policy as Bennett changes. When we make a material change, we'll update the "Last updated" date at the top, and — if you have an account — we'll let you know by email before the change takes effect.

Contact

Privacy questions, data requests, or anything else: privacy@trybennett.com.

General hello: hello@trybennett.com.