Draft
What we collect
We collect only what we need to run Iris for you: your email address, a first name for greeting, your scheme details, the documents and notes you upload, and the messages you send to Iris. We do not collect date of birth, postal address, or phone number unless you volunteer them.
Where your data lives
Your data is stored on managed infrastructure in the region closest to your launch market. Database and storage encryption use AES-256 at rest. Connections are protected by TLS 1.3 with HSTS. AI inference runs through a vendor configured for zero data retention; no Iris content is used to train any model.
How long we keep it
We keep your active data for as long as your account is open. Audit log entries are retained for seven years to support the integrity of the record. When you request deletion, we soft-delete for thirty days so you can change your mind, then permanently destroy your data.
Audit log
Every meaningful action you take in Iris is recorded in an immutable audit log: who, what, when — never the content of your private messages. You can export your own audit trail at any time.
Crisis flag
If Iris detects a crisis-level expression of distress, we record a timestamp and a flag — never the content of the message. We do not notify anyone automatically. The flag exists so that you and only you can review patterns later.
Deleting your data
Visit Settings → Your data to export everything we hold for you, or to begin a thirty-day soft-delete. After thirty days the data is destroyed and cannot be recovered.
Contacting us
Questions about this notice: privacy@iris.app.