Privacy Policy for A2O Architect

Jamsoft Inc. Last Updated: July 2, 2026

Jamsoft Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how information is handled in A2O Architect (the "App"), our security-architecture workbench for macOS, iPadOS, and iOS, available on the Apple App Store.

A2O Architect is built for security professionals working with sensitive material, so the App's privacy model is stricter than most: we operate no servers, no accounts, and no analytics, and we never see your data. Everything you create in the App stays on your device, encrypted, unless you explicitly send it to an AI provider of your choosing.

No Personal Information Collected by Us

We do not create user accounts, and we do not collect, store, or have access to any of your personal information or any content you create in the App. The App never communicates with Jamsoft servers — we do not operate any. We have no way to see your engagements, evidence, documents, findings, or any other data you work with.

How Your Data Is Stored on Your Device

All engagement data you create — profiles, imported evidence, generated deliverables, findings, approvals, and audit records — is stored locally on your device, encrypted at rest with AES-256-GCM. The encryption key is held in the device Keychain and never leaves your device.

Imported documents and images are processed entirely on-device. Text recognition (OCR) of imported images runs locally using Apple's Vision framework; images are not sent anywhere for OCR.

Workspace transfer between your devices is user-initiated and file-based: the App exports a passphrase-encrypted archive that you move yourself. There is no cloud sync, no iCloud storage, and no server-side copy. If you lose the passphrase, we cannot recover the archive — we never have it.

Deletion is under your control. You can delete individual items, delete engagements (optionally with a signed data-destruction certificate), or reset the entire workspace at any time. Because all data is on your device, deleting it removes it completely.

AI Provider Integration (Your Choice, Your Key)

The App can generate security work products using AI. You control whether and where any data goes:

On-device generation (Apple Intelligence, where available) processes everything locally. No data leaves your device.

Cloud generation is optional and only occurs when you configure it and initiate it. If you choose a cloud provider (Anthropic, OpenAI, or Google), the App sends your engagement context, evidence excerpts, and — with your explicit consent — attached diagram images directly from your device to that provider, using an API key that you supply. This traffic goes only to that provider; it never passes through Jamsoft.

Before anything is sent, the App can show you an exact preview of the outgoing payload, automatically redacts recognizable secrets and sensitive patterns, and restricts network connections to the specific provider endpoints you chose. Engagements you classify as Restricted are blocked from cloud generation entirely.

Your API keys are stored in the device Keychain (device-only, encrypted) and are used solely to authenticate your requests to the provider you selected. We never receive or transmit your keys.

Data you send to an AI provider is processed under that provider's terms and privacy policy. Please review the policy of the provider you choose: Anthropic (anthropic.com/privacy), OpenAI (openai.com/privacy), or Google (policies.google.com/privacy).

Purchases and Subscriptions

A2O Architect Pro is offered as an auto-renewing subscription processed entirely by Apple through the App Store. We do not receive your name, payment details, or billing information. Subscription entitlement is verified on-device using Apple's StoreKit framework. Purchases are subject to Apple's Privacy Policy (apple.com/privacy).

Notifications

If you enable deadline alerts, the App schedules local notifications on your device (for overdue findings, expiring risk acceptances, and stale evidence). These are generated and delivered entirely on-device; no notification data is sent to us or to any third party.

No Analytics or Tracking

The App contains no analytics, advertising, or tracking of any kind. We do not collect usage patterns, device identifiers, crash reports, or telemetry. The App's privacy manifest declares no tracking and no data collection.

Children's Privacy

The App is a professional tool intended for a general audience and does not knowingly collect any personal information from anyone, including children under 13 (or the equivalent minimum age in the relevant jurisdiction). Since we do not collect personal information of any kind, we have no way of determining a user's age.

Your Content and Your Responsibilities

Content you import into the App (architecture documents, configurations, evidence artifacts) may itself contain personal or confidential information belonging to you or your organization. That content remains on your device under your control, and you act as its controller. If you choose cloud AI generation, you are responsible for ensuring that sending that content to your chosen provider is permitted by your organization's policies and applicable law. The App's classification, redaction, and egress-preview features exist to help you meet those obligations.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Changes are effective when posted.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Jamsoft Inc. Email: support@jamsoftinc.com