Privacy Policy
Effective: April 11, 2026
Overview
Maho is built with privacy as a core principle. Our applications run locally on your device, keeping your data under your control. This policy covers both the maho.app website and Maho applications.
Information We Don't Collect
Maho Browser and Maho Mail do not collect your browsing history, email content, contacts, search queries, or prompt/response content. By default, your data stays locally on your device.
Zero-Retention LLM Proxy Policy
For users opting for Maho-managed AI (rather than BYOK), your inference traffic routes through our zero-retention proxy. We do not store or log your prompts or responses. We log only metadata required for billing and abuse prevention: the model used, token count, timestamp, and user ID.
Third-Party Services & Sub-processors
When you use Maho-managed AI, we utilize OpenRouter as an underlying sub-processor to route requests to AI model providers. Your usage of these models is governed by OpenRouter's privacy policy. Prompts sent to OpenRouter via Maho's proxy are not used for training.
For BYOK (Bring Your Own Key) users, your traffic flows directly to your configured provider (e.g., OpenAI, Anthropic) without intermediate routing by Maho.
GDPR Right to Erasure
We fully support GDPR data rights, including the right to erasure. Upon deletion of your Maho account, all your records—including user registration data, active subscriptions, and cached usage logs—will be permanently and immediately deleted from our database.
How to Verify Our Claims
Maho is proprietary software. We do not ask you to take our privacy claims on faith. They are verifiable through multiple independent channels:
- Network behavior — Open Activity Monitor on macOS, sort by network activity, and confirm Maho does not transmit data in normal browsing.
- Architecture documentation — Our sync, encryption, and AI privacy designs are published as engineering blog posts at /blog/sync-architecture-end-to-end.
- Vulnerability disclosure — Security researchers can report findings to [email protected] with subject prefix [security]; acknowledgment within 48h.
- Developer transparency — Maho is built by an individual developer; reach out directly at [email protected] for any clarification.
Data Storage
All application data, including emails, settings, and browsing data, is stored locally on your device. Uninstalling the application removes this data from your device. We have no ability to access or delete your data remotely.
Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.
Contact
Privacy questions can be directed to [email protected]