Privacy Policy

In Ear Voice
Last Updated: May 14, 2026

In Ear Voice ("the App", "we", "our") is a voice-based AI assistant for iOS. This Privacy Policy describes what data we collect, how we use it, who we share it with, and how you can manage your information.

1. Data We Collect

1.1 Voice, Conversation, and Context Data

When you use In Ear Voice, your voice may be captured through the device microphone and streamed in real time to OpenAI to process your requests. Transcripts of your speech and the assistant's responses are generated during sessions.

The app stores conversation history locally and may send relevant prior context (for example, recent turns, memory context, and tool context) to OpenAI to improve continuity and responses.

1.2 Health Data (Optional)

If you connect Apple Health, In Ear Voice can read the following metrics on your behalf:

  • Steps, distance walked/run, active energy burned
  • Heart rate, resting heart rate, heart rate variability (HRV)
  • Sleep sessions (time in bed, asleep, deep, REM, core)
  • Workouts (type, duration, energy, distance)

Health data is accessed read-only. Before HealthKit is connected, the app presents this consent dialog: "If you connect Apple Health, In Ear Voice can read your activity, sleep, and heart data to answer health questions you ask. Relevant data may be sent to OpenAI to generate a response."

1.3 Location Data (Optional)

If you grant location permission ("When In Use"), In Ear Voice processes precise location to support place-aware features and reminders.

Location processing includes:

  • On-device location sampling and local visit history
  • Reverse geocoding via Apple location services
  • POI and address enrichment via Google Places APIs (when configured)

Location summaries (and, when available, address/location metadata) can be included in assistant context sent to OpenAI.

1.4 Photos, Files, Camera, and Recording (Optional)

  • Photos (image sharing): If you share an image with In Ear Voice, the selected image is sent to OpenAI for analysis.
  • File attachments: If you attach a document (for example a PDF, plain text, or other supported document), the app extracts its contents on-device and sends the extracted text — or, for PDFs, rendered page images — to OpenAI for analysis. Files are processed in transit and are not stored on our servers.
  • Camera + recording: If you record a conversation, the app captures front-camera video and records conversation audio tracks (your mic and assistant audio) into a local video file saved to your photo library.

1.5 Google Account Data (Optional)

If you connect your Google account, In Ear Voice accesses only the scopes you authorize:

  • Google Calendar — view, create, and update events
  • Gmail — view email messages and settings, and send emails on your behalf
  • Google Contacts (People API) — read-only access to both your contacts and your "Other contacts"
  • Google Drive — per-file access only (drive.file scope). With this scope the app can create new Google Docs and Sheets, and can open an existing Drive file only after you explicitly pick it in the Google Picker. If you pick or attach a Drive file, its contents are sent to OpenAI for processing.

Google account tokens are stored in iOS Keychain. We do not store copies of your Google account content on our servers.

If you connect Gmail during onboarding, In Ear Voice performs a one-time bulk read of your recent messages and sends those message bodies to OpenAI for fact extraction. Extracted facts are stored locally on your device.

1.6 X (Twitter) Account Data (Optional)

If you connect your X account, In Ear Voice performs an OAuth 2.0 sign-in (scopes: users.read, tweet.read, offline.access) and reads:

  • Your X profile (name, username, bio)
  • Up to your last 100 own posts (excluding retweets and replies)

X access and refresh tokens are stored in iOS Keychain. Profile and post content is sent to OpenAI for fact extraction; extracted facts are stored locally on your device. Disconnecting clears the local token and revokes it with X.

1.7 LinkedIn Profile Data (Optional)

If you connect LinkedIn, the handle (and the canonical linkedin.com/in/<handle> URL constructed from it) is sent to our search provider Exa to look up your public LinkedIn profile. The returned profile data is sent to OpenAI for processing; extracted data are stored locally on your device. We do not store or transmit a LinkedIn OAuth token.

1.8 Personality Assessment (Optional)

If you complete the personality intro during onboarding, the app sends your quiz answers and per-trait normalized scores to OpenAI to generate a short personality summary and a set of structured personality facts. The summary and facts are stored locally on your device. You may skip this step at any time.

1.9 Authentication and Account Data

In Ear Voice requires Sign in with Apple and uses Supabase Auth session tokens to keep you signed in.

Data used for account/authentication includes:

  • Apple Sign-In token data needed to authenticate you
  • Supabase Auth identifiers (for example, Supabase user ID)
  • Access and refresh tokens stored in iOS Keychain

On your first successful Apple authorization, we may store your Apple-provided given name (when available) in Keychain for onboarding personalization.

If Apple shares your email address with the app during Sign in with Apple, we may use it to send you a one-time welcome email shortly after you create your account. This email is sent through our transactional email provider, Resend (see §3.12). We do not use your email address for advertising.

