Privacy

Privacy Policy — Brontes / Hammer

Last updated: 2026-05-08

What data Hammer collects

Hammer collects only the LLM provider API key (the user picks Anthropic, OpenAI, Google Gemini, xAI, or Groq during setup) and any per-archetype credentials the user provides (Google account for Gmail/Calendar agents; Slack tokens, Discord webhooks, GitHub PATs, etc. as each agent's bundle requires). These are stored locally on the user's machine in the OS keychain (macOS Keychain / Windows Credential Manager). Hammer does not transmit user credentials to Arclight AI servers.

How that data is used

The LLM provider API key authenticates the user's AI agent against the provider they chose (Anthropic / OpenAI / Google Gemini / xAI / Groq). The Google credentials, when present, authenticate the agent against Gmail/Calendar APIs to perform the actions the user explicitly subscribes to (morning briefing, meeting summary). Other per-archetype credentials authenticate the agent against the channel and integrations it was configured for.

Third-party sharing

Hammer transmits user-typed messages to whichever LLM provider the user picked at setup (the user's own provider API key is the auth boundary; only the user pays for those API calls). Hammer transmits read-mode requests to the per-archetype third parties the user configured (e.g., Google's Gmail and Calendar APIs for the personal-assistant agent) per granted scopes. No data is shared with Arclight AI LLC or any other third party.

Data retention

All user credentials and conversation state remain on the user's machine. Arclight AI servers store only order metadata (purchase email, order token, agent type) for fulfillment, retained per Stripe's invoice retention policy (~7 years).

User deletion

Users can delete all locally-stored Hammer data by uninstalling Hammer and removing the associated entry from their OS keychain. Order metadata can be deleted by emailing support@arclight-ai.com.

Contact

Arclight AI LLC support@arclight-ai.com