Privacy Policy

            How to Read This Policy: Each section includes a plain-language summary in a box like this one, followed by the formal legal terms. The formal terms govern if there's any ambiguity. We've written both to say the same thing—one's just for lawyers.
        

1. Introduction

            Plain English: This policy explains what data IdeAI collects (very little) and how we handle it (carefully). We built the app so your private thoughts stay private.
        

1.1. This Privacy Policy ("Policy") is entered into by and between Magentic ("Company," "we," "us," or "our") and you ("User," "you," or "your") and governs the collection, use, storage, and disclosure of information in connection with the IdeAI application ("App," "Service").

1.2. By installing, accessing, or using the App, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree to this Policy, you must not use the App.

1.3. The Company reserves the right to modify this Policy at any time. Material changes will be communicated via in-app notification. Your continued use of the App following such notification constitutes acceptance of the modified Policy.

2. Definitions

2.1. "Personal Data" means any information relating to an identified or identifiable natural person.

2.2. "User Content" means any text, audio, images, or other content created, uploaded, or stored by the User within the App, including but not limited to journal entries, notes, and AI conversation logs.

2.3. "On-Device Processing" means computational operations performed locally on the User's hardware without transmission to external servers.

2.4. "Device Credentials" means cryptographic keys, tokens, and other authentication materials stored within the device's secure enclave or keychain.

3. Data We Do Not Collect

            Plain English: We don't collect your journal entries, personal info, location, or usage analytics. We can't read your stuff.
        

3.1. The Company does not collect, receive, store, or process the following categories of information:

(a) User Content, including journal entries, notes, and AI conversation transcripts;
(b) Personal identifiers, including name, email address, phone number, or government-issued identification numbers;
(c) Device identifiers, including IDFA, IDFV, or other advertising or analytics identifiers;
(d) Geolocation data, whether precise or approximate;
(e) Behavioral or usage analytics, including session duration, feature usage frequency, or interaction patterns;
(f) Contact lists, calendar data, or other information from device applications.

3.2. The foregoing applies to data in both plaintext and encrypted form. The Company does not possess the cryptographic keys necessary to decrypt User Content.

4. On-Device Data Storage and Encryption

            Plain English: Your journal entries are encrypted on your device using AES-256-GCM (bank-grade encryption). The key lives in your device's secure keychain and never leaves.
        

4.1. All User Content is encrypted on the User's device using the Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode (AES-256-GCM) prior to storage.

4.2. Encryption keys are generated on-device and stored exclusively within the device's hardware-backed secure storage (iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly attribute or equivalent).

4.3. Encryption keys are not transmitted to the Company, stored on Company servers, or escrowed with any third party.

4.4. The Company has no technical capability to decrypt User Content.

5. On-Device Processing

            Plain English: All AI features run entirely on your phone using Apple's on-device ML. No internet required, no data sent anywhere.
        

5.1. The App utilizes on-device machine learning frameworks, including but not limited to Apple Core ML, MLX, and on-device speech recognition APIs, to provide AI-powered features.

5.2. On-Device Processing occurs without network transmission. User Content processed via On-Device Processing is not transmitted to the Company or any third party.

5.3. On-Device Processing functions without an active internet connection.

6. iCloud Synchronization

            Plain English: If you turn on iCloud sync, your encrypted data backs up to your iCloud account. We don't have access to your iCloud. Apple sees encrypted blobs, not your journal.
        

6.1. The User may optionally enable synchronization of App data via Apple iCloud.

6.2. When iCloud synchronization is enabled:

(a) User Content remains encrypted with User-controlled keys prior to synchronization;
(b) The Company does not have access to the User's iCloud account or credentials;
(c) Synchronized data is subject to Apple's iCloud Terms of Service and Privacy Policy;
(d) The Company receives no data, metadata, or notifications regarding iCloud synchronization activity.

6.3. The User may disable iCloud synchronization at any time via iOS Settings or the App's Settings.

7. Device Permissions

            Plain English: We ask for camera and microphone access for voice/vision features. Processing is on-device. Revoke permissions anytime in iOS Settings.
        

7.1. The App may request the following device permissions:

(a) Camera: Used for vision-based AI features. Camera input is processed via On-Device Processing.
(b) Microphone: Used for voice-based AI features. Audio input is processed via Apple's on-device speech recognition (SFSpeechRecognizer with requiresOnDeviceRecognition enabled).

