iri Notes
Sign inStart free

Privacy Policy

Effective 2026-05-13. This is a v1.0 policy.

1. Who we are

iri Notes ("iri", "we") is operated by Angie Kim (사업자등록 in the Republic of Korea). Contact: hello@iri-ai.com. The same address is the privacy officer (개인정보보호책임자) contact under Korea's Personal Information Protection Act (PIPA).

2. What we collect

  • Account info — email, display name, and an OAuth identifier when you sign in with Google or GitHub.
  • Content you put into iri — notes, files, attachments, folder names, tags, comments, and the embeddings / knowledge atoms iri derives from them.
  • Workspace metadata — workspace name, sphere names, membership, API keys you issue.
  • Usage analytics — page views, feature interactions, error reports. Sent to PostHog (see §5).
  • Inferred data — knowledge atoms iri extracts from your notes via large language models. These live in your workspace and are subject to the same access controls as the source notes.

We do not collect special-category data (health, race, political opinion, etc.) and ask you not to upload it.

3. Why we collect it

  • To operate the product (auth, storage, sync, search, briefings).
  • To improve reliability (error tracking, performance metrics).
  • To communicate service updates (transactional email only — no marketing without explicit consent).

4. AI processing

Notes you create or import may be sent to large-language-model providers (currently Anthropic / Claude and OpenAI) to power summarisation, atom extraction, related-note suggestions, and "Ask" features. Providers process content as data processors under their own terms; we do not authorise them to use your content for training. Embedding vectors and AI-derived metadata are stored in our database under the same workspace access controls as the source content.

5. Subprocessors

  • Neon (Postgres hosting, US/EU regions).
  • Vercel (application hosting / edge network).
  • PostHog (product analytics, session replay with masked inputs). Loaded only after you accept analytics in the consent banner.
  • Anthropic and OpenAI (LLM inference for AI features).
  • Better Auth infrastructure for authentication.

A current subprocessor list is available on request.

6. Where data lives

Primary data is stored in Neon's region you cannot currently choose at signup; we are working on region selection. We do not knowingly transfer data outside jurisdictions that have an adequacy decision with your country of residence without using standard contractual clauses or equivalent safeguards.

7. Retention

  • Account + content are retained while your workspace is active.
  • Soft-deleted notes are recoverable from the trash for 30 days, then purged.
  • When you delete your account, content is queued for purge within 30 days. Backups roll off within 90 days.
  • Audit logs (auth events, billing events) are kept for up to 1 year for security and compliance.

8. Your rights

  • Access — see what we hold; the dashboard exposes most of it directly.
  • Export — download your data as JSON / Markdown from Dashboard → Export.
  • Correction — edit any content in-app; email us for account-level fields.
  • Deletion — delete your account from Dashboard → Account, or email us.
  • Objection / portability / withdrawal of consent — email us; we respond within 30 days (PIPA Art.35-37, GDPR Art.15-22).

9. Cookies and analytics consent

We use one essential session cookie for authentication, a preference cookie for theme + locale, and (only after you opt in) PostHog analytics cookies. The consent banner lets you opt in or stay opted out; you can change your choice any time using the button below or the Cookies link in the footer.

10. Children

iri Notes is not directed to children under 14 (Korea) or 16 (EU) and we do not knowingly collect their data. If you believe a minor has registered, email us and we'll remove the account.

11. Security

Transport is TLS-only. Database is encrypted at rest by Neon. Workspace data is isolated by row-level security in Postgres. API keys are hashed. We do not promise the absence of all risk, but we don't compromise on the basics.

12. Changes

We post material changes here and notify active accounts by email. The Effective date at the top of this page is the source of truth for the current version.

13. Contact

Send any privacy request or complaint to hello@iri-ai.com. Under PIPA you may also complain to the Personal Information Protection Commission (개인정보보호위원회, 1833-6972, privacy.go.kr).