Back to Iris

Privacy Policy

Last updated: January 12, 2026

Overview

Iris is built with privacy as a core principle. We use end-to-end encryption (E2EE) to ensure that your conversations, chat titles, space names, custom instructions, file attachments, and all personal data remain private and accessible only to you.

Data We Collect

  • Account Information: When you sign in via Ave, we receive your display name, handle, email (optional), and avatar URL. This is used to identify your account.
  • Encrypted Content: Your chat messages, chat titles, space names, space instructions, global user instructions, file attachments (images, documents, audio), and filenames are encrypted on your device before being stored. We cannot read this content.
  • Metadata: We store non-sensitive metadata such as timestamps, space icons, colors, tone preferences, file sizes, and MIME types to provide the service.
  • Usage Data: Basic usage metrics like model selection and feature usage may be collected to improve the service.

End-to-End Encryption

Iris uses AES-GCM 256-bit encryption for all sensitive content. Your encryption key is derived from your account and stored locally on your device. This means:

  • We cannot read your messages or chat content
  • We cannot decrypt your space names or custom instructions
  • We cannot access your file attachments or their filenames
  • File contents are encrypted before upload to our storage servers
  • Even if our servers were compromised, your data would remain encrypted
  • You are responsible for maintaining access to your encryption key

Incognito Mode

When Incognito Mode is enabled, conversations are not saved to our servers or your local storage. Once you close or navigate away from the chat, the conversation is permanently deleted with no way to recover it.

Third-Party Services

Iris integrates with the following third-party services:

  • AI Providers: Your messages are sent to AI providers (OpenAI, Anthropic, Google) to generate responses. These providers have their own privacy policies.
  • Ave Authentication: We use Ave for secure authentication. Ave's privacy policy applies to the authentication process.
  • Convex: We use Convex as our backend database. Data stored is encrypted before transmission.
  • Tavily: When web search is enabled, search queries are sent to Tavily to retrieve results.

Data Retention

  • Chats without a space assignment are automatically deleted after 3 days
  • You can delete individual chats or entire spaces at any time
  • Deleting a chat automatically deletes all associated file attachments from storage
  • Removing an attachment before sending permanently deletes it from storage
  • Deleting your account will remove all associated data from our servers
  • Incognito chats are never stored

Your Rights

You have the right to:

  • Access your data through the app
  • Delete your data at any time
  • Export your data
  • Request account deletion

Security

We implement industry-standard security measures including HTTPS encryption in transit, secure authentication via Ave, and end-to-end encryption for sensitive data. We regularly review and update our security practices.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.

Contact

Iris is operated by Lantharos. If you have any questions about this privacy policy or our data practices, please contact us at hello@lantharos.com.