Privacy Policy

The Short Version

Your data stays on your device. We don't collect it, we don't track you, and we don't sell anything to anyone. ZeroChat is an open-source, privacy-first voice AI agent. You own everything.

1. Data We Collect

None.

ZeroChat does not collect, transmit, or store any personal data on external servers. There is no analytics, no telemetry, no crash reporting, and no usage tracking. The app does not require an account, email address, or any form of registration.

2. Data Stored on Your Device

All data created by ZeroChat lives exclusively on your device:

• Conversations — Stored in SurrealDB (embedded, on-device) for chat history and context
• Memories — Stored in SurrealDB (embedded, on-device) as a knowledge graph built from your conversations
• API keys — Stored in iOS Keychain / Android EncryptedSharedPreferences for authenticating with your chosen LLM provider
• Preferences — Stored in local device storage for app settings, voice selection, and personality config
• Voice audio — Processed in memory, not persisted; used for speech-to-text conversion via on-device Whisper model

No data is stored in plaintext. API keys are protected by the operating system's secure storage facilities. You may additionally enable biometric authentication (Face ID, fingerprint) for access to memories, API keys, and data exports.

3. Data Sent to Third Parties

ZeroChat connects to external services only when you explicitly configure them:

LLM Providers (Your Choice)

When you add an API key and send a message, your conversation is transmitted to the LLM provider you selected (e.g., OpenAI, Anthropic, OpenRouter, Ollama). This is necessary for the AI to generate responses.

• What is sent: Your message, relevant conversation context, and system instructions
• What is NOT sent: Your other conversations, memories, API keys for other providers, device information, or any metadata about your usage of ZeroChat
• Your control: You choose the provider. You provide the API key. You can switch or disconnect at any time. If you use a local model (e.g., Ollama), no data leaves your device at all.

Each provider has its own privacy policy. We encourage you to review them:

• OpenAI Privacy Policy
• Anthropic Privacy Policy
• OpenRouter Privacy Policy

MCP Tool Servers (Your Choice)

If you connect MCP (Model Context Protocol) tool servers, data relevant to tool execution is sent to those servers via Streamable HTTP. You configure which servers to connect. Each tool invocation requires your explicit approval on first use.

Nothing Else

ZeroChat does not contact any other external service. There are no hidden API calls, no background syncing, no "phone home" behavior.

4. Voice Data

ZeroChat uses on-device speech-to-text (Whisper) and text-to-speech (Sherpa-ONNX) models. Voice processing happens entirely on your device:

• Audio from your microphone is processed in memory and converted to text
• Audio is not recorded, stored, or transmitted
• STT/TTS models are downloaded once on first use and stored locally
• No voice data is sent to any server (unless the resulting text is sent to your chosen LLM provider as part of a conversation)

5. Microphone and Permissions

ZeroChat requests microphone access for voice conversations. This permission is:

• Requested only when you first tap the microphone button
• Optional — you can use ZeroChat entirely via text input
• Revocable at any time through your device's settings

No other sensitive permissions are required. ZeroChat does not access your contacts, photos, location, calendar, or any other personal data on your device.

6. Children's Privacy

ZeroChat does not knowingly collect any data from anyone, including children under 13. Since no data is collected or transmitted, there is no age-gated data handling.

7. Data Deletion

Since all data lives on your device, you have complete control:

• Conversations: Clear via Settings > Storage > Clear conversation cache
• Memories: Delete individual memories in the Memory screen, or clear all
• API keys: Remove via Settings > Provider
• Everything: Uninstall the app. All data is removed with it.

There is no server-side data to request deletion of, because none exists.

8. Open Source Transparency

ZeroChat is open source. You can inspect every line of code to verify these privacy claims. The source code is publicly available, and we welcome security audits from the community.

• No analytics SDKs are included in the codebase
• No tracking pixels, fingerprinting, or ad networks
• The Apple Privacy Manifest (PrivacyInfo.xcprivacy) declares zero collected data types and no tracking

9. Changes to This Policy

If this policy changes, the update will be reflected in the app's repository with a clear diff. Since we collect no data, meaningful policy changes are unlikely — but if they occur, the effective date at the top of this document will be updated.

10. Contact

For questions about this privacy policy or ZeroChat's data practices:

• Email: privacy@ingeniousdigital.com
• Web: ingeniousdigital.com/contact

Your conversations are yours. Your voice is yours. Your data is yours. That's the point.