Privacy Policy

Last updated: 2026-01-22

SecondLoop (“we”, “us”) is a local-first productivity app. This Privacy Policy explains what data we process, where it goes, and the choices you have.

1. What SecondLoop is

SecondLoop helps you capture notes, links, and todos, and (optionally) use AI to summarize and suggest next steps. Most of your content is designed to stay on your device by default.

2. Data you create in the app

Your content (notes, messages, todos): stored on your device. Where supported, the app encrypts content at rest.
Attachments (images, audio, files): stored locally unless you choose to sync them.

3. Syncing and storage (optional)

SecondLoop may support optional syncing. When you enable syncing, your data may be stored in a location you choose (for example, a WebDAV/S3/SMB folder) or in a managed cloud service (if available). Where supported, syncing is designed to keep your vault end-to-end encrypted (E2EE) so servers cannot read your vault contents.

4. AI features (BYOK vs Cloud)

SecondLoop can route AI requests in different ways:

Local mode: processing stays on-device.
BYOK (Bring Your Own Key): requests go directly to the AI provider you configure.
SecondLoop Cloud (AI Gateway): requests go to the SecondLoop gateway and are forwarded to an upstream provider.

When AI features run in BYOK or Cloud mode, the app may send:

Your question, and
A small set of relevant context snippets (text) retrieved locally (for RAG).

SecondLoop does not send:

Your encryption keys / master password / sync keys, or
Your full vault / full history (only small, relevant snippets for that question).

Important: If you use BYOK, your data handling is governed by your chosen provider’s policies. If you use Cloud, requests are subject to both the SecondLoop gateway policy and the upstream provider policy.

5. Logs and diagnostics

When operating cloud components (e.g., AI gateway), we aim to keep logs minimal and avoid storing request/response plaintext. Logs may include non-content metadata such as request IDs, latency, model identifiers, token usage (if available), and error codes.

6. Website analytics and cookies

This marketing site is intended to work without requiring cookies. If we add analytics in the future, we will update this policy and provide appropriate controls.

7. Your choices

You can choose whether to enable sync.
You can choose whether to use AI features, and whether to route them via BYOK or Cloud (depending on your edition and configuration).

8. Changes

We may update this policy as the product evolves. We will update the “Last updated” date above.

9. Contact

For privacy questions, contact: [email protected].

1. What SecondLoop is​

2. Data you create in the app​

3. Syncing and storage (optional)​

4. AI features (BYOK vs Cloud)​

5. Logs and diagnostics​

6. Website analytics and cookies​

7. Your choices​

8. Changes​

9. Contact​