1.10 Analytics, Diagnostics, and Attribution Data

We collect limited analytics, diagnostics, and attribution data such as:

  • Session started, progress, ended (with end reason)
  • Daily usage rollups (session count and elapsed usage)
  • Assistant response generation counts
  • Onboarding, tool, and integration lifecycle events (for example onboarding step completion, tool success/failure, integration connected/disconnected)
  • App lifecycle, crash, and non-fatal error diagnostics
  • Attribution and campaign metadata (for example install source, campaign, ad set, and similar conversion metadata)

These events may be processed by Amplitude, Firebase Analytics, Firebase Crashlytics, Firebase Remote Config, and AppsFlyer. Analytics are associated with your authenticated app account identifier (Supabase user ID). During migration from older app versions, a legacy anonymous analytics identifier may be read once to map historical analytics data, then deleted.

1.11 Web Search, Trending News, and People Search (Optional)

If a feature uses web search, your search query text is sent to Exa (our search provider) to retrieve relevant web results.

If you connect LinkedIn (see §1.7), the LinkedIn handle/URL you enter is sent to Exa's people-search endpoint to retrieve your public profile.

If your interest topics drive trending-news content in the feed, normalized topic queries are sent to xAI's news search API to fetch trending stories.

1.12 Weather Requests (Optional)

If you ask Ivy about weather, the app may process weather-related location data in one of two ways:

  • Current location weather: the app uses your current device coordinates, if you grant location permission, to retrieve weather for your present location.
  • Named-place weather: if you ask for weather in a named place (for example, a city), the app resolves that place name to coordinates using our mapping provider and then retrieves weather for that resolved place.

Weather requests are sent through our authenticated backend proxy to our weather provider.

1.13 Imported Memory Content (Optional)

If you use memory import features, the app may process:

  • Text you paste from another AI assistant (ChatGPT, Claude, Gemini, Perplexity, Grok, or DeepSeek) for migration into local memory

1.14 Locally Stored Data

The app stores the following on your device:

  • Conversation history and assistant responses
  • Personal facts and preferences you share, including facts extracted from connected integrations (Gmail, X, LinkedIn, pasted LLM exports) and from the personality assessment
  • Reminders and people/encounter logs
  • Location visit history and saved personal locations
  • Notification delivery history
  • Integration connection state and local app settings (including data-sharing consent status)

2. How We Use Your Data

We use your data to:

  • Process voice/text/image requests and generate assistant responses
  • Retrieve web results for requests that use web search
  • Provide personalized context based on your history and connected services
  • Create and manage reminders, notifications, and follow-up actions
  • Generate proactive suggestions and notifications from recent context
  • Answer health-related requests using connected Apple Health data
  • Improve reliability and performance through analytics

We do not sell your data. We do not show third-party ads inside the app. We do use analytics and attribution providers to measure installs, sessions, onboarding completion, reliability, and campaign performance.

3. Third-Party Services

Your data is processed by the following third-party services. We require that all third-party service providers who receive your personal data maintain privacy and security protections that are consistent with this Privacy Policy.

3.1 OpenAI

Voice audio, conversation text, images you share, and relevant context/tool data may be sent to OpenAI APIs to generate responses and proactive content. Content you import through optional integrations — Gmail message bodies, your X profile and posts, your LinkedIn profile, text you paste from other AI assistants, and your personality quiz answers and scores — is also sent to OpenAI for processing. OpenAI's policies apply to data they receive. See OpenAI Privacy Policy.

No voice, conversation, image, location, Health, or other user content is sent to OpenAI until you explicitly consent. On first launch, the app presents an in-app consent screen that describes what AI-related data is shared and with whom. You must confirm consent before any voice, conversation, or personal-context data is transmitted to OpenAI. You can revoke this consent at any time from Settings > Data > Privacy.

3.2 Supabase

Our backend uses Supabase Edge Functions for app policy checks, realtime token creation, weather proxying, and as a pass-through proxy for some OpenAI API calls (for example Responses and Embeddings).

Supabase functions receive the authenticated user context (for example Supabase JWT/user ID) and request payloads needed to fulfill those calls. We do not run a first-party long-term server database of full conversation transcripts, but data sent through these function requests is processed in transit by our backend infrastructure.

See Supabase Privacy Policy.

3.3 Amplitude (Product Analytics)

Usage analytics events are sent to Amplitude. Analytics events do not include full conversation transcripts or HealthKit samples. See Amplitude Privacy Policy.

3.4 Firebase (Analytics, Crash Reporting, Remote Config)

The app uses Firebase services for limited analytics/lifecycle measurement, crash and non-fatal diagnostics, and remote configuration / feature-flag delivery.

Firebase Analytics receives a limited subset of app events and built-in lifecycle events. Firebase Crashlytics receives crash reports and selected non-fatal diagnostics. Firebase Remote Config may receive installation/app-instance context needed to deliver configuration values.

See Firebase Privacy and Security.

3.5 AppsFlyer (Attribution)

The app uses AppsFlyer for attribution and campaign measurement. AppsFlyer may receive install/launch attribution data, a customer user ID derived from your authenticated app account, and selected routed conversion events. The app disables IDFA collection and does not present an ATT prompt for AppsFlyer.

