← Back to home

Privacy Policy

Last updated: April 9, 2026

Sterling is a desktop application made by Arch Capital Inc ("we", "us", "Arch Capital"). This policy explains what information we collect, what we do with it, and — more importantly — what we don't.

The short version: Sterling runs on your hardware. Your conversations, your memories, your files, and your voice stay on your machine. We cannot see them, we do not collect them, and we do not train on them. This is not a marketing claim — it is the technical architecture of the product, and this document makes it a legally binding promise.

1. What Sterling collects on your device

When you use Sterling, the following data exists on your computer and nowhere else:

  • Your conversations with Sterling
  • Memories and notes you ask Sterling to remember
  • Your voice recordings (processed locally, deleted after transcription)
  • Files Sterling reads, writes, or references at your request
  • Sterling's local settings and preferences

This data is stored in plain files on your hard drive that you can open, inspect, copy, back up, or delete at any time. Arch Capital does not have access to any of it.

2. What Arch Capital collects on our servers

To sell Sterling, deliver updates, and support customers, we collect the minimum information required:

  • Account information: email address, hashed password, account creation date
  • Purchase records: license tier, purchase date, payment amount, Stripe customer ID (we do not store card numbers; Stripe handles that)
  • License activation metadata: which devices your license is active on, last activation date (to enforce device limits, never content)
  • Basic support records: any emails or bug reports you send us
  • Anonymous website analytics: page views and referrers on mysterling.ai, aggregated and not tied to individual users

That is the complete list. We do not collect your IP address beyond what is logged in standard web server access logs for security purposes. We do not use tracking cookies for advertising. We do not sell any data to third parties. We do not share data with advertisers.

3. What Sterling sends over the internet

During normal operation, Sterling sends the following and only the following to Arch Capital servers:

  • License validation: a periodic check that your license key is still valid (just the key, nothing else)
  • Update checks: a check whether a newer version of Sterling is available (just a version number, nothing else)

Sterling does not send your conversations, your memories, your voice, your files, your usage patterns, or any other content anywhere. This is verifiable — Sterling's network activity can be audited with any standard firewall or network monitor. We encourage customers who want to verify this to do so.

4. AI model training — a permanent commitment

Arch Capital will never use customer data, conversations, voice recordings, files, memories, or any content processed by Sterling to train, fine-tune, validate, or evaluate any AI model, now or in the future. This applies to models we build, models we license, and models we partner on. This commitment has no expiration date and cannot be changed retroactively for existing customers.

5. Third parties

Sterling itself runs locally and does not send data to third parties. Arch Capital uses the following third-party services strictly for running the business:

  • Stripe(payment processing) — receives your email and payment information when you purchase. Governed by Stripe's own privacy policy.
  • Resend (transactional email) — receives your email address and the contents of emails we send you (license delivery, receipts).
  • Cloudflare (web hosting) — processes requests to mysterling.ai.
  • Google Workspace(if you connect Calendar or Gmail through Sterling) — Sterling's Google integrations run locally, but OAuth tokens are stored encrypted on your device. We never see your Google data.

6. Your rights

You may at any time:

  • Export all data Arch Capital has about you by emailing [email protected]
  • Delete your account and have your data removed from our servers (license records retained for 7 years for tax and fraud-prevention purposes, as required by Canadian law)
  • Correct any inaccurate information we hold about you
  • Opt out of any future marketing emails (transactional emails, such as license delivery and security notices, cannot be opted out of)

7. Children

Sterling is not directed at children under 13. Arch Capital does not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, email [email protected] and we will delete it.

8. Jurisdiction

Arch Capital Inc is based in Ontario, Canada. This policy is governed by the laws of Ontario and the federal laws of Canada. Canadian privacy legislation (PIPEDA) applies.

9. Changes to this policy

If we update this policy, we will email all account holders with a summary of the changes at least 14 days before the changes take effect. Material changes require affirmative consent to continue using Sterling.

10. Contact

Privacy questions, requests, or complaints:
[email protected]

Arch Capital Inc
Ontario, Canada