Privacy Policy

In Ear Voice
Last Updated: March 25, 2026

In Ear Voice ("the App", "we", "our") is a voice-based AI assistant for iOS. This Privacy Policy describes what data we collect, how we use it, who we share it with, and how you can manage your information.

1. Data We Collect

1.1 Voice, Conversation, and Context Data

When you use In Ear Voice, your voice may be captured through the device microphone and streamed in real time to OpenAI to process your requests. Transcripts of your speech and the assistant's responses are generated during sessions.

The app stores conversation history locally and may send relevant prior context (for example, recent turns, memory context, and tool context) to OpenAI to improve continuity and responses.

1.2 Health Data (Optional)

If you connect Apple Health, In Ear Voice can read the following metrics on your behalf:

  • Steps, distance walked/run, active energy burned
  • Heart rate, resting heart rate, heart rate variability (HRV)
  • Sleep sessions (time in bed, asleep, deep, REM, core)
  • Workouts (type, duration, energy, distance)

Health data is accessed read-only. Before HealthKit is connected, the app presents this consent dialog: "If you connect Apple Health, In Ear Voice can read your activity, sleep, and heart data to answer health questions you ask. Relevant data may be sent to OpenAI to generate a response."

1.3 Location Data (Optional)

If you grant location permission ("When In Use"), In Ear Voice processes precise location to support place-aware features and reminders.

Location processing includes:

  • On-device location sampling and local visit history
  • Reverse geocoding via Apple location services
  • POI and address enrichment via Google Places APIs (when configured)

Location summaries (and, when available, address/location metadata) can be included in assistant context sent to OpenAI.

1.4 Photos, Camera, and Recording (Optional)

  • Photos (image sharing): If you share an image with In Ear Voice, the selected image is sent to OpenAI for analysis.
  • Camera + recording: If you record a conversation, the app captures front-camera video and records conversation audio tracks (your mic and assistant audio) into a local video file saved to your photo library.

1.5 Google Account Data (Optional)

If you connect your Google account, In Ear Voice accesses only the scopes you authorize:

  • Google Calendar — view, create, and update events
  • Gmail — view email messages and settings, and send emails on your behalf
  • Google Contacts (People API) — read-only access to both your contacts and your "Other contacts"

Google account tokens are stored in iOS Keychain. We do not store copies of your Google account content on our servers.

1.6 Authentication and Account Data

In Ear Voice requires Sign in with Apple and uses Supabase Auth session tokens to keep you signed in.

Data used for account/authentication includes:

  • Apple Sign-In token data needed to authenticate you
  • Supabase Auth identifiers (for example, Supabase user ID)
  • Access and refresh tokens stored in iOS Keychain

On your first successful Apple authorization, we may store your Apple-provided given name (when available) in Keychain for onboarding personalization.

1.7 Analytics Data

We collect usage analytics events such as:

  • Session started, progress, ended (with end reason)
  • Daily usage rollups (session count and elapsed usage)
  • Assistant response generation counts
  • Onboarding, tool, and integration lifecycle events (for example onboarding step completion, tool success/failure, integration connected/disconnected)

Analytics are associated with your authenticated app account identifier (Supabase user ID). During migration from older app versions, a legacy anonymous analytics identifier may be read once to map historical analytics data, then deleted.

1.8 Web Search Queries (Optional)

If a feature uses web search, your search query text is sent to Exa (our search provider) to retrieve relevant web results.

Web search requests may include:

  • The query text generated from your prompt/request
  • Request metadata needed to return search results

1.9 Imported Memory Content (Optional)

If you use memory import features, the app may process:

  • JSON memory exports you choose to import
  • Text you paste from another AI assistant for migration into local memory

Imported content is processed to extract structured memory facts and stored locally on your device.

1.10 Locally Stored Data

The app stores the following on your device:

  • Conversation history and assistant responses
  • Personal facts and preferences you share
  • Reminders and people/encounter logs
  • Location visit history and saved personal locations
  • Notification delivery history
  • Integration connection state and local app settings (including data-sharing consent status)

2. How We Use Your Data

We use your data to:

  • Process voice/text/image requests and generate assistant responses
  • Retrieve web results for requests that use web search
  • Provide personalized context based on your history and connected services
  • Create and manage reminders, notifications, and follow-up actions
  • Generate proactive suggestions and notifications from recent context
  • Answer health-related requests using connected Apple Health data
  • Improve reliability and performance through analytics

We do not use your data for advertising. We do not sell your data.