7.2. Device permissions may be revoked at any time via iOS Settings. Revocation will disable features dependent on such permissions but will not affect other App functionality.

8. Diagnostics and Crash Reporting

            Plain English: Crash reports are off by default. You can opt in if you want to help us fix bugs. Crash reports contain technical info about what went wrong, not your journal entries.
        

8.1. The App does not collect diagnostics or crash reports by default.

8.2. The User may opt in to anonymous crash reporting via the App's Settings.

8.3. If the User opts in, crash reports may include:

(a) Device model and operating system version;
(b) App version;
(c) Technical information about the crash event, including stack traces and error codes;
(d) Timestamp of the crash event.

8.4. Crash reports expressly exclude:

(a) User Content;
(b) Personal identifiers;
(c) Encryption keys or Device Credentials;
(d) Contents of device memory beyond the App's execution stack.

8.5. The User may opt out of crash reporting at any time via the App's Settings.

9. Third-Party Services

            Plain English: No analytics. No ad networks. No data brokers. If that ever changes, we'll update this policy and tell you.
        

9.1. The App does not integrate third-party analytics services, advertising networks, or data broker services.

9.2. The App does not transmit User data to third parties for marketing, advertising, or profiling purposes.

9.3. If the Company integrates third-party services in the future, this Policy will be updated and Users will be notified via in-app notification prior to such integration.

10. Children's Privacy

            Plain English: This app isn't for kids under 13. We don't collect data from anyone, including kids.
        

10.1. The App is not directed to children under the age of 13.

10.2. The Company does not knowingly collect Personal Data from children under 13.

10.3. Given that the Company does not collect Personal Data from any Users, the Company does not possess Personal Data of children.

11. Data Retention and Deletion

            Plain English: Your data is yours. It lives on your device (and your iCloud if you enabled sync). Delete the app and it's gone. We have nothing to retain.
        

11.1. User Content is stored exclusively on the User's device and, if enabled, the User's personal iCloud account.

11.2. The Company does not retain User Content on Company-controlled infrastructure.

11.3. The User may delete User Content at any time by:

(a) Deleting individual entries within the App;
(b) Uninstalling the App, which removes all locally stored data;
(c) Managing iCloud storage via Apple ID settings.

11.4. Upon uninstallation, Device Credentials stored in the device keychain may persist until manually removed via iOS Settings or device reset.

12. User Rights

            Plain English: GDPR, CCPA, etc. give you rights to access, delete, and export your data. You already have all your data—it's on your device. Export anytime. No account needed.
        

12.1. Because the Company does not collect or store User Content, traditional data subject rights (access, rectification, erasure, portability, restriction, objection) are fulfilled by the User's possession and control of their own data.

12.2. The User may exercise data portability by exporting data via the App's export functionality.

12.3. The User may exercise the right to erasure by deleting data via the methods described in Section 11.3.

12.4. No account creation is required to use the App.

13. International Data Transfers

            Plain English: Your data stays on your device and in your iCloud. No international transfers by us.
        

13.1. User Content is stored exclusively on the User's device and, if enabled, the User's personal iCloud account.

13.2. The Company does not transfer User Content internationally as the Company does not receive or store User Content.

13.3. iCloud synchronization, if enabled by the User, is governed by Apple's data handling practices and terms of service.

14. Security

            Plain English: We use industry-standard encryption and security practices. The best protection is that we don't have your data in the first place.
        

14.1. The Company implements industry-standard security measures for any infrastructure under Company control.

14.2. The primary security mechanism is architectural: the Company does not possess User Content or the means to decrypt it.

15. California Privacy Rights

            Plain English: California law gives you extra rights. We don't sell your data (we don't have it). We don't share it for advertising (again, don't have it).
        

15.1. Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding Personal Information.

15.2. The Company does not sell Personal Information.

15.3. The Company does not share Personal Information for cross-context behavioral advertising.

15.4. As the Company does not collect Personal Information, categories of information collected, disclosed, or sold in the preceding 12 months: None.

16. Contact Information

Plain English: Questions? Contact us through our support page.

16.1. For inquiries regarding this Policy, contact us via our Support Page.

16.2. For EU/EEA Users, the Company may be reached via the support page for GDPR-related inquiries. Given the Company's data practices, no Data Protection Officer has been appointed.

17. Governing Law

17.1. This Policy shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to conflict of law principles.

17.2. Any disputes arising from this Policy shall be resolved in the state or federal courts located in Delaware.