Privacy Policy

    Last updated: May 2, 2026

    fromCom ("we", "our", "the app") is a personal productivity tool that helps you keep track of commitments and action items from your messaging conversations. Your privacy is fundamental to how we built this app.

    The Short Version

    This section is a plain-language summary. The full legal policy below governs your use of fromCom.

    • Your messages stay on your phone. fromCom saves your messages locally on your device only. We do not have access to them, and they are never stored on our servers.
    • You decide what fromCom can read. fromCom does not automatically analyze any of your chats. You choose, one chat at a time, which conversations fromCom is allowed to look at. Any chat you have not selected is never touched, never processed, and never sent anywhere.
    • AI runs on your phone when possible. On supported devices, all AI processing happens directly on your phone, so your data never leaves it. For more complex tasks, only the selected chats are processed via cloud AI services (OpenAI and Anthropic), with direct identifiers replaced before anything is sent. Neither service uses your data to train their AI or keeps it after processing.
    • You can turn off cloud AI. In Settings you can choose on-device-only mode. fromCom will then process only chats in languages your device supports locally, and will tell you which chats it cannot analyze rather than sending them to the cloud.
    • Your contacts, calendar, and reminders stay on your device. Any data fromCom accesses from your contacts, calendar, or reminders is stored on your device only and is never uploaded to our platform.
    • You are always in control. You decide which chats to analyze each time you use fromCom. You can also delete all your data with a single tap in Settings.

    What Data We Collect

    App Usage Analytics: We collect generalized, anonymized app usage analytics to help us improve the service.

    Personal Data: We do not collect or store your personal messages, contacts, calendar events, reminders, or extracted action items on our servers. While this data passes through our secure infrastructure (Edge Functions) to interface with our AI provider, it is strictly ephemeral and never persisted on our platform.

    User-Initiated Analysis: All messages are synced locally to your device. fromCom never analyzes your chats automatically or in the background. Instead, when you choose to catch up on your day, you review your chats and decide in that moment which conversations you want fromCom to analyze. Chats you do not select are never processed, never sent to any AI service, and remain entirely untouched on your device.

    Contacts, Calendar and Reminders: Any contacts, calendar events, or reminders synced with fromCom are stored exclusively on your device. This data is never uploaded to or stored on the fromCom platform.

    The app stores data locally on your device only:

    • Messages synced from your conversations, stored in an encrypted database on your device. Only messages from chats you actively choose to analyze during a catch-up session are ever processed.
    • Contact information (names and phone numbers), used only to display names alongside action items. Stored on your device only, never transmitted to or stored on the fromCom platform.
    • Calendar events and reminders synced with the app, used only to create and display action items with due dates. Stored on your device only, never transmitted to or stored on the fromCom platform.
    • Action items extracted by AI: tasks, follow-ups, meetings, and questions identified from your conversations.
    • App preferences: your settings and choices within the app.

    How We Use Your Data

    We use the data we collect or process for the following purposes:

    • To provide the service: To extract tasks, follow-ups, and commitments from the chats you actively choose to analyze.
    • To improve the app: We use generalized, anonymized app usage analytics to understand how features are used, identify bugs, and improve the overall user experience.
    • To communicate with you: To respond to your support requests or inquiries.

    Legal Basis for Processing (GDPR & UK GDPR)

    If you are located in the European Economic Area (EEA) or the United Kingdom (UK), our legal basis for collecting and using your data is as follows:

    • Consent: We process your personal messages and chats via AI only when you explicitly initiate a catch-up session and provide consent by selecting specific chats.
    • Legitimate Interests: We collect anonymized app usage analytics based on our legitimate interest in improving and securing our application, provided those interests are not overridden by your data protection rights.

    AI Processing

    fromCom is designed with a tiered AI processing model that prioritizes your privacy at every level.

    On-Device AI (Primary): Where supported by your device, fromCom performs AI processing entirely on-device using Apple Intelligence and equivalent on-device AI capabilities available on supported iOS and Android devices. When processing happens on-device, your data never leaves your device at all, not even to our infrastructure.

    Cloud AI (Complex Tasks): For tasks that require greater reasoning capability than on-device AI can provide, fromCom routes processing through cloud AI services, specifically OpenAI and Anthropic's Claude. Both providers are used under their standard commercial API terms, which guarantee that data submitted via their APIs is not used to train their models and not stored beyond the duration of the request.

    Regardless of whether processing is on-device or cloud-based, the following rules always apply:

    • No automatic analysis: fromCom never analyzes any chat in the background or automatically. Analysis only happens when you actively initiate a catch-up session and choose which chats to include. All other chats remain completely untouched on your device.
    • Before sending (pseudonymization): Direct identifiers are replaced with tokens before processing. Names become anonymous identifiers (e.g., "Contact_A"), phone numbers are stripped, and internal messaging identifiers are never included. Message content itself is sent in pseudonymized form, which means it may still contain information that could identify individuals or topics. We minimize this by sending only the message spans needed for the requested analysis.
    • What is sent: Pseudonymized message text from the chats you selected in this session, limited to the context window needed for the analysis (typically the most recent messages or messages from a recent time window, whichever is smaller), plus the analysis prompt itself.
    • What is not sent: Your name, phone number, contact list, calendar contents, reminders, messaging account identifiers, data from chats you did not select, or any data from background or automatic processing (because none occurs).

    On-Device-Only Mode

    You can choose to disable cloud AI entirely in Settings. When enabled, fromCom will analyze chats only using the AI capabilities built into your device. This mode is available for languages supported by your device's on-device AI (this varies by device and operating system version, and the app will tell you which of your chats are eligible). Chats in unsupported languages will not be analyzed while this mode is on, and you will be notified rather than have them silently routed to the cloud.