3. Third-Party Services

Your data is processed by the following third-party services. We require that all third-party service providers who receive your personal data maintain privacy and security protections that are consistent with this Privacy Policy.

3.1 OpenAI

Voice audio, conversation text, images you share, and relevant context/tool data may be sent to OpenAI APIs to generate responses and proactive content. OpenAI's policies apply to data they receive. See OpenAI Privacy Policy.

No data is sent to OpenAI until you explicitly consent. On first launch, the app presents an in-app consent screen that describes what data is shared and with whom. You must confirm consent before any voice, conversation, or personal data is transmitted to OpenAI. You can revoke this consent at any time from Settings > Data > Privacy.

3.2 Supabase

Our backend uses Supabase Edge Functions for app policy checks, realtime token creation, and as a pass-through proxy for some OpenAI API calls (for example Responses and Embeddings).

Supabase functions receive the authenticated user context (for example Supabase JWT/user ID) and request payloads needed to fulfill those calls. We do not run a first-party long-term server database of full conversation transcripts, but data sent through these function requests is processed in transit by our backend infrastructure.

See Supabase Privacy Policy.

3.3 Amplitude (Analytics)

Usage analytics events are sent to Amplitude. Analytics events do not include full conversation transcripts or HealthKit samples. See Amplitude Privacy Policy.

3.4 Google APIs (Connected Account)

If you connect Google services (Calendar/Gmail/People), data flows between your device and Google APIs using your OAuth tokens.

3.5 Google Places APIs

If configured, Google Places APIs are used for location enrichment features (for example nearby POIs and address autocomplete).

3.6 Apple Location Services

Apple Core Location/CLGeocoder services are used for location and reverse geocoding features.

3.7 Exa (Web Search Provider)

For web-search-enabled features, query text and search parameters are sent to Exa to fetch relevant web results for the assistant.

See Exa Privacy Policy.

4. Data Storage & Security

  • On-device storage: User content and app state are stored locally (Core Data, SQLite, JSON/UserDefaults) in your app sandbox.
  • Keychain: Sensitive credentials (auth session tokens, Apple-given-name onboarding value when available, and integration OAuth tokens) are stored in iOS Keychain.
  • In transit encryption: Network traffic uses encrypted transport (HTTPS and encrypted WebRTC media/data channels).
  • Server-side conversations: We do not operate a first-party long-term conversation transcript database. Relevant request data may still transit through backend functions and third-party processors described above.

5. Your Choices & Controls

5.1 Permissions

Sensitive permissions (microphone, camera, location, photos, notifications, Apple Health) require iOS authorization. You can revoke permissions in iOS Settings > In Ear Voice.

5.2 Apple Health

You can disconnect Apple Health at any time from Settings > Integrations. When disconnected, HealthKit tools stop returning data.

5.3 Google Account

You can disconnect Google services (Google Calendar, Gmail, Google Contacts) at any time from Settings > Integrations. Tokens are cleared from Keychain and revocation is attempted with Google.

5.4 Microphone & Speaker

  • Mic off: microphone capture is disabled and mic audio is no longer streamed.
  • Speaker mute: assistant audio playback is muted.

5.5 AI Data Sharing Consent

Before any data is shared with OpenAI, the app presents an in-app consent screen that clearly describes what data is sent and to whom. You must explicitly consent before any personal data is transmitted. You can revoke this consent at any time from Settings > Data > Privacy > Disconnect AI. Revoking consent immediately stops data transmission to OpenAI and disables AI-powered features until you re-consent.

5.6 Account Deletion

You can delete your account at any time from Settings > Data > Privacy > Delete my account. This permanently deletes your app account and clears local conversations, memories, reminders, personal encounters, location history, saved locations, integration credentials, legacy analytics identifiers (if present), and notification state. It also revokes AI data-sharing consent and resets the app to first-run flow.

6. Children's Privacy

In Ear Voice is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16.

7. Data Retention

  • On-device data: retained until deleted by app removal or local cleanup actions.
  • OpenAI / Exa / Amplitude / Google / Apple services: retained under their respective policies.
  • Supabase records: access-control and operational records are retained according to backend configuration and provider policy.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date reflects the latest revision.

9. Contact Us

If you have questions about this Privacy Policy or your data, contact:

Email: support@inearvoice.com