IRIS

Privacy & Data Governance Policy

Last Updated: January 20, 2026

Your trust is the foundation of our platform. This policy isn't just legal jargon; it's our promise to you. We've written it to be as clear as possible about what data we collect, why we need it, and how we protect it. Your conversations are yours, and we are committed to keeping them private and secure.

1. DATA SECURITY

1.1. Encryption in Transit

All data transmitted between your device and our servers is protected using TLS/HTTPS encryption. This ensures that your conversations and data cannot be intercepted during transmission.

1.2. Secure Storage

Your data is stored on secure, access-controlled servers. We implement industry-standard security measures including encrypted databases, secure authentication, and regular security audits to protect your information.

1.3. Access Controls

Access to user data is strictly limited to authorized personnel on a need-to-know basis. All access is logged and monitored. Your conversation data is associated with your account and is not accessible to other users.

2. DATA SILOING & NON-COMMERCIALIZATION

2.1. Zero-Sale Guarantee

Your personal fantasies, emotional vulnerabilities, and romantic histories will NEVER be sold or shared with third-party advertisers.

2.2. Training Isolation

Data generated within the Intimate Partner tier is sequestered and will not be utilized for the training of global or public-facing models.

3. INFORMATION WE COLLECT

Account Information: When you create an account, we collect your email address and authentication credentials through our secure authentication provider (Clerk).

Conversation Data: Messages you exchange with AI companions are stored (encrypted for Partner tiers) to maintain conversation history and context.

AI Companion Configurations: Settings and preferences you define for your AI companions.

Generated Content: Images and media generated during conversations.

4. COOKIES & LOCAL STORAGE

We use minimal data storage to provide our services:

Essential Cookies: Required for authentication and keeping you signed in securely. These cannot be disabled.

Functional Storage: We use browser localStorage to remember your chat preferences and UI state.

No Tracking: We do not use any analytics, advertising, or third-party tracking cookies.

5. YOUR RIGHTS (GDPR & CCPA)

Under GDPR, CCPA, and similar regulations, you have the right to:

  • Access your personal data we hold
  • Correct inaccurate personal data
  • Delete your personal data ("right to be forgotten")
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Opt-out of sale of personal information (CCPA)

To exercise these rights, please contact us at privacy@irisai.app

6. DATA RETENTION

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your account and associated data at any time. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

7. THIRD-PARTY SERVICES

We use the following third-party services:

  • Clerk - Authentication and user management
  • AWS S3 - Secure storage for generated images
  • OpenRouter - AI model inference

These services have their own privacy policies and data handling practices.

8. CONTACT US

If you have questions about this Privacy Policy or your data, please contact us at: privacy@irisai.app

By using IRIS AI, you acknowledge that you have read and understood this Privacy Policy.