What’s On2← What’s On
Security & trust

Built so we can’t read your email.

What’s On is an email assistant — so we take the obvious worry head-on. In Private, triage runs entirely on your device and your mail never reaches us. In Connected, it’s processed through the Claude plan you already trust. Here’s exactly how that works, and what we will and won’t claim.

Principles

Six commitments we design around

These aren’t aspirations bolted on later — they shape how the product is built.

On-device in Private

Triage runs locally on your iPhone or Mac. Your email is read where it already lives — it never travels to our servers.

We can’t see your mail

In Private there’s no server in the loop, so there’s no copy of your inbox on our side. We’re structurally incapable of reading it.

Your keys stay yours

Your own AI key and account credentials are stored on your device. They power on-device triage and never touch our systems.

No inbox on our servers

We don’t warehouse your messages. In Connected, mail is processed in the cloud via your Claude plan — not retained by us.

Encrypted in transit

Account connections use the providers’ standard OAuth and TLS-encrypted links. We never store your mailbox passwords.

Least data, by design

We collect the minimum needed to run the app. No selling, no ad profiling, no third-party data sharing.

PRIVATE MODE · ON THIS DEVICE
Emails read on device2,481
Emails sent to our servers0
Drafts written locally37
Keys stored off-device0
Data shared with third parties0
Processing locationyour device
RUNS ONLY ON YOUR DEVICE · WE NEVER SEE YOUR MAIL
Two security models

Pick the level of isolation you need

The same calm inbox — your choice of where the thinking happens.

Connected
Cloud, via your Claude plan

Triage runs inside your own Claude account. Your mail is processed in Anthropic’s cloud under the plan and terms you already accepted — and not retained by us.

  • OAuth connections; no passwords stored
  • Processed under your Claude plan’s terms
  • No What’s On server copy of your inbox
Best for: everyday inboxes that want strong privacy with zero setup.
Most private Private · on-device
Zero-knowledge, on your device

Everything runs locally with your own AI key. Email content stays on the device; the only thing that leaves is the AI call you authorise — and it never passes through us.

  • Runs only on your iPhone or Mac
  • Your keys, your mail — never ours
  • Built for confidential correspondence
Best for: legal, finance, healthcare and anyone who means it about privacy.
Responsible disclosure

Found something? Tell us.

We welcome reports from security researchers and treat them as a priority. Email our team with steps to reproduce and we’ll acknowledge quickly. Please give us a reasonable window to fix before any public disclosure.

Report a vulnerability