Privacy Policy
Effective June 26, 2026 · Last updated July 3, 2026
Iroh is the easiest way to build a second brain. You talk or type, and Iroh turns it into an organized, searchable set of notes that live on your device. Because Iroh handles deeply personal thoughts, privacy is built into how the product works, not bolted on afterward. This policy explains, in plain language, what we collect, where it goes, what we do not do, and the choices you have.
Iroh (“Iroh,” “we,” “us”) operates the app described in this policy. Questions or privacy requests: info@askiroh.ai.
The short version
- Your brain (your notes and pages) lives as files on your own device, and optionally in your own iCloud. We do not make our servers the home for it.
- To answer you, we send AI providers your message plus the small slice of context needed for that one request, never your whole brain.
- No AI provider in our pipeline is permitted to train on your data.
- Health, calendar, and contacts stay on your device and are only included when you ask about something that needs them.
- We never sell your data, never run ads, never track you across other apps and sites, and never use data brokers.
- We collect basic account info, product usage analytics (you can opt out), and crash reports. None of these contain your notes.
Your brain stays on your device
The durable knowledge you build in Iroh (your wiki pages, your raw notes) is stored as plain markdown files in a vault on your device, and optionally synced through your own iCloud account. We do not keep a copy of that content in our backend databases or object storage as the system of record. If you stop using Iroh, your files are still yours and still readable. You can export everything as a folder of markdown at any time.
What you give Iroh, and where it goes
When you use Iroh, the content you create is sent to AI providers so they can generate a response. This includes:
- Your chat messages and the brain or wiki page content relevant to what you are asking.
- Context you paste or import into the app.
- Image attachments you add to a message.
- Voice recordings. When you record a voice note, the audio is uploaded to Groq, our transcription provider, converted to text, and the temporary audio file is then deleted.
Each AI provider receives only what its job needs, and nothing is sent until you have given permission in the app: Iroh shows you a consent screen the first time you use an AI feature, before anything leaves your device.
- Anthropic (Claude) receives your messages, image attachments, and the small, locally selected set of relevant brain snippets for that one request, to generate Iroh’s replies. We never upload your whole vault.
- Groq receives your voice recordings, solely to transcribe them into text. The temporary audio file is deleted after transcription.
- Perplexity receives your research question only, never anything from your brain, for web research. Research queries and their answers are retained for about seven days to make the feature work well, then deleted.
Every provider processes requests transiently to return a result and is contractually prohibited from training on your data or retaining it to build models. If we materially change which providers we use or what they receive, we will update this policy and ask for your permission again in the app.
Health data
If you connect Apple Health (on iOS) or Health Connect (on Android), Iroh can read your health and fitness data: sleep (including stages and efficiency), activity and workouts (steps, distance, active and total calories burned, floors climbed, elevation gained, and exercise sessions), heart and respiratory vitals (heart rate, resting heart rate, heart rate variability, blood oxygen, respiratory rate, VO2 max, and body temperature), and body measurements (weight and body fat). This access is read-only. The data is read on your device, and it is sent to Iroh’s server only when you ask a question in chat that requires it (for example, asking Iroh about your recent sleep or training). To answer that one question, a brief summary is shared with Anthropic (Claude) under the same no-training rule. We are explicit about how this data is treated:
- Health data is never used for advertising or marketing.
- Health data is never sold or shared with third parties.
- No AI provider in our pipeline is permitted to train on your data, and that explicitly includes your health data.
- We do not keep your health data on our servers. It is processed transiently to answer the request you made, then discarded.
- If a health-related answer is saved into your brain, it is saved only as text in your brain files, which live on your device, or in your own iCloud if you chose iCloud storage during setup. We never store your health data in iCloud ourselves.
- You can disconnect health access at any time in your device settings.
Calendar and contacts
If you connect your calendar or contacts, that data is read on your device. When you reference a specific event or person in a request, only that specific item is included in what we send to answer you. We do not bulk-upload your full calendar or address book to our servers.
What we collect about you and the app
- Account information. When you sign in with Google, we store your email address and display name, plus your in-app settings, through our authentication provider. We do not store your notes here.
- Identifiers. We assign an account user ID, and we store a device push token (used to send you notifications) through Google Firebase Cloud Messaging.
- Usage analytics. We use first-party, product interaction analytics (event names and counts) to understand which features are used and how the app performs. These events do not contain your content. Analytics are on by default and you can opt out in Settings.
- Diagnostics. When the app crashes or hits an error, we receive a technical crash report through Sentry, tied only to a pseudonymous user ID. These reports do not include screenshots or personal-content payloads, so a crash report cannot contain your notes.
- Feedback. If you send in-app feedback, your note along with a screenshot and basic device and app information is sent to our team so we can understand and fix the issue.
The providers we use
We rely on a small set of vendors. Each is bound by terms that prohibit training on your data.
- Anthropic for generating responses, synthesis, organization, and answering questions.
- Groq for voice transcription.
- Perplexity for web research, which receives only your research query, nothing from your brain.
- Supabase for authentication and our database.
- Sentry for crash and error reporting.
- Google Firebase for push notifications.
- Google Drive, but only when you choose to connect it. Iroh searches and reads your Drive files on demand to answer your requests. We do not keep server-side copies of your Drive files, and you can disconnect Drive at any time in the app or in your Google account settings.
This list can change as the product evolves. We keep it current here.
Iroh’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We never train on your data
No model provider in Iroh’s path is permitted to train on your inputs. This is a hard rule we apply when selecting providers, not an optional setting and not something you have to ask for.
What we never do
- We do not sell your data.
- We do not run advertising.
- We do not track you across other apps or websites.
- We do not share or sell your data to data brokers.
- We do not let any provider train on your data.
- We do not store your brain content on our servers as the system of record. It lives on your device.
Where your data lives, and how long
- Your brain lives on your device, and optionally in your own iCloud account.
- Research queries and answers are kept for about seven days, then deleted.
- Voice recordings are deleted right after they are transcribed.
- Account data (email, display name, settings, push token) is retained while your account is active.
Your choices and deleting your data
- Export. You can export your entire vault as markdown files at any time.
- Opt out of analytics. You can turn off product usage analytics in Settings.
- Disconnect a source. You can disconnect health, calendar, contacts, or Google Drive at any time.
- Delete your account. You can delete your account and the associated data we hold (account info, settings, and related metadata). Deleting the files on your device is a separate action you control.
Security
Your data is encrypted in transit using TLS. We rely on your device’s operating system protections for the local vault and stored credentials. We do not claim end-to-end encryption or “zero knowledge,” because cloud AI processing necessarily involves sending bounded context to providers. Our stronger protection is structural: we do not make our servers the home for your brain in the first place.
Children
Iroh is not directed to children under 13 (or the minimum age in your region), and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will remove it.
Changes to this policy
If we make material changes, we will update this page and the “Last updated” date, and notify you in the app where appropriate.
Contact
Questions or requests about your privacy: info@askiroh.ai.