Privacy Policy
Last Updated: September 4, 2025
Welcome to Iris. We take privacy seriously - it's core to why we built Iris in the first place.
This Privacy Policy explains what information we collect, how we use it, and the choices you have.
It applies to the Iris app during Early Access (Alpha/Beta) and to our marketing site.
App use is U.S.-only; our marketing site can be viewed globally.
1. Who we are
Iris is operated by Wyrd Studios, Inc., a Delaware corporation
Based in Anacortes, WA, USA
Contact us at privacy@meplusiris.com
2. Who can use Iris
You must be 18 or older and a U.S. resident to use the app.
We don't knowingly collect data from minors. If we learn we have, we'll delete it.
3. What we collect
Account Information
- Required: Email address (for account creation and login)
- Optional: First name, birthday, gender, location
Profile Information
- An 8-question personality profile with no sensitive categories like politics, religion, biometrics, or precise location
Device / Technical
- IP address, browser or app version, operating system, error/crash logs
- Collected automatically for security and debugging
Chats
- The text you send and receive in Iris
- Encrypted in transit and at rest
- Not used for personalization or to train AI models
4. How we use your information
We use your information to:
- Provide and operate Iris
- Maintain your account and chat history
- Troubleshoot problems and keep Iris secure
- Send you account and authentication emails
- Send occasional product update emails (you can unsubscribe)
5. How chats are handled
- Chats are encrypted in transit and at rest in our systems
- We do not make chats accessible to company staff
- Chats stay until you delete them
- When you delete, they're removed from active storage promptly, then from backups within 90 days
6. Sharing with service providers
- When you use Iris, your inputs are sent to our AI provider (currently OpenAI) to generate responses; OpenAI also powers search results
- By default, OpenAI may keep API logs for up to 30 days for abuse monitoring; legal holds may require longer
- We advise you not to include sensitive personal data (like health info, government IDs, or passwords) in chats
We don't sell your data. We share it only with service providers to run the app:
- Our hosting and infrastructure providers (e.g., Railway, expo.dev)
- Our email provider (Brevo) for authentication and app-related email
- Providers we may add later, which we'll disclose in updates
7. Cookies & tracking
- We don't use marketing cookies, analytics scripts, or tracking pixels during Early Access
- We may add privacy-preserving analytics later so we can manage this app better, and will update this Policy accordingly
8. Your choices
- Delete your data: Email us at privacy@meplusiris.com from your account email to request deletion; we'll verify and delete unless law/security requires retention
- Export your chats: We'll provide your chat history in a simple format on request
- Opt-out of updates: Unsubscribe from product update emails any time via the link or instructions in the email
9. Security
- Encryption in transit and at rest for all data
- Role-based access controls for systems
- Backups automatically purge 90 days after deletion
- If a data breach affects you, we'll notify you without unreasonable delay, unless law enforcement asks us to withhold notice
10. Data retention
- Account data: Kept while your account is active, or until you delete it
- Chats: Kept until you delete them
- Backups: Purged on a 90-day cycle
- Retention may extend for legal, fraud prevention, or dispute resolution
11. Legal & dispute resolution
This Policy is governed by Washington law.
Any disputes are handled under the arbitration terms in our TOS.
12. Changes to this policy
We may update this Privacy Policy from time to time.
We'll notify you by in-app message or email. Continued use means you accept the changes.