Cast Beta Hubprivacy draft

Privacy Draft

This is an engineering draft for private beta. It documents the intended data boundary for Cast by Stella and Pocket Strategist before final legal review.

Cloud account records

The hosted account service may store account identity, verified email, optional verified phone number, device registration metadata, beta role, consent records, permission state, and account deletion/export requests.

These records exist so the beta can manage users, verify access, honor consent, and support account deletion. They are not permission to collect personal memory.

Stays local by default

Raw chats, Personal Data Net records, review candidates, local model paths, local Stella tokens, photos, audio, screenshots, files, contacts, location history, health/body signals, and named personal context stay on the user's device unless the user reviews and approves a specific export.

Optional uploads

Redacted diagnostics, feedback packets, screenshots, or logs can be uploaded only after the user reviews what will be sent. Uploads must remove raw transcripts, tokens, PC URLs, model paths, API keys, and unrestricted local logs.

User controls

  • Private mode writes no durable phone memory.
  • Memory must be inspectable, exportable, pausable, and deletable.
  • Permissions are requested when a tool needs them, not at launch.
  • Hosted Stella is a separate opt-in from the local phone experience.
  • Account export and deletion requests use the account deletion path.