Privacy Policy

Last updated June 21, 2026

pong is a personal AI agent that lives in your iMessage. This policy explains, in plain technical terms, what data pong handles, where it lives, how it stays isolated from other people, and the controls you have. It covers the pong service, the website at trypong.app, and the agent you text.

The short version: every person gets their own private cloud computer. Your messages and memory live on that machine, isolation between users is enforced in code (not left to the AI model), and we don't sell your data or train models on it. The longer version, including the parts we can't honestly claim, is below.

1. One private computer per person

When you join, pong provisions a dedicated cloud computer for you: an isolated virtual machine with its own encrypted storage volume. Your conversation history, the memory pong builds for you, and your app connections live on that machine. They are not commingled with other users in a shared store.

Your computer has no public address on the internet. It is reachable only through pong's control plane over a private network. A central service (the "control plane") handles message delivery, routing each message to the right person's machine, and keeps the registry of accounts. It does not hold your memory.

2. What we collect

• Your phone number.This is your account identifier. It's how pong knows which machine and memory are yours.
• Your messages with pong, and what it remembers. Stored on your computer so pong can be useful over time.
• Apps you connect. When you link an account (e.g. calendar or email), we store the authorization that lets pong act for you, scoped to your account.
• A display name, if you set one.Used to label your pong in group chats (e.g. "Alex's pong"). We never expose your raw number to other people as your label.
• Operational logs. Delivery status, errors, and basic service health. These do not include the contents of your messages.

3. Where your data lives

Three places, with different roles:

• Your computer.Your messages, memory, and session history sit on your machine's encrypted volume. By default, memory is plain per-scope files on that volume; an optional smart-retrieval store, when enabled, also runs only on your machine and is never exposed off it.
• The control plane. Holds the account registry (phone number, status, group bindings) and, if you use crew, the crew graph and any facts you explicitly share. It routes messages but does not store your memory.
• In transit.Messages travel over encrypted connections between iMessage, pong's service, and your computer. We don't log message contents.

4. How isolation is actually enforced

This is the part most "private AI" products hand-wave. Here is the mechanism.

• Identity is trusted, never from the AI.Who you are and which chat you're in is derived from the verified messaging payload and passed to your computer inside a cryptographically signed envelope (HMAC-SHA256, short-lived). The model never gets to decide whose data to read, so a malicious message can't trick pong into touching someone else's memory.
• Memory scopes are decided in code.Reads are restricted by a fixed rule, not the model's judgment: in your own DM you see your full memory; a participant in a group chat can only reach that group's scope plus a small shareable profile, never your private memory or another group's. Writes only ever go to the current chat's scope.
• Actions are permission-gated.In a group, actions that do something in the world, sending messages or driving your connected apps, are restricted to the owner. If ownership can't be established, those actions fail closed (denied by default).

5. Connected apps

pong connects to outside apps (calendar, email, music, and many more) through a connections provider. You authorize each connection yourself through a secure link; pong never sees your passwords for those accounts.

• Scoped to you.Each user's connected accounts are isolated under that user's identifier with the connections provider, so one person's pong can only ever act on that person's connections.
• Owner-only in groups. Group members can ask pong things, but they cannot drive your connected apps. Only you can.
• Revocable.You can disconnect any app at any time, which removes pong's ability to act on it.

6. Crew and shared memory

Crew is an optional layer that lets trusted friends' pongs work together. It is off until you turn it on, and it is built so the other person's data never reaches you.

• Both sides opt in. You add someone by phone number; nothing connects until they accept.
• Outcome-only delegation.When you ask a crew member's pong to do something, it asks that person to approve, and you receive only the result, never their calendar, contacts, or what their pong looked at.
• Shared facts are explicit and narrow. Sharing is per-category, one-directional, and only the facts you choose. You get a heads-up the first time a new category starts sharing, and you can stop sharing a category or delete a shared fact for everyone at any time.

7. How the AI generates replies

To answer you, pong sends your relevant message context to an AI model provider, which returns a reply. Providers used for this do not train their models on your data. pong itself does not train any model on your messages or memory.

8. Who helps run pong

A short set of providers, each doing one job. We share only what each needs for its role, and we'll name the specific vendors on request.

• Messaging delivery— carries texts to and from Apple's iMessage.
• Cloud hosting — runs your private computer and its encrypted storage.
• AI model providers— generate pong's replies. They do not train on your data.
• App connections — securely link the accounts you choose to connect.
• Supporting services — browser automation, web search, and voice, used only to carry out tasks you ask for.

9. What we never do

• Sell your data. Ever.
• Train AI models on your messages or what pong remembers.
• Mix your data with another user's.
• Expose your phone number to other people as your identity.

10. Security

• Per-user machines with encrypted storage volumes; no shared application database for your content.
• No public network address on your computer; it's reachable only through the control plane over a private network.
• Signed, expiring identity envelopes so a forged request can't impersonate you to your machine.
• Per-tenant credentials between each machine and the control plane, with no cross-tenant reads.

Your data is encrypted in transit and at rest, and your texts are delivered over Apple's iMessage through an independently audited, compliance-certified messaging provider. Because pong runs on infrastructure we operate so it can act on your behalf, it isn't end-to-end encrypted, but your content stays on your own isolated machine and is never pooled with other users'.

11. Retention and deletion

Your data stays as long as your account is active so pong stays useful. You can ask us to delete everything: your computer and its volume are destroyed, your app connections are revoked, and your account and crew records are removed. Self-serve deletion is on the way; for now, text pong or email us and it reaches a human. Operational logs are kept only as long as needed to run the service.

12. Your controls

• Disconnect any connected app whenever you want.
• Turn crew off, stop sharing a category, or delete a shared fact for everyone.
• Ask pong to forget specific things it remembers.
• Request full deletion of your computer, connections, and account.

13. Beta, children, and changes

pong is in early beta, so the product and this policy will change as the system evolves. pong is not intended for anyone under 13. When we make material changes to this policy, we'll update the date above and, where appropriate, let you know in the chat.

14. Contact

Questions about your data? Text pong, it reaches a human. This page explains how pong handles your data in plain terms; a full legal policy is on the way.

secured by pong · trypong.app