Privacy Policy

Last updated: April 27, 2026

Overview

AIPA ("we", "our", "the app") is a voice-first AI assistant that connects to your messaging platforms (Slack, Discord, Gmail) and tools via MCP. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

AIPA operates with a local-first architecture. Your data stays on your device.

• Platform tokens (Slack bot/user tokens, Gmail OAuth tokens) — stored in your device's Keychain, never sent to our servers.
• Channel messages — fetched from platform APIs and cached locally on your device. Never stored on our servers.
• Agent memory — structured memories your agents learn over time, stored in your device's Keychain.
• Voice conversations — processed by OpenAI's Realtime API using your own API key. We do not store or have access to your voice data.
• LLM API keys — your OpenAI, Anthropic, or Gemini keys are stored in your device's Keychain and used to make API calls directly from your device.

Data We Do NOT Collect

• We do not store your messages on our servers.
• We do not have access to your Slack, Discord, or Gmail content.
• We do not sell or share your data with third parties.
• We do not track your usage behavior or analytics.
• We do not store your voice recordings.

OAuth and Platform Access

When you install AIPA to a Slack workspace, we use OAuth to obtain access tokens. These tokens are stored in two places:

• Firestore — during OAuth flow, we temporarily store the bot token and workspace ID so the iOS app can sync new installations. This is the only data that touches our servers.
• Your device Keychain — after sync, tokens are stored locally and used for all API calls.

AIPA Personal (Send-as-You Mode)

If you choose to install AIPA Personal, you grant user-level OAuth scopes that allow the app to read and write messages as you. This means:

• Messages sent by AIPA Personal appear as if sent by you — other users cannot distinguish them.
• You control which channels have auto-reply enabled and can disable it at any time.
• All auto-sent messages are logged on your device with a full audit trail.

Third-Party Services

AIPA connects to third-party APIs using your own credentials:

• OpenAI — for voice (Realtime API) and text processing
• Anthropic — for text tasks and Claude Agents
• Google/Gemini — for text processing
• Slack API — for reading/writing messages
• MCP servers — for connecting to external tools you configure

Each service has its own privacy policy. We recommend reviewing them.

Data Retention

All user data is stored on your device. Deleting the app removes all local data. Uninstalling from a Slack workspace revokes the bot token. You can delete your data at any time by removing agents in the app or deleting the app entirely.

Children's Privacy

AIPA is not intended for children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Contact

Questions about this privacy policy? Email us at privacy@aipa.site.