Privacy Policy

AI Life OS - Last updated: 19 May 2026

This policy explains what AI Life OS ("the app") collects, why, who processes it, and your rights. We collect the minimum needed to run the features you opt into. We never sell your data and never permit our AI providers to train on it.

1. What we collect

• Account: name and email (or Apple Private Relay email) provided at sign-in.
• AI Memory entries: preferences, goals, facts, events you type into the Memory tab.
• Persona chat messages: the messages you send to AI personas and the replies they generate. Stored under your account only; not visible to other users.
• Per-persona memory facts: short third-person summaries the AI extracts from your chats so a persona can recall context across sessions. You can view and delete these in Settings.
• Calendar event titles, times, and locations: read-only summaries from your iOS calendar when you grant permission. Used to build your Daily Brief and (Pro, opt-in) to give personas context about your day.
• HealthKit aggregates: 30-day summary statistics only (averages, trends, count of nights under 6 hours of sleep). Raw biometric timeseries never leave your iPhone.
• News feed URLs: the RSS sources you add to your brief.
• Home city (text): the city name you enter in Settings for weather and travel guidance. We do not access your iOS location services.
• Subscription receipt: Apple-issued receipt verified by RevenueCat to confirm Pro entitlement.

2. Third-party AI providers we use

The following providers process data you send them when you use AI features. None is permitted to use your data to train their models. We disclose them in the app's onboarding consent screen before the first AI call and ask you to re-consent whenever this list changes.

• Cerebras (gpt-oss-120b): Free tier primary LLM. Generates Daily Brief text and persona chat replies. Privacy policy: cerebras.ai/privacy.
• Ollama Cloud (gemma4:31b-cloud): Free tier fallback LLM when Cerebras is unavailable. Same data scope. Privacy policy: ollama.com/legal/privacy.
• Anthropic (Claude Haiku 4.5): Pro tier LLM. Generates Daily Brief, weekly patterns, Doctor Prep questions, and persona chat replies. Privacy policy: anthropic.com/legal/privacy.
• Google Cloud Text-to-Speech (Chirp 3 HD): when Pro users tap play on a brief, the brief text is sent to Google to generate audio. Privacy policy: cloud.google.com/terms/cloud-privacy-notice.
• Supabase: our database, authentication, and storage provider. Privacy policy: supabase.com/privacy.
• RevenueCat: verifies your subscription receipt. Privacy policy: revenuecat.com/privacy.
• Open-Meteo: weather forecast and city geocoding. We send only the city name or coordinates - no user identifiers. Privacy policy: open-meteo.com/en/terms.

3. AI persona safety

Before every persona reply, your message passes through a server-side safety layer that scans for language suggesting self-harm, suicidal ideation, or imminent danger. When that signal is detected, the app shows a hardcoded crisis-resources card (988 in the US, Lifeline 13 11 14 in Australia, Samaritans 116 123 in the UK, 9-8-8 in Canada) instead of an AI-generated reply, regardless of which persona you are chatting with. AI personas explicitly disclaim being therapists, doctors, lawyers, or financial advisors. The app is not a crisis service or a substitute for professional care.

4. What stays on your iPhone only

• HealthKit raw samples: we only ever send aggregated statistics off the device. Per-minute heart rate, individual sleep stages, or step-by-step records never leave your iPhone.
• Apple Speech (Free tier audio brief): Free tier brief playback uses iOS built-in voices entirely on-device. No audio is generated in the cloud for Free users.
• Authentication tokens at rest: stored in an encrypted local store; the encryption key is held in the iOS Keychain (Secure Enclave-backed where supported).

5. How long we keep your data

• AI Memory entries: until you delete them or your account.
• Persona conversations and messages: until you delete the conversation or your account.
• Per-persona memory facts: until you delete them in Settings or your account.
• Daily Briefs: until you delete your account.
• Audio brief files: deleted when you regenerate the brief or delete your account.
• Doctor Prep sessions: 90 days, then automatically deleted.
• Authentication tokens: refreshed by Supabase; revoked immediately when you sign out or delete your account.

6. Account deletion

Open Settings > Privacy > Delete account & data. Tapping confirm wipes your authentication record from Supabase, which cascade-deletes every owned row (memories, briefs, conversations, persona messages, persona memory facts, news feeds, weekly insights, doctor prep sessions, calendar event cache, audio files in storage). We also unlink your subscription record at RevenueCat so the user id is left with no stale entitlement state. This action is irreversible.

7. Your rights

• Access: contact kenzythai@yahoo.com for a copy of the data we hold.
• Correction: edit your name, memories, news feeds, and brief time directly in the app.
• Deletion: use the in-app delete account flow at any time.
• Withdraw AI consent: tap Settings > Privacy > Revoke AI consent. Cloud AI features stop; on-device features still work.
• EU residents (GDPR): we rely on contractual necessity and explicit consent for processing. You can lodge a complaint with your local supervisory authority.
• California residents (CCPA): you can request access, deletion, or correction at the email above. We do not sell your personal information.
• Australian residents: we comply with the Privacy Act 1988 (Cth). Complaints can be lodged with the Office of the Australian Information Commissioner.

8. Security

Data in transit is encrypted with TLS 1.2+. Database rows are protected by Supabase Row Level Security so no user can read another user's data via the public API. Audio files are stored in a private bucket with signed URLs that expire after 24 hours. Authentication tokens on the device are stored in an encrypted MMKV store with the AES key held in the iOS Keychain.

9. Children

AI Life OS is rated 16+ on the App Store and is not directed at children. We do not knowingly collect data from children. If you believe someone under 16 has signed up, email kenzythai@yahoo.com and we will delete the account.

10. Changes to this policy

We will update the "Last updated" date and bump the in-app AI consent version when material changes occur (such as adding a new AI provider). You will be asked to re-consent before AI features continue.

11. Contact

Questions, requests, complaints: kenzythai@yahoo.com