Iris

Draft — review with counsel before launch

Privacy Policy

Last updated: April 29, 2026

This Privacy Policy describes how Iris (“we”, “us”) collects, uses, and shares information when you use the Iris service (the “Service”).

1. Information we collect

Account information

When you sign up we collect your email address, name (optional), and a password hash (or OAuth identifier from Google/GitHub).

Recordings you upload

Iris is a screen-recording product. The recordings you upload — video, audio, screenshots, transcripts, and the structured context we extract from them — are stored on our infrastructure on your behalf. They are private to your workspace by default. You explicitly opt in to make a recording public by enabling a share link.

Usage data

We collect normal server logs (IP address, user agent, request paths) and product analytics (which features you used, error rates) for debugging and to improve the Service.

2. How we use your information

  • To operate, maintain, and improve the Service.
  • To send transactional emails (verification, password reset, billing receipts, workspace invitations).
  • To process recordings using third-party AI providers — see “Subprocessors” below.
  • To respond to support requests and enforce our Terms.
  • To send occasional product announcements (you can opt out of these at any time).

3. Subprocessors

To deliver the Service we share recording content with:

  • Anthropic — frame-by-frame visual analysis and summarization. See Anthropic’s privacy policy.
  • Deepgram — audio transcription. See Deepgram’s privacy policy.
  • Railway / AWS / S3-compatible storage — hosting and object storage.
  • Resend — transactional email delivery.

We do not sell or rent your personal information or recording content to anyone.

4. Data retention

Recordings persist until you (or someone with admin access to your workspace) deletes them, or until your account is closed. When you delete your account, we permanently delete your personal information, recordings you uploaded, and any workspace you solely own. Workspaces with co-owners retain their data; you simply lose membership. Backups may retain deleted data for up to 30 days before they roll off.

5. Your rights

You can access, export, correct, and delete your data at any time via the dashboard, or by emailing privacy@iris.dev.

If you are in the EEA, UK, or California, you have additional rights under GDPR/CCPA, including the right to lodge a complaint with your supervisory authority.

6. Security

Passwords are hashed with bcrypt. API keys are stored as SHA-256 hashes; the original key is shown only once at creation. All traffic is served over HTTPS. Object storage in our production environment uses server-side encryption at rest.

7. Children

Iris is not directed at anyone under 16. We do not knowingly collect information from children.

8. Changes

We may update this Privacy Policy from time to time. Material changes will be announced via email and/or the dashboard.

9. Contact

Questions? Email privacy@iris.dev.