Privacy Policy

HammerLock AI is built on the principle that your data belongs to you. We designed our architecture from the ground up to minimize data collection and maximize your privacy. This policy explains what we collect, what we do not collect, and how your information is protected.

1. What We Collect

We collect the minimum amount of information necessary to provide the Service:

• Email address — only when you contact us, request support, or purchase an optional paid service
• Activation or deployment records — only for managed rollout, support, or custom environments where those records are needed
• Payment information — if you purchase optional paid services, payment is processed by Stripe; we never store your full credit card number
• Basic billing metadata — only when needed to deliver support, deployment, or other optional paid services

2. What We Do NOT Collect

This is the most important section of our privacy policy. HammerLock AI does not collect:

• Your chat conversations — all chats are stored locally on your device and never leave it
• Your vault data — all encrypted vault contents remain on your machine
• Your documents or files — files you analyze or import stay on-device
• Browsing or usage telemetry — we do not track how you use the application
• Analytics or tracking data — no third-party analytics, no cookies for tracking, no fingerprinting
• Keystrokes, clipboard data, or screen content — the application does not monitor your system activity
• IP-based location tracking — we do not log or store IP addresses for profiling

3. Local-First Architecture

HammerLock AI uses a local-first architecture. This means:

• All AI processing can happen entirely on your device using local models (via Ollama)
• Your encrypted vault, chat history, personas, and settings are stored locally
• The application works fully offline when using local AI models
• No data is sent to our servers during normal application use

When you choose to use cloud AI providers (OpenAI, Anthropic, Google, etc.), your prompts are sent directly to those providers according to their respective privacy policies. HammerLock AI does not intercept, log, or store these communications in normal use.

4. Encryption

HammerLock AI encrypts your vault data using AES-256-GCM, a military-grade encryption standard. Your encryption key is derived from your password using a secure key derivation function and is never transmitted or stored outside your device.

We cannot access your vault contents. If you lose your encryption password, we cannot recover your data. This is by design — true privacy means only you hold the keys.

5. Third-Party Services

HammerLock AI integrates with the following third-party services:

• Stripe — payment processing for optional paid services. Stripe handles all financial data under their own privacy policy. We never store your credit card details.
• Cloud AI providers (optional) — if you choose to use cloud-based AI models (OpenAI, Anthropic, Google, Groq, Mistral, DeepSeek), your prompts are sent to those providers. Each provider has its own privacy policy and data handling practices. Use of cloud providers is entirely optional; local models via Ollama provide a fully private alternative.

6. PII Anonymization

HammerLock AI includes a built-in PII (Personally Identifiable Information) anonymization feature. When enabled, this feature automatically detects and redacts sensitive information — such as names, email addresses, phone numbers, social security numbers, and other personal data — before it is sent to any cloud AI provider. This adds an extra layer of privacy protection when using external AI services, ensuring that your personal information is never exposed to third parties even during cloud-based AI interactions.

7. Data Retention

Since HammerLock AI is local-first, you control your own data retention. You can delete chats, vault contents, and application data at any time directly from your device.

For the minimal server-side data we hold (such as support email, activation records, or billing metadata), we retain this information only as long as needed to provide the requested service. If you request deletion, we will remove your information from our systems within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

8. Children's Privacy

HammerLock AI is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@hammerlockai.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users through the application or via email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or how your data is handled, please contact us at info@hammerlockai.com.