Privacy Policy

Last updated: March 2, 2026

1. What We Collect

Picnic collects the minimum data needed to provide the service:

  • Account info — your email address, used for authentication
  • Chat messages — messages sent through Picnic Basket (web/phone), Telegram, or Discord are relayed through our servers to reach your desktop
  • Subscription data — billing status and plan information from Polar
  • Device info — a device label (e.g. "Picnic Desktop") for session management

2. What We Don't Collect

  • We do not collect or store your advanced manual provider API keys; those stay on your machine
  • We do not read or analyze the content of your conversations for advertising
  • We do not sell your data to third parties
  • We do not use tracking cookies or third-party analytics on the desktop app

3. How We Use Your Data

  • Authentication — verifying your identity and managing sessions
  • Message relay — delivering messages between your phone/Telegram/Discord and your desktop
  • Billing — managing your subscription and enforcing fair-use limits
  • Service improvement — aggregate, anonymized usage metrics to keep the service running well

4. Where Your Data Lives

Picnic's cloud infrastructure runs on Cloudflare Workers, D1 (SQLite), and R2 (object storage). Data is stored in Cloudflare's global network. Your desktop application data (config, notes, memory) is stored locally on your machine.

5. Third-Party Services

Picnic integrates with the following services, each with their own privacy policies:

  • WorkOS — authentication provider
  • Polar — subscription billing
  • Telegram — messaging relay (if you connect Telegram)
  • Discord — messaging relay (if you connect Discord)
  • OpenClaw / AI providers — AI model requests when you use Picnic subscriptions or optionally connect your own provider

6. Data Retention

Chat messages relayed through our servers are retained to provide message history and sync. You can clear your chat history at any time from the desktop app. Account data is retained as long as your account exists. When you delete your account, all associated data is removed.

7. Security

We use HTTPS for all communications, token-based authentication with short-lived sessions, and scoped access controls. Subscription and session credentials used by Picnic's cloud services are protected in our infrastructure, while any optional advanced manual provider API keys stay encrypted on your local device.

8. Your Rights

You can request access to, correction of, or deletion of your personal data at any time by contacting us. You can export your local data directly from the desktop application.

9. Children's Privacy

Picnic is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

11. Contact

For privacy-related questions, reach us on Discord, X, or visit the contact page.