Private by default. Explicit when Cloud is used.

How Tonecast processes your data

Tonecast runs entirely on your Mac as a native application. When you activate it, it reads the conversation on your screen using browser APIs, accessibility APIs, or screenshot analysis depending on the app. This happens locally on your machine.

In direct BYOK mode, conversation text is sent from your Mac to the AI provider you configure. In Tonecast Cloud mode, request content is sent to Tonecast servers, then forwarded to our AI subprocessors so we can provide managed generation and transcription.

Bring Your Own Key (BYOK)

Tonecast uses a BYOK model. You provide your own API keys for Anthropic and Groq (or other supported providers). API calls are made directly from your Mac to the provider using your key. We never see your API keys, your prompts, or the responses.

This means your data is governed by your agreement with the AI provider, not ours. Anthropic's API does not use your data for training. Groq's API does not use your data for training. You can verify this in their respective privacy policies.

Tonecast Cloud

Tonecast Cloud is optional. If you enable it, Tonecast processes the content needed to complete your request. This can include selected text, email or chat context, voice-profile snippets, recipient/contact context, and microphone audio for transcription.

We do not store raw prompts, generated replies, transcripts, or audio by default. We keep account, billing, device, entitlement, and usage metadata so the service can authenticate users, enforce spend caps, prevent abuse, and provide support.

Tonecast Cloud is hosted in the United States at launch. Users outside the United States may use the service, but request data may be processed in the United States and by subprocessors listed on our Subprocessors page.

What's stored on your Mac

All Tonecast data is stored locally at ~/Library/Application Support/Tonecast/:

• API keys - stored as plain text files on disk, not transmitted anywhere
• Voice profiles - markdown files describing your writing style, per channel and per contact
• User preferences - your settings, model choices, and feature toggles
• Usage statistics - local token counts for your own cost tracking
• Debug logs - diagnostic output that stays on your machine

In BYOK mode, no Tonecast account or server sync is required. If you delete the application support folder, local Tonecast data is gone permanently. Tonecast Cloud account and billing records are handled separately through the account console and Stripe.

Gmail access

For Gmail context, Tonecast uses Chrome's DOM to read the currently visible email thread. It also searches for drafts you've started writing to provide better context. This uses Gmail's browser interface - Tonecast does not use the Gmail API, does not request OAuth scopes, and does not have persistent access to your email account.

Conversation data is processed in memory and is not saved to disk. There is no email cache, no message database, no persistent storage of email content.

Screen reading and accessibility

Tonecast reads on-screen content through three methods depending on the app:

• Browser DOM - JavaScript injection in Chrome to read email/chat UI elements
• Accessibility APIs - macOS AX framework to read app content (WhatsApp, Slack, iMessage)
• Screenshot + Vision - screen capture analyzed by AI when other methods aren't available

All three methods operate locally. Screen content is read on demand when you press a hotkey - Tonecast does not continuously monitor or record your screen. The content is held in memory only long enough to generate a response, then discarded.

Telemetry and diagnostics

The native app does not send product analytics in direct BYOK mode. Tonecast Cloud records metadata needed to operate the paid service, such as request IDs, provider usage, estimated cost, device IDs, account status, and error codes. Raw content is not intentionally logged.

If browser analytics are added to tonecast.ai, they should be disclosed and gated where legally required.

Deleting your data

To delete all Tonecast data, remove the application support directory:

rm -rf ~/Library/Application\ Support/Tonecast/

This removes your API keys, voice profiles, preferences, and local usage data. Tonecast Cloud users can request account deletion from the account console or by contacting support. Deletion revokes devices and cancels active billing before account records are removed or anonymized.

Your rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of personal data. You can contact us to exercise those rights. We aim to respond to verified requests within 30 days.

Subprocessors

Tonecast Cloud relies on third-party subprocessors for hosting, authentication, billing, AI inference, observability, and transactional email. The current list is published at /subprocessors.

Open source

Tonecast's code is available for inspection. You don't have to take our word for any of the above - you can read the source and verify it yourself. Every network call, every file write, every data access is in the code.

Contact

Tonecast is built by Codefox AI. If you have questions about privacy or data handling, reach out at privacy@codefox.ai.

Last updated: April 2026