Privacy Policy

HammerLock AI is built on the principle that your data belongs to you. We designed our architecture from the ground up to minimize data collection and maximize your privacy. This policy explains what we collect, what we do not collect, and how your information is protected.

1. What We Collect

We collect the minimum amount of information necessary to provide the Service:

• Email address — provided at the time of purchase through Stripe, used for license key delivery and essential account communications
• License key records — generated upon purchase to activate your subscription in the desktop application
• Payment information — processed and stored entirely by Stripe; we never see or store your full credit card number
• Basic purchase metadata — subscription tier, purchase date, and billing status for account management

2. What We Do NOT Collect

This is the most important section of our privacy policy. HammerLock AI does not collect:

• Your chat conversations — all chats are stored locally on your device and never leave it
• Your vault data — all encrypted vault contents remain on your machine
• Your documents or files — files you analyze or import stay on-device
• Browsing or usage telemetry — we do not track how you use the application
• Analytics or tracking data — no third-party analytics, no cookies for tracking, no fingerprinting
• Keystrokes, clipboard data, or screen content — the application does not monitor your system activity
• IP-based location tracking — we do not log or store IP addresses for profiling

3. Local-First Architecture

HammerLock AI uses a local-first architecture. This means:

• All AI processing can happen entirely on your device using local models (via Ollama)
• Your encrypted vault, chat history, personas, and settings are stored locally
• The application works fully offline when using local AI models
• No data is sent to our servers during normal application use

When you choose to use cloud AI providers (OpenAI, Anthropic, Google, etc.), your prompts are sent directly to those providers according to their respective privacy policies. HammerLock AI does not intercept, log, or store these communications. If you use bundled cloud credits through your subscription, requests are routed through our API proxy but are not logged or retained.

4. Encryption

HammerLock AI encrypts your vault data using AES-256-GCM, a military-grade encryption standard. Your encryption key is derived from your password using a secure key derivation function and is never transmitted or stored outside your device.

We cannot access your vault contents. If you lose your encryption password, we cannot recover your data. This is by design — true privacy means only you hold the keys.

5. Third-Party Services

HammerLock AI integrates with the following third-party services:

• Stripe — payment processing for subscriptions. Stripe handles all financial data under their own privacy policy. We never store your credit card details.
• Cloud AI providers (optional) — if you choose to use cloud-based AI models (OpenAI, Anthropic, Google, Groq, Mistral, DeepSeek), your prompts are sent to those providers. Each provider has its own privacy policy and data handling practices. Use of cloud providers is entirely optional; local models via Ollama provide a fully private alternative.

6. PII Anonymization

HammerLock AI includes a built-in PII (Personally Identifiable Information) anonymization feature. When enabled, this feature automatically detects and redacts sensitive information — such as names, email addresses, phone numbers, social security numbers, and other personal data — before it is sent to any cloud AI provider. This adds an extra layer of privacy protection when using external AI services, ensuring that your personal information is never exposed to third parties even during cloud-based AI interactions.

7. Data Retention

Since HammerLock AI is local-first, you control your own data retention. You can delete chats, vault contents, and application data at any time directly from your device.

For the minimal server-side data we hold (email address, license key records, and billing metadata), we retain this information for as long as your account is active or as needed to provide the Service. If you cancel your subscription and request data deletion, we will remove your information from our systems within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

8. Children's Privacy

HammerLock AI is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@hammerlockai.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users through the application or via email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or how your data is handled, please contact us at info@hammerlockai.com.