Privacy & security
Privacy isn’t a setting in Shrike; it’s the architecture. Security, privacy, and efficiency are treated as co-equal and weighed together — never one traded away for another.
There is no Shrike server
Section titled “There is no Shrike server”Shrike talks directly to Gmail over an encrypted, standards-based connection
— IMAP to read and SMTP to send, authenticated with OAuth XOAUTH2.
There is no Shrike backend that your mail passes through, which means there’s
nothing in the middle to log it, cache it, or leak it.
The AI runs on your machine
Section titled “The AI runs on your machine”The model that reads your threads to build to-dos is an embedded, on-device LLM. Prompts and message contents are never uploaded to a model provider — or to us. AI is a local capability, not a network call.
Your tokens stay local
Section titled “Your tokens stay local”OAuth tokens are stored in a file with 0600 permissions (owner-only) under the
app’s data directory:
~/Library/Application Support/com.govpilot.shrike/The token file, your local config, and the local cache database all live outside any repository and are never committed or transmitted anywhere except directly to Google.
No telemetry, no account
Section titled “No telemetry, no account”- No analytics or tracking. Shrike doesn’t phone home.
- No Shrike account. You sign in to Google, not to us. There’s nothing to register for.
- Local cache. Your mail lives in a local SQLite database on your Mac; you can delete it at any time.
Honest scope
Section titled “Honest scope”Shrike is an independent client for your own Google account. It inherits Google’s transport security for mail, and adds local-only storage and on-device intelligence on top. It does not add end-to-end encryption to email itself — no mail client can, for ordinary mail — but it does guarantee that nothing beyond Google ever sees your messages by using Shrike.