See AppsFlyer Privacy Policy.

3.6 Google APIs (Connected Account)

If you connect Google services (Calendar/Gmail/People/Drive), data flows between your device and Google APIs using your OAuth tokens. Google Drive access is limited to the per-file drive.file scope.

3.6a X (Twitter) APIs (Connected Account)

If you connect X, the app authenticates against X's OAuth 2.0 endpoints and reads your profile and own posts via the X v2 API. Tokens are stored on your device and revoked with X on disconnect.

See X Privacy Policy.

3.7 Google Places APIs

If configured, Google Places APIs are used for location enrichment features (for example nearby POIs and address autocomplete).

3.8 Apple Location Services

Apple Core Location/CLGeocoder services are used for location and reverse geocoding features.

3.9 Exa (Web Search and People Search Provider)

For web-search-enabled features, query text and search parameters are sent to Exa to fetch relevant web results for the assistant. If you connect LinkedIn, the LinkedIn handle/URL you enter is also sent to Exa's people-search endpoint to retrieve your public LinkedIn profile.

See Exa Privacy Policy.

3.10 xAI (Trending News)

The feed's trending-news content is fetched from xAI's news search API. Normalized interest topic queries are sent to xAI; no account credentials or conversation content are transmitted.

See xAI Privacy Policy.

3.11 OpenWeather

When you ask for current weather or when the app builds weather-aware daily briefings, your device coordinates may be sent to OpenWeather to retrieve current conditions and daily high/low/precipitation data.

See OpenWeather Privacy Policy.

3.12 Resend (Transactional Email)

We use Resend to send transactional email, such as the one-time welcome email sent after you create your account. Resend receives the recipient email address and the message content needed to deliver that email. We do not use Resend for marketing or advertising email.

See Resend Privacy Policy.

4. Data Storage & Security

  • On-device storage: User content and app state are stored locally (Core Data, SQLite, JSON/UserDefaults) in your app sandbox.
  • Keychain: Sensitive credentials (auth session tokens, Apple-given-name onboarding value when available, and integration OAuth tokens) are stored in iOS Keychain.
  • In transit encryption: Network traffic uses encrypted transport (HTTPS and encrypted WebRTC media/data channels).
  • Server-side conversations: We do not operate a first-party long-term conversation transcript database. Relevant request data may still transit through backend functions and third-party processors described above.

5. Your Choices & Controls

5.1 Permissions

Sensitive permissions (microphone, camera, location, photos, notifications, Apple Health) require iOS authorization. You can revoke permissions in iOS Settings > In Ear Voice.

5.2 Apple Health

You can disconnect Apple Health at any time from Settings > Integrations. When disconnected, HealthKit tools stop returning data.

5.3 Connected Integrations

You can disconnect connected integrations at any time from Settings > Integrations:

  • Google services (Calendar, Gmail, Contacts) — tokens are cleared from Keychain and revocation is attempted with Google.
  • X (Twitter) — tokens are cleared from Keychain and revocation is attempted with X.
  • LinkedIn — there is no stored credential to revoke; disconnecting clears the locally cached profile linkage.

5.4 Microphone & Speaker

  • Mic off: microphone capture is disabled and mic audio is no longer streamed.
  • Speaker mute: assistant audio playback is muted.

5.5 AI Data Sharing Consent

Before any user voice, conversation, image, or personal-context data is shared with OpenAI, the app presents an in-app consent screen that describes what AI-related data is sent and to whom. You must explicitly consent before that AI data is transmitted to OpenAI. You can revoke this consent at any time from Settings > Data > Privacy > Disconnect AI. Revoking consent immediately stops OpenAI data transmission and disables AI-powered features until you re-consent.

5.6 Account Deletion

You can delete your account at any time from Settings > Data > Privacy > Delete my account. This permanently deletes your app account and clears local conversations, memories, reminders, personal encounters, location history, saved locations, integration credentials, legacy analytics identifiers (if present), and notification state. It also revokes AI data-sharing consent and resets the app to first-run flow.

6. Children's Privacy

In Ear Voice is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16.

7. Data Retention

  • On-device data: retained until deleted by app removal or local cleanup actions.
  • OpenAI / Exa / xAI / Amplitude / Google / X / Apple services: retained under their respective policies.
  • Supabase records: access-control and operational records are retained according to backend configuration and provider policy.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date reflects the latest revision.

9. Contact Us

If you have questions about this Privacy Policy or your data, contact:

Email: support@inearvoice.com

Abstract digital artwork with beige, brown, and black horizontal wave patterns.
Abstract digital artwork with beige, brown, and black horizontal wave patterns.
Circular logo with wave patterns in black.

in ear voice

hello@inearvoice.com

Instagram
Linkedin
Linkedin
TikTok

Copyright © In Ear Voice 2026, All rights reserved

Privacy Policy | Terms & Conditions