Privacy Policy

Last updated: April 7, 2026

1. Our Privacy Commitment

PocketAI is built on a privacy-first architecture. Your conversations, prompts, AI-generated outputs, and files are processed entirely on your device and are never sent to our servers. We do not collect, store, access, or analyze your AI interactions.

This Privacy Policy explains what limited data we do collect when you use optional cloud features such as account management, remote access, and payments.

2. Data PocketAI Cannot Access

The following data is never accessible to PocketAI, never stored on our servers, and never visible to us:

  • Your conversations and chat history
  • Your prompts and inputs to AI models
  • AI-generated text, images, videos, and code
  • Files and documents you process with AI models
  • AI model files stored on your device
  • Your usage patterns and model preferences

By default, all of this data is processed and stored locally on your device. If you use the remote access feature, your data travels between your devices over an end-to-end encrypted connection. It is encrypted on the sending device and decrypted only on the receiving device. PocketAI relay servers route encrypted traffic but cannot read its contents.

3. Data We Collect

When you create an account or use cloud features, we collect the following:

Account Information

  • Email address
  • Hashed password (or OAuth tokens if using social login)
  • Account creation date
  • Subscription status and tier

Device Information (Remote Access Only)

  • Device names you assign (e.g., "My Laptop")
  • Subdomain assignments (e.g., my-laptop.pocketaihub.com)
  • Online/offline status (heartbeat)
  • Bandwidth usage (for tier enforcement)
  • End-to-end encryption public keys

Payment Information

  • Payment details are processed directly by our payment providers (Stripe, PayPal, or cryptocurrency processors) and are not stored on our servers
  • We store only transaction identifiers and subscription status

Technical Data

  • IP address (for rate limiting and security, not stored long-term)
  • Browser/app version information (for compatibility)

4. How We Use Your Data

We use the data we collect to:

  • Provide and maintain your account
  • Process payments and manage subscriptions
  • Route remote access connections between your devices
  • Enforce usage limits for your subscription tier
  • Send transactional emails (account verification, password resets)
  • Respond to support requests
  • Prevent fraud and abuse

We do not use your data for advertising, profiling, or selling to third parties. We do not use your data to train AI models.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Stripe — Payment processing (card payments, Apple Pay, Google Pay)
  • PayPal — Payment processing
  • Cloudflare — DNS and infrastructure
  • Google, GitHub, Apple — OAuth authentication (if you choose social login)
  • Apple App Store / Google Play Store / Microsoft Store — In-app purchase processing

Each third-party service is governed by its own privacy policy. We recommend reviewing their policies for details on how they handle your data.

6. Cookies

We use minimal cookies for essential functionality:

  • Session cookies — To maintain your login state
  • Affiliate tracking cookies — 30-day cookies to attribute referrals (only if you arrived via an affiliate link)

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

7. Data Retention

We retain account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., payment records for tax purposes).

Since your conversations and AI outputs are stored only on your device, deleting the app or clearing its data permanently removes that information. We have no ability to recover it.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Passwords are hashed and never stored in plaintext
  • Remote access uses end-to-end encryption
  • HTTPS for all server communication
  • Rate limiting and CSRF protection
  • JWT-based authentication with secure token handling

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your account and personal data
  • Portability — Request your data in a portable format
  • Objection — Object to certain processing of your data

To exercise any of these rights, contact us through our support page.

10. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.

11. International Data Transfers

If you are accessing the Service from outside the United States, your account data may be transferred to and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers.

12. GDPR (European Users)

If you are in the European Economic Area (EEA), our legal basis for processing your data is:

  • Contract performance — To provide the Service you signed up for
  • Legitimate interest — To prevent fraud, enforce our terms, and improve the Service
  • Consent — For optional features like affiliate cookie tracking

You have the right to lodge a complaint with your local data protection authority.

13. CCPA (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal data we collect and how it is used
  • The right to request deletion of your personal data
  • The right to opt out of the sale of personal data

We do not sell personal data. We do not share personal data for cross-context behavioral advertising.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact

If you have questions about this Privacy Policy or your data, please contact us through our support page.