    Messages From Other People

    When you choose to analyze a chat, that chat includes messages from people other than you. fromCom processes these messages as part of providing you the service, relying on your role as the recipient and controller of your own received communications. This is consistent with how email clients, search, spam filters, and assistant features have long operated. We cannot obtain consent from the other participants on your behalf. We minimize their exposure through pseudonymization, per-chat opt-in, on-device processing wherever your device supports it, and contractual terms with our AI providers that prohibit training and retention.

    Messaging Account Connection

    fromCom connects to your messaging account using the standard "Linked Devices" feature, the same mechanism used by web-based messaging clients. This connection:

    • Is initiated and authorized entirely by you.
    • Is read-only. fromCom never sends messages on your behalf.
    • Can be disconnected by you at any time.
    • Operates directly between your device and the messaging service, with no intermediary storage server.

    Data Storage & Security

    • Encryption at rest: Your local message database is encrypted using SQLCipher (AES-256). The encryption key is stored in the iOS Keychain with hardware-level protection.
    • Encryption in transit: All AI processing requests use HTTPS (TLS 1.2+) with certificate pinning.
    • No cloud backup: The database directory is excluded from iCloud backup.
    • Ephemeral Backend Processing: While we utilize backend infrastructure to execute app logic and interface with AI services, this infrastructure acts purely as a secure pass-through. Your personal data is never saved to our databases; it lives permanently only on your device.

    Data Retention

    Because fromCom does not store your personal data on our servers, data retention applies primarily to your local device and our analytics:

    • Local Data: Your messages, extracted action items, contacts, calendar events, and reminders remain on your device until you delete them or uninstall the app.
    • App Usage Analytics: Generalized, anonymized app usage analytics stored in our Supabase database are retained only for as long as necessary to fulfill the purposes outlined in this policy, after which they are permanently deleted.

    Data Deletion

    You can delete all your data at any time:

    • Go to Settings → Unlink Account & Delete Data.
    • This permanently removes all messages, action items, contacts, encryption keys, and preferences from your device. Because your personal data is never persisted on our servers, no further action is required to delete your personal communications.
    • If you wish to request the deletion of your anonymized app usage analytics, please contact us.

    You can also choose not to include any conversation in future catch-up sessions at any time via the Chats tab.

    Your Privacy Rights

    Depending on your location (including the EEA, UK, and certain US states like California), you have specific rights regarding your personal data. Because fromCom does not store your personal data on our servers, you can exercise most of these rights directly within the app:

    • Right to Access: You can view all your processed data (action items, settings) directly within the app.
    • Right to Deletion (Erasure): You can delete all your data instantly via the "Unlink Account & Delete Data" setting.
    • Right to Rectification: You can edit or delete individual action items directly within the app.
    • Right to Object/Withdraw Consent: You can choose to stop analyzing specific chats at any time, or disconnect your messaging account entirely.
    • Right to Portability: You can export your extracted action items from the app where export features are supported.

    If you wish to exercise any rights regarding the anonymized app usage analytics we collect, or if you have questions about your rights, please contact us at privacy@fromcom.ai. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

    Permissions

    The app may request the following permissions, all of which are optional:

    • Contacts: To display contact names alongside action items instead of phone numbers. Any contact data accessed through this permission is stored on your device only and is never uploaded to the fromCom platform.
    • Calendar: To read and create calendar events from action items that have due dates. Any calendar data accessed through this permission is stored on your device only and is never uploaded to the fromCom platform.
    • Reminders: To create Apple Reminders from action items that have due dates. Any reminders data accessed through this permission is stored on your device only and is never uploaded to the fromCom platform.
    • Notifications: To notify you when new action items are found. All notifications are local. There is no push notification server.

    Third-Party Services

    We utilize the following third-party services to operate fromCom:

    • On-Device AI: On supported iOS and Android devices, AI processing is performed locally on your device. No data is transmitted externally for these operations.
    • Anthropic API (Claude): Used for complex AI text processing tasks. Message excerpts are pseudonymized before being sent. Per Anthropic's commercial API terms, data is not used for model training and is not retained beyond the request.
    • OpenAI API: Used for complex AI text processing tasks. Message excerpts are pseudonymized before being sent. Per OpenAI's commercial API terms, data is not used for model training and is not retained beyond the request.
    • Supabase: Provides our secure backend infrastructure (Edge Functions and Database). User data passes through Supabase ephemerally for processing but is never stored. Supabase is also used to store generalized app usage analytics.

    No personal data is shared with advertising networks or tracking services.

    Children's Privacy

    fromCom is not directed at children under 13. We do not knowingly process data from children.

    Advertising and Analytics

    We use Google Ads (tag ID AW-18162621883) to measure how visitors arrive at fromCom and to evaluate the effectiveness of our advertising.

    When the Google tag loads, Google receives your IP address and browser metadata. With your consent, Google may also store cookies on your device to attribute ad clicks to conversions. Without consent, conversion signals are sent in aggregated, redacted form — no cookies, no personal identifiers.

    Visitors in the EEA, the United Kingdom, and Switzerland must opt in via the cookie banner shown on first visit before any advertising cookies are set. Visitors elsewhere are measured by default and can opt out at any time using the "Cookie settings" link in the footer.

    Governing Law and Jurisdiction

    This Privacy Policy shall be governed by and construed in accordance with the laws of the jurisdiction in which fromCom is legally established, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in that location.

    Changes to This Policy

    We may update this policy from time to time. The "Last updated" date at the top will reflect any changes. Continued use of the app after changes constitutes acceptance of the updated policy.

    Contact

    If you have questions about this privacy policy, contact us at:
    privacy@fromcom.ai

    © 2026 fromCom. All rights reserved.

    fromcom

    fromcom

    Turn your WhatsApp chats into action — automatically

    Check it out on Product Hunt →