Privacy & Security

App Lock

Require lock on open

PIN or biometric before the app opens

Lock when backgrounded

Re-lock when you switch away from the app

Auto-lock after inactivity

Set / change PIN

Stored hashed locally. Never sent to the server.

Use device biometric

Fingerprint / Face ID if supported (WebAuthn)

Lock screen middleware not wired yet — these preferences save and will activate once the lock overlay ships. Patch Queue: privacy-lock-middleware.

Session & Access

Session timeout

After this, you'll need to sign in again.

Require Google re-auth every

Forces fresh Google login periodically — protects against stolen session tokens.

Signed-in Devices

Loading active sessions…

Session list endpoint /api/auth/sessions is stubbed — currently shows your current session only. Full device tracking is on the Patch Queue: privacy-sessions-endpoint.

Memory & Privacy Mode

Allow memory across conversations

Coach & personas remember context between sessions

Conversation retention

Old conversations auto-delete after this window.

Incognito mode

No memory, no history, no cross-session context. This session only.

Memory controls

Edit Coach memory Edit persona memory

Security Audit — VERI

VERI runs continuous background checks. Manual audit available below.

Route integrity—

Asset availability (CDN)—

API connectivity—

Database health—

SSL certificate—

LocalStorage integrity—

Drive sync status—

Active subscription scope—

Intrusion / zero-day watch—

Last run: never

VERI backend is stubbed — /api/veri/status returns placeholder responses. Real checks wire in when VERI runs as a background job. Patch Queue: veri-backend-wiring.

Admin Audit Log

Sensitive admin actions across the org — last 50 entries.

Loading audit entries…

Endpoint /api/admin/audit-log is stubbed. Patch Queue: privacy-audit-endpoint.

Policies & Legal

What we store about you

View policy

Terms of service

View terms

Cookie preferences

Manage

Report a security issue

Email us

Policy pages are placeholders — real policies live in the Company tab and will be linked here once finalized.

Data Controls

Clear browser cache

Removes cached files & service worker. Signs you out of this device.

Clear personal data

Wipes your local prefs & memory on THIS device. Shared/team data untouched.

Export all my data

Everything stored about you as JSON.

Go to Export

Danger Zone

Revoke all access

Signs you out everywhere and invalidates all tokens. You'll need to sign back in on every device.

Delete my account

Permanent. 30-day grace period before full wipe. Team data stays; your personal data is deleted.