Hub and iPhone#
Ostler is built as two pieces: a Hub that runs on your Mac, and an optional iOS app that runs on your iPhone. The Hub is the brain and the storage. Ostler on iPhone is a window into it from your pocket. This page explains what each one owns, how they talk to each other, and what happens when they cannot.
The two components at a glance#
| Hub (macOS) | iOS app (iOS) | |
|---|---|---|
| Role | Holds the data, runs the local model, does the heavy lifting | Capture, browse, search, notifications |
| Required? | Yes – this is Ostler | No – the Hub works on its own |
| Where the data lives | Here, on your Mac | A small encrypted cache, paired to your Hub |
| Where the AI runs | Here, on your Mac | Sends queries to the Hub |
| Internet needed to function? | No | Only to reach the Hub when you are away from home |
The Hub is the source of truth
Every fact Ostler knows lives on the Hub. The iOS app is a convenient lens, not a second copy of your life. If you only ever use a Mac, you never need the iOS app.
What the Hub owns#
The Hub is the macOS application installed by the one-shot installer. It is responsible for:
- All persistent data. Your contacts, messages, calendar history, conversation transcripts, browsing history, and the relationships between them.
- Local AI inference. The language model runs here. Every question you ask, every summary, every extraction is processed on this Mac.
- Capture. The Hub reads from your Mac's built-in apps – Safari, Chrome, iMessage, WhatsApp, Apple Mail, Apple Notes, Calendar, Photos, Reminders – with Full Disk Access. At install time it mines the historical depth of each source you opt into, not just the live present, so first launch is not a blank canvas. It also accepts imports from GDPR exports.
- Background processing. Periodic syncs, identity resolution, and conversation processing all happen on the Hub on its own schedule.
- The local API. A small HTTP server bound to localhost that the iOS app talks to when it is on your home network.
The Hub is designed to be left running. It is not chatty. When nothing is happening, it is asleep.
What the iOS app owns#
The Ostler iOS app is the iOS application. It is optional and it ships separately on the App Store. It is responsible for:
- Quick capture. Voice notes, photos, on-the-spot reminders that flow into your Hub when you are home.
- A read-only window into your data. Search your people, your conversations, your timeline, from your phone.
- Notifications and nudges. When the Hub has something to tell you – a follow-up suggestion, a stale relationship reminder – the iOS app is how it reaches you.
- A small encrypted cache. Recent items the iOS app has loaded, so the app feels fast and works briefly without a connection.
The iOS app is not a second Hub. It does not run the language model. It does not hold your full data set. If you uninstall it, you lose nothing irreplaceable – the Hub can be paired with a fresh iPhone whenever you like.
How they pair#
Pairing happens once, when you first install the iOS app. The process is designed to be hands-on for a reason: this is the moment that establishes trust between two devices for the rest of the product's life.
The Hub displays a QR code. The iOS app scans it. A short pairing window opens. During that window the Hub and the iOS app exchange the cryptographic material that lets them recognise each other from then on. After pairing, the iOS app knows your Hub's public key, your Hub knows the iOS app's public key, and neither will talk to a device it has not pre-approved.
The full cryptographic contract – the QR code format, the WebAuthn handshake, the proof-of-shared-passkey, the pairing-token expiry – is fixed in a normative cross-platform specification. Every constant and test vector is locked. See Encryption for the primitives in use.
Pairing is local
Your iPhone and your Mac talk directly during pairing. Nothing leaves your home network. Creative Machines is not in the loop, and neither is Apple.
How they talk after pairing#
Day-to-day traffic between the iOS app and the Hub is short, direct HTTP-over-TLS over your home Wi-Fi. The iOS app reaches the Hub at the address it learned from your pairing QR code (LAN IP at home, Tailscale address when you're away), then opens a TLS connection to the Hub's self-signed certificate. The iOS app has that certificate's public key pinned from pairing time, so only your Mac can answer.
There is no Creative Machines server in the middle. There is no WebSocket relay, no push-notification gateway carrying your content, no analytics endpoint hearing the request. The iOS app is talking to your Mac. Your router is the wire.
What happens when the Hub is offline#
The iOS app holds a small cache of recently-viewed items. If you open the app while the Hub is asleep, on a different network, or otherwise unreachable, you can still:
- See the people, conversations, or notes you most recently looked at.
- Capture new items – a voice note, a photo – which queue up to be delivered to the Hub the next time it is reachable.
You cannot:
- Search the full graph (the searchable data lives on the Hub).
- Ask the AI assistant questions (the model runs on the Hub).
- See data you have not previously loaded.
When the Hub comes back online and you are on the same network, the iOS app drains its capture queue and refreshes.
What happens when the iOS app is offline#
Nothing. The Hub is the product. It works whether or not your phone is nearby, whether or not your phone is charged, whether or not the iOS app is even installed. Every piece of capture the Hub does on its own – Safari history, Apple Mail, iMessage – continues without interruption.
Reaching the Hub from outside your home#
By default, the Hub binds its API to localhost. Your home router's firewall is the perimeter. From outside the network, the Hub is unreachable.
If you want to reach the Hub from a coffee shop or a different country, the recommended path is Tailscale – a zero-trust mesh network. The iOS app uses the same Tailscale identity to find the Hub from anywhere, with no exposed ports, no port-forwarding, and no UPnP. To the public internet, your Hub is still invisible.
We do not run a relay. We do not host your traffic. Tailscale is a standard third-party tool you install yourself, and we document the five-minute setup in Pair the iOS app.
We do not recommend exposing the Hub to the public internet
Don't open ports on your router. Don't run the Hub behind a reverse proxy on a public hostname. The architecture assumes the Hub is only reachable from devices you have explicitly trusted, on networks you control or via Tailscale. If you bypass that, you are on your own.
What this means for you#
- One Mac is the minimum. Buy a Mac, install Ostler, you are done.
- The iPhone is a nice-to-have, not a must-have. Add it later or not at all. Your Hub does not care.
- You own the relationship between the two devices. Pairing is a conscious act you perform once, in your own home, with no third party in the middle.
- Loss of either device is recoverable. A new Mac can be restored from a Time Machine backup or set up fresh and re-paired with the same iPhone. A new iPhone can be re-paired with the existing Hub.
Related reading#
- Privacy model – why the architecture is shaped this way.
- Encryption – the cryptographic primitives that bind the two devices together.
- Data flows – exactly what crosses the wire and when.
- What stays local – the data side of the same story.
- Pair the iOS app – the practical walkthrough.