So we treat it accordingly. Finn is read-only by design, keeps the most sensitive keys on your device, and never sells your data or trains models on it. Here’s exactly how each connection is handled.
It never sends mail, moves money, or changes your calendar. Every connection reads, summarizes, and suggests — nothing more.
Email OAuth tokens live only in your device’s secure Keychain.
Calendar, email, and accounts are all optional. Connect what helps, skip the rest, and disconnect any source with a single switch.
We make money when you pay for the app. Your data is never sold, never used for ads.
Connecting a Gmail or Outlook mailbox is optional and read-only. Finn handles your inbox in two distinct layers so it can be useful without quietly reading everything.
Subject lines, senders, dates, and read/unread status from recent mail (promotional clutter excluded) give Finn enough to surface bills, deliveries, and appointments.
Reading the full body of a specific message is a separate step you control. Finn asks before opening one — for a tracking number or itinerary — for that single turn only.
The OAuth access and refresh tokens that authorize Finn to read your mail are stored exclusively in your device’s Keychain. Listing messages, fetching an approved body, and refreshing tokens all happen on the device.
In Settings → Email Privacy, choose Always Ask (the default), Always Allow (Finn opens bodies silently only when it’s confident there’s shipping or travel info you need), or Always Deny (subject lines only, ever).
A message body leaves the device only for the one conversation turn you approved it for, only to the extent needed to answer — and is never stored on our servers.
Disconnect from Settings → Connections, or revoke Finn directly from your Google Account permissions page. The same handling applies to Outlook.
With permission, Finn reads upcoming events from your local Apple Calendar to surface time-sensitive items. Events stay on device and are sent to the AI provider only as part of a chat or scan you start — never stored on our servers.
Account connections run through Plaid. We receive balances, transactions, and holdings to power finance answers, but your banking credentials are never shared with or stored by us. Disconnect any institution and its data is removed on our side.
Your notebook is biometric-locked on device. Even if your phone is unlocked, Finn isn’t.
Everything moves over TLS, and stored data is encrypted at rest with row-level security on our database.
Email OAuth tokens are kept only in the device Keychain — not on our servers, by design.
Disconnect any source, or delete your entire account, which removes all data we hold about you.
No method of transmission or storage is 100% secure; we use commercially reasonable measures and can’t guarantee absolute security. For the full detail, see the Privacy Policy — including our Google API Services User Data Policy commitments.
Private by default.
Download on the App Store