Avyra

Privacy Policy

How Avyra handles your data — and why almost none of it leaves your device.

Privacy Policy

Last updated: 21 May 2026

Avyra is designed to run on your device. This Privacy Policy explains what data the App handles, where it lives, and the few specific situations in which data leaves your device.

The short version Avyra does not run a server. We do not have an account system, we do not collect analytics, and we do not transmit your conversations, memories, workflows, or credentials to any backend operated by us. The only network traffic the App makes is the traffic you trigger by choosing to download a model, enable an internet-using tool, configure a server LLM provider, connect to an MCP server, or sync via iCloud.

1. Data Stored On Your Device

The following data is created and stored locally on your device, in your app sandbox, never transmitted to us:

  • Conversations — chat transcripts, when "Persist conversations" is enabled in Settings. Stored in a local SQLite database under your app's Application Support directory.
  • Memories — the per-user fact store that the remember_fact tool and the auto-extraction middleware write into. Same SQLite database.
  • Workflows — the workflows you author or import (steps, prompt templates, bindings, triggers, output schema). Stored in a separate avyra-workflows.sqlite database under Application Support.
  • Server LLM provider configs — non-sensitive metadata (provider name, kind, base URL override, model id, sampling overrides, a reference to the associated credential id). Stored in UserDefaults; the actual API token lives in the Keychain via the credential vault below.
  • Credentials — credential metadata (display name, kind, notes, created date) in UserDefaults; the secret payload (API token, or username + password) is JSON-encoded and stored in the iOS Keychain keyed by credential id. Keychain entries are accessible only to this app and only after the device has been unlocked at least once since boot.
  • Settings — toggles and preferences from the Settings screen.
  • Downloaded models — when you choose to download a model (e.g. Qwen, Llama, Gemma, Kokoro), its weights are stored on-device.
  • Installed plugins — JavaScript tool bundles (.aria-tool files) you install via Settings live in Application Support.
  • Per-plugin storage — plugins that declare the storage capability can write key-value pairs to a sandboxed UserDefaults suite. Each plugin can only read its own storage.

2. iCloud Sync

If you are signed in to iCloud:

  • Settings are mirrored to iCloud Key-Value Storage so they follow you across devices that share your iCloud account.
  • Conversations, memories, and workflows are included in standard iCloud Backup. They are restored when you set up a new device from an iCloud Backup but are not actively synced between devices in real time.
  • Keychain entries (your saved credentials' secret payloads) sync via iCloud Keychain if you have that feature enabled in iOS Settings. Apple end-to-end encrypts iCloud Keychain — neither Apple nor we can read the contents.
  • Downloaded models are excluded from iCloud Backup so they don't consume your iCloud quota — re-downloading them on a new device is fast.

iCloud data is encrypted in transit and at rest by Apple. We have no access to it.

3. Microphone & Voice Mode

Voice mode uses the microphone for speech recognition. Audio is processed by Apple's SFSpeechRecognizer. When your device and locale support on-device recognition, audio never leaves the device. When on-device recognition is unsupported for your locale, the recognizer may fall back to Apple's server-side path — Apple's own privacy policy governs that processing. We never receive or store voice audio.

4. Network Activity

The App initiates outbound network requests only in the following situations, each requiring your action:

  • Model downloads — when you tap to download a model from the model picker. Weights are fetched from the model provider's hosting (Hugging Face by default).
  • The HTTP tool — when enabled in Settings → Tools, the AI model can make web requests on your behalf to fulfil a query (e.g. "what's the weather in Paris?"). The destination is whatever URL the model decides to call.
  • User-installed plugins with the http capability — same as above, but the plugin author controls which URLs are called.
  • Server LLM providers — when you configure an OpenAI, Anthropic, or Google Gemini provider in Settings → AI Providers and a workflow's LLM step is set to use it, the prompt is sent over HTTPS to that vendor's API. Your provider's privacy policy governs that processing. See section 6.
  • MCP servers — when you add an MCP tool step in a workflow, the step opens an HTTPS connection to the server URL you supplied and exchanges JSON-RPC messages. The MCP server operator's own privacy policy governs anything sent to them.
  • iCloud sync — Apple's iCloud daemon handles this on your behalf.

The App makes no other "phone home" requests. There is no analytics SDK, no crash reporter, no telemetry pipeline.

5. Third-Party Models (On-Device)

Open-weight models (Gemma, Llama, Qwen, Kokoro) run entirely on-device once downloaded. Their authors (Google, Meta, Alibaba, the Kokoro contributors) do not receive your prompts or outputs through Avyra. Apple's on-device FoundationModels system, when used as the active model on supported iOS versions, also runs on-device per Apple's documented privacy guarantees.

6. Server LLM Providers (Network)

Avyra lets you configure server-side LLM providers — OpenAI, Anthropic, and Google Gemini — and route individual workflow LLM steps through them. This is optional and disabled by default; every LLM step uses on-device Apple Intelligence unless you explicitly assign it a server provider in the step editor.

