Privacy Policy
Last updated: 2 July 2026
Conduit is a small, personal tool that carries your own Android phone's inbound information to your own AI assistant. It is not an advertising product and it does not sell data. This policy explains, in plain terms, what it holds and why.
Who runs this
Conduit is operated privately by Gabor Angeli for a small circle of invited users. It is a personal, non-commercial project, provided as-is. Questions or requests: open an issue at github.com/gangeli/Conduit.
What data Conduit holds
When you install the Conduit app and grant permissions, the app sends the following from your phone to your isolated account:
- Messages & calls — SMS/MMS, call log, and contacts (to resolve numbers to names).
- Notifications — the sender, text, and app for notifications from apps you allow.
- WhatsApp — messages (both sent and received) and images, read from your phone's own encrypted backup and decrypted on the phone.
- System state — optional, coarse signals like battery level and connectivity.
- Account — your email address (and Google account identifier, if you sign in with Google), used only to identify your account.
This information necessarily includes content authored by other people — anyone who has messaged or called you. It is held with the same care as the rest of your account and is never exposed to other Conduit users.
What never leaves your phone
Your 64-digit WhatsApp backup key and the raw encrypted backup file are stored only on your device (in the Android Keystore) and are never uploaded — not even to Conduit's server. WhatsApp decryption happens entirely on the phone; only the parsed messages and images are sent to your account, the same as ordinary SMS. Conduit never connects to WhatsApp's servers.
How it's used
Your data is used for exactly two things:
- To answer your AI assistant's read requests over the MCP connection you authorize.
- To show you your own data in the web console.
It is not sold, rented, or shared with anyone, and it is not used for advertising or profiling. There is no third-party analytics or ad tracking on the site. Conduit is read-only by default; sending anything from your phone is a separate, off-by-default feature behind a kill switch you control.
Isolation between users
Every stored record is tagged to one account and every query is filtered by that account in a single access layer. One user's data is never visible to another. This tenant isolation is the project's top priority.
Where it's stored
Data is stored on Cloudflare infrastructure (Workers, the D1 database, and R2 object storage for images) operated for this deployment. Transport is encrypted (HTTPS); device uploads are additionally signed. Secrets are held in encrypted stores, and the WhatsApp key is on-device only.
Retention & your controls
- Retention: events older than a configurable window (default ~1 year) are automatically deleted, along with their images.
- Export: download everything in your account as JSON at any time from the console (Config → Export).
- Delete: permanently erase your account and all of its data — every message, contact, image, and credential — from the console (Config → Delete account). This is immediate and irreversible.
- Revoke: unpair a device or disconnect your AI at any time; the WhatsApp key is wiped when you remove WhatsApp or the app.
A note on third-party content
Because Conduit ingests your inbound messages, it holds information created by people who contacted you, who have not themselves agreed to this. This is the same information your phone already stores. Conduit is intended for a small, trusted circle; please use it responsibly and consistent with the laws that apply to you.
Children
Conduit is not directed to children and should not be set up on a child's behalf.
Changes
This policy may be updated as the project evolves; the "last updated" date above will change. Material changes will be noted in the project repository.