Privacy First

Privacy Policy

Last updated: March 7, 2026 · Operated by Vortex Dynamics

The short version

  • We do not sell your data. Ever. To anyone.
  • We do not train AI models on your conversations.
  • Your conversations are processed on our private GPU infrastructure and are not shared with third parties.
  • We collect only what is necessary to operate the service.
  • You can request deletion of your account and all associated data at any time.

1. Who We Are

Iris is a private AI assistant operated by Vortex Dynamics (www.vortexdynamics.ai). We build privacy-first AI tools for security professionals, researchers, and individuals who require confidential, sovereign AI access.

Questions about this policy can be directed to privacy@vortexdynamics.ai.

2. What Data We Collect

We collect the minimum data required to operate the service:

Account informationYour email address and a bcrypt-hashed password. We never store your password in plain text.
Conversation historyMessages you send and receive within the app, stored in our private database to enable chat history and AI memory features.
Usage metadataToken counts and request timestamps used to enforce plan limits and generate your usage dashboard. No message content is included in usage logs.
API keysIf you create API keys, we store a SHA-256 hash of the key — not the key itself.
Billing informationIf you subscribe, payment is processed by Stripe. We store only your Stripe customer ID and subscription status — no card numbers or payment details ever touch our servers.
Beta sign-upIf you join the beta waitlist, we store your email address and selected plan. Nothing else.

3. What We Do Not Collect

  • We do not collect your IP address in any persistent log tied to your identity.
  • We do not use cookies for tracking or advertising.
  • We do not embed third-party analytics (no Google Analytics, Meta Pixel, or similar).
  • We do not collect device fingerprints, browser identifiers, or behavioural tracking data.

4. How We Use Your Data

Your data is used exclusively to:

  • Authenticate you and maintain your session
  • Deliver AI responses to your messages
  • Maintain conversation history and named AI memory contexts you create
  • Enforce plan usage limits
  • Send transactional emails (MFA codes, billing receipts) via Mailgun
  • Process subscription payments via Stripe

We do not use your data for advertising, profiling, or any purpose beyond operating the service you signed up for.

5. AI Model Training

Your conversations are never used to train AI models.

Iris runs on a private GPU server operated exclusively by Vortex Dynamics. Your messages are sent to this server for inference and are not shared with any AI model provider, cloud AI service, or third party. We do not fine-tune models on user data.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share data with third parties only as strictly necessary to operate the service:

StripePayment processing. Stripe receives your email and payment details when you subscribe. Stripe's privacy policy applies to data they collect. We do not receive or store card numbers.
MailgunTransactional email delivery (MFA codes, billing receipts). Your email address is transmitted to Mailgun solely to deliver these messages.
DigitalOceanInfrastructure hosting. Our servers run on DigitalOcean. DigitalOcean has access to server-level data as part of hosting, but not to application-level user data.

No other third parties receive your data. We do not use advertising networks, data brokers, or analytics platforms.

7. Data Storage & Security

  • All data is stored on private servers in DigitalOcean data centres.
  • All connections are encrypted in transit using TLS 1.2 or higher.
  • Passwords are hashed using bcrypt with a cost factor of 12.
  • Authentication tokens are short-lived JWTs stored in httpOnly cookies, inaccessible to JavaScript.
  • API keys are stored as SHA-256 hashes — the raw key is never retained after creation.
  • Multi-factor authentication (MFA) is available and recommended for all accounts.

8. Data Retention

We retain your data for as long as your account is active. Specifically:

Conversation historyRetained until you delete individual chats or request account deletion.
AI memory contextsRetained until you delete them within the app.
Usage logsRetained for 90 days for billing and abuse prevention, then automatically purged.
Account dataRetained until you request deletion. See Section 9.
Beta waitlistRetained until beta access is granted or you request removal.

9. Your Rights & Data Deletion

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and all associated data
  • Portability — request your conversation history in a portable format
  • Opt-out — unsubscribe from any marketing communications at any time

To exercise any of these rights, email privacy@vortexdynamics.ai from the address associated with your account. We will respond within 30 days.

10. Cookies

Iris uses a single httpOnly, Secure session cookie to maintain your authenticated session. This cookie:

  • Is not accessible to JavaScript
  • Is only transmitted over HTTPS
  • Expires after 24 hours (or on logout)
  • Is not used for tracking or advertising
  • Is not shared with any third party

We do not use any tracking cookies, advertising cookies, or third-party cookies.

11. Children's Privacy

Iris is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact privacy@vortexdynamics.ai and we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will notify active users by email. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions, data requests, or concerns:

Vortex Dynamics

Email: privacy@vortexdynamics.ai

Web: www.vortexdynamics.ai