  • The prompt is sent to the vendor. When a step routes through OpenAI, Anthropic, or Gemini, the prompt text (after binding interpolation) and your model + sampling parameters are POSTed to that vendor's HTTPS endpoint. The vendor sees the prompt; we do not.
  • Your API token is read from the Keychain at request time. Avyra reads the secret payload from the credential you associated with the provider, places it in the request's Authorization / x-api-key / ?key= header (whichever the vendor uses), and discards it from memory after the request.
  • Background contexts can't reach the network. Workflows triggered from Shortcuts, Siri, or background AppIntents do not have network access for server LLM steps — the workflow will fail closed in those contexts. Use on-device Apple Intelligence for steps you want to invoke via Siri.
  • The vendor's privacy policy applies. Each vendor's data-handling, retention, and training-use policies govern what they do with your prompts. We do not negotiate or relay those terms.

7. Credential Vault

The credential vault stores secrets needed to talk to outside services (server LLM tokens, MCP server credentials, any future authenticated tool). Each credential has two parts:

  • Metadata (name, kind, notes, created date) lives in UserDefaults so the picker UI can render the list without unlocking the Keychain.
  • Secret payload (API token, or username + password) is JSON-encoded and stored in the iOS Keychain, keyed by credential id. Access requires the device to be unlocked at least once since boot. Optional biometric protection (Face ID / Touch ID) can be applied per credential.

Credentials are only read at the moment a workflow step needs them, never broadcast or logged. Deleting a credential wipes its Keychain entry immediately.

8. Workflows & Native Capabilities

Workflows can opt into native capabilities to read system data. Each capability requires a one-time iOS permission grant and is scoped to the read paths the App exposes; capabilities cannot read or modify data outside their declared surface.

  • HealthKit — read-only access to specific Health categories you grant. Today's surface covers: steps, distance walking/running, active energy burned, basal energy burned, exercise minutes, stand minutes, heart rate (latest), resting heart rate, heart rate variability, sleep analysis (asleep time, in-bed time, stages), mindful sessions, water (dietary water), workouts (type, duration, energy), height, body mass, body mass index, body fat percentage, lean body mass, blood pressure (systolic/diastolic), respiratory rate, oxygen saturation, body temperature, menstrual flow, and walking heart rate average. Avyra never writes to HealthKit and never transmits HealthKit data off-device unless a workflow step you authored explicitly forwards it (e.g. to a server LLM step you assigned).
  • Calendar & Reminders — read-only access via EventKit. Workflows can read events for a date range, today's events, reminders by list, and upcoming reminders. Avyra never adds, deletes, or modifies events or reminders.
  • Location — one-shot CoreLocation reads (when-in-use authorization). Used for "current city / coordinates" lookups. The App does not run continuous background location, does not store a location history, and does not maintain geofences.
  • Files — read-only access to files you pick via the iOS document picker each time. Avyra has no standing access to your file system; every read is gated by a fresh picker selection.
  • Secrets — read/write to the credential vault described in section 7, optionally biometric-gated. Used by workflow steps (e.g. MCP tool, LLM provider) and by JS plugins that declare the secrets capability.

9. Apple Permissions Requested

The App requests the following iOS permissions, each declared in Info.plist and only prompted when you first invoke the feature that needs it:

  • Microphone — required for voice mode. Denying disables voice mode only.
  • Speech recognition — required for voice mode.
  • Photo library — required to attach photos to chat messages. Denying disables the "Choose Photo" action only.
  • Camera — required to take a new photo to attach.
  • HealthKit — required for workflow steps that read Health data. Each Health category is granted individually.
  • Calendar — required for workflow steps that read calendar events.
  • Reminders — required for workflow steps that read reminders.
  • Location (When In Use) — required for workflow steps that read your current location.
  • Face ID / Touch ID — required only when you mark a credential as biometric-gated.

10. Data Deletion

You can clear app data at any time:

  • Settings → AI → Memories → Clear — wipes the memory store.
  • Settings → AI → Storage — manages downloaded models.
  • Settings → Credentials → swipe to delete — removes a credential and its Keychain entry.
  • Settings → AI Providers → tap into a provider → Delete provider — removes a server LLM provider configuration. The associated credential remains until you delete it explicitly.
  • Settings → Workflows → swipe to delete — removes a workflow.
  • Uninstalling the App removes all on-device data. If iCloud Backup includes it, that copy persists in your iCloud Backup until the backup itself is deleted via iOS Settings → Apple ID → iCloud → Manage Storage.

11. Children's Privacy

Avyra is not directed to children under 13. We do not knowingly collect data from anyone, including children, because we do not collect personal data at all.

12. Changes to This Policy

This Privacy Policy may be updated when new features change the data handling described above. The "Last updated" date at the top reflects the current version.