Scope
Hottub Deck for macOS is a developer tool: a native Mac menu-bar app that watches your active terminal windows, summarizes what AI coding agents are doing, lets you use Terminal Speak, and (optionally) makes that work legible to you across machines and to teammates via the Shared Deck web cockpit. This addendum covers the data Deck processes. Everything else — your Hottub account, the consumer community product — is governed by the main Privacy Policy.
On-device by default
Deck reads your terminal windows locally and produces each summary on your Mac. With Shared Deck off, nothing about your terminals leaves the machine. The summary you see (e.g. “fixing the search-ranking bug”) is generated on-device and redacted again before it could ever be sent.
AI summaries are on-device
Deck’s summaries are generated by Apple’s on-device foundation model, running locally on your Mac. Deck does not send your terminal data, code, or prompts to OpenAI, Anthropic, or any other third-party AI or large-language-model provider to create them. If the on-device model isn’t available, Deck falls back to a simple local heuristic — still on your machine. We do not use your data to train models, ours or anyone else’s.
Terminal Speak & microphone
Terminal Speak uses your microphone only after you click a Deck microphone control or use a Deck shortcut that starts voice capture. Deck captures a short phrase, transcribes it locally using the bundled Halo Voice runtime and model, and then inserts the resulting phrase into the selected terminal only if the feature is enabled and macOS Accessibility permission allows it. Deck does not continuously listen.
During transcription, Deck writes a temporary local audio file so the local voice runtime can process it. Deck removes that temporary file after the transcription request finishes or fails. Hottub does not receive your raw microphone audio or Terminal Speak transcript through the local Terminal Speak feature.
What Shared Deck sends (when you turn it on)
If you pair a machine, Deck pushes a periodic snapshot to Hottub containing only:
- The redacted, distilled summary line per window — never the underlying text.
- Per-window tool and status (e.g. “Codex · Healthy”), a reading-order number, and a display color.
- Optional stable, redacted fingerprints for an actor/resource (so the fleet view can flag collisions) — not names or paths.
- Device metadata: a device name, platform (“macOS”), app version, and timestamps. The device name comes from your computer’s name, which may include your name; you can rename your Mac (or the machine in Shared Deck) at any time.
- Explicit agent events and remote-action results you or your agents generate (see below).
What we never receive
- Your source code, terminal contents, command output, or scrollback.
- Prompts you write to AI agents, or their full responses.
- File paths, file names, project names, repository URLs, or account names.
- Secrets, tokens, or keys — these are stripped on-device by a client-side redaction pass before sending.
This is the same promise as local Deck, enforced at the client boundary: your code never leaves the machine.
Tokens & device identity
Pairing mints a per-device token you paste into Deck once. Deck stores it in the macOS Keychain (never synced to iCloud) and sends it as a bearer token on each push. Each paired machine has its own identity; revoking one machine’s token never affects the others, and post-revocation attempts are rejected and logged.
Remote actions (the control plane)
Shared Deck can carry bounded governance decisions — for example, approving or denying an action an agent asked about — from the web to a machine. The design boundary: the machine is the authority. The web only requests bounded actions into a queue; your local Deck validates each one against your capabilities and applies it through an agent’s own interface. Deck never types into your terminal, runs a shell, or executes remotely. Remote actions are off by default, split into separately-grantable capabilities, revocable instantly, and every decision is recorded in an audit log on both ends.
Team sharing
You may opt a machine into sharing with your team. When on, teammates can see that machine’s redacted snapshots (same fields above — never your code) and, where you have granted the capability, send bounded approve/deny intent. Sharing is per-machine, off by default, and revocable. For organizations, a data-processing agreement and sub-processor list are available on request.
App updates & downloads
The macOS app checks for updates on a schedule by fetching a signed update feed from Hottub; like any network request, that reveals your IP address and the app version to the server and our CDN. The app download is served from our content-delivery network. The app bundles no analytics, crash-reporting, or advertising SDKs.
Processors & sub-processors
We share Deck data only with the service providers needed to run it, under contract:
- Amazon Web Services (AWS) — cloud hosting and database for the Shared Deck API; stores snapshots, events, approvals, commands, and audit records.
- Cloudflare — CDN, edge delivery, and R2 object storage that serve the Deck app download and the signed update feed.
- Stripe — payment processing for paid Deck plans (see the Deck Terms); applies once paid plans launch. We receive billing records, not your full payment-card details.
- Resend — transactional and account email (for example, email verification, password reset, and support replies).
We do not sell your data, and we do not use it to train models — ours or any third party’s. A data-processing agreement (DPA) and the current sub-processor list are available to organizations on request; we will post updates here and give notice before any new sub-processor begins processing Deck data.
Retention & your choices
- We keep the latest snapshot per machine (each push replaces the prior one) plus the events, approvals, commands, and audit records needed to operate the cockpit and its audit trail.
- Unpair a machine in Deck, or revoke its token from the web, to stop reporting immediately.
- Turn remote actions off anytime — it is a one-tap kill switch on the machine.
- Request access or deletion of your Deck data via the contact below; standard legal/safety retention exceptions apply.
Self-host & overrides
Deck supports pointing at an alternate Shared Deck server (for staging or self-host). When you do, snapshots go to that server instead, governed by its operator. The shipped app talks only to Hottub’s production cockpit unless you change this.
Security & legal requests
Snapshots and commands travel over encrypted connections (HTTPS). Pairing tokens are stored in your macOS Keychain on the device and as a one-way hash on the server, never in plaintext. Remote-action capabilities are validated on the machine and recorded in an audit log. We handle law-enforcement and legal requests for Deck data as described in Section 12 of the main Terms, and international data transfers as in the main Privacy Policy. The local Deck app is free and needs no account; Shared Deck (optional) requires a Hottub account, which is for adults (18+).
Contact
Deck privacy questions or requests? Contact [email protected]. See also the Deck Terms and the main Privacy Policy.