Security & Data Architecture

Last updated: 1 March 2026

Stubble is designed to keep your data on your machine. This page explains how your data is stored, what leaves your Mac, and how everything is protected.

---

Everything stays on your Mac

All activity data is stored in a local SQLite database on your computer. Nothing is uploaded to the cloud, synced to a server, or shared with anyone.

• Database location: ~/Library/Application Support/Stubble/
• File permissions: owner-only access (0600) — other user accounts on your Mac cannot read it
• No cloud sync: there is no remote database, no backup server, and no data replication

What's sent to AI

To generate tasks, project groupings, and insights, Stubble sends a small amount of anonymised text to the Google Gemini API. This includes:

• Window titles from your activity timeline
• App names and timestamps
• Contextual text extracted from your activity

All personally identifiable information (PII) is automatically masked before anything leaves your Mac. Data is sent either directly to Google using your own API key (BYOK mode) or through Stubble's secure proxy (trial and Pro users). The proxy forwards requests to Google without storing any data.

What's never sent

The following data never leaves your computer under any circumstances:

• Screenshots or images of any kind
• Raw file contents from your filesystem
• Browsing history or full URLs
• Passwords, tokens, or credentials
• Raw OCR text from screen captures
• Your API key or authentication tokens

Screenshot lifecycle

Stubble periodically captures screenshots to extract text context. Here's what happens to them:

• Captured locally — screenshots are saved on your Mac and never uploaded
• OCR on-device — text is extracted using Apple's built-in Vision framework, entirely on your computer
• Images pruned — screenshot image files are automatically deleted after the latest 100, keeping storage small
• Text retained — extracted OCR text is kept in the local database for 30 days, then permanently deleted

Authentication

Stubble offers two ways to access AI features:

• Sign in with Google (trial and Pro) — uses OAuth with PKCE, a secure authentication flow where no passwords are stored by Stubble. Your session is saved in a local file with owner-only permissions.
• Bring your own key (BYOK) — enter your own Gemini API key. No account or sign-in needed. Your key is stored locally and never shared.

There is no Keychain dependency. Session data is file-based to avoid repeated permission prompts that occur with ad-hoc signed builds.

Permissions

Stubble requests the following macOS permissions:

• Screen Recording — required to observe active windows and on-screen content for OCR text extraction
• Accessibility — required to read window titles, focused UI elements, and browser URLs for activity context
• Calendar (optional) — used to include meeting context in your activity timeline. Can be denied without affecting core functionality

All permissions are managed by macOS in System Settings and can be revoked at any time. Permissions are tied to the app's code signature — they don't transfer to other apps.

Data deletion

You have full control over your data:

• Clear All Data in Settings permanently deletes all database rows, screenshots, and learned memory
• Individual tasks and data points can be deleted at any time
• Settings and API key are preserved unless you remove the app entirely
• There is no server copy — when you delete data, it is gone