Join Waitlist

Privacy Policy

Last updated: April 2, 2026

This privacy policy describes how Lonia AI ("we," "us," "our") collects, uses, and protects your information when you use Iris ("the Service").

Our Privacy Philosophy

Iris is built on a principle: your conversations are yours. We process data on your device by default. We don't store passwords. We don't record audio or video. Cloud features are optional and off by default.

On-Device Processing

Core Iris features — including speech-to-text transcription and the signing avatar — run directly on your device. Audio data is processed locally and is never transmitted to our servers. Video data from camera-based features is also processed on-device and never stored or transmitted.

What We Collect

Account Information

When you create an account, we receive basic profile information from your OAuth provider (Google or Microsoft):

  • Display name
  • Email address
  • Profile photo URL (if provided)

We do not receive or store your password. Authentication is handled entirely by your OAuth provider.

Conversation Data (Optional)

If you enable cloud sync (off by default), conversation transcripts are stored encrypted in our database. You can delete this data at any time from your profile settings.

Usage Analytics

We collect basic usage metrics — number of conversations, session duration, and dictionary lookups — solely to enforce plan limits and improve the service. This data is stored in your account and is never shared with third parties.

What We Don't Do

We do not use third-party analytics services. We do not serve ads. We do not build advertising profiles. We do not sell, license, rent, or provide your personal information to third parties for any commercial purpose. This is a foundational commitment — not a policy that changes with a terms update.

Data Sales: Never

Lonia AI will never sell your data. Period. Your information exists to serve you, not to be monetized.

What We Do NOT Collect

  • Passwords (OAuth-only authentication)
  • Audio recordings
  • Video recordings
  • Location data
  • Device identifiers or advertising IDs
  • Browsing history

Data Storage & Security

Data stored in our cloud services is hosted on Supabase infrastructure with:

  • Encryption at rest and in transit
  • Row-level security (RLS) policies
  • Regular security audits

Data Retention

Conversation history retention depends on your plan tier:

  • Free: 7 days
  • Personal: 30 days
  • Professional: Unlimited

You can delete your data at any time. Account deletion removes all associated data within 30 days.

Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data
  • Portability — Receive your data in a portable format
  • Restriction — Limit how we process your data
  • Objection — Object to data processing

To exercise these rights, contact admin@lonia.ai.

HIPAA-Aware Processing

For enterprise and healthcare customers, Iris offers HIPAA-aware processing configurations. Contact us for Business Associate Agreements (BAAs) and compliance documentation.

Children's Privacy

Iris is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

Contact

For privacy-related inquiries: