This Privacy Policy explains how Iroh Technologies Inc. ("we," "us," or "our") collects, uses, stores, shares, and protects information when you use the FinePrint mobile application and related services (collectively, the "Service").
We designed FinePrint to be privacy-respecting by construction. Our analytics taxonomy is typed and closed — we cannot accidentally collect document content, finding text, names, addresses, or other identifying information from the documents you upload, because the only values the analytics pipeline accepts are short enum-tagged identifiers from a small allow-list.
If you do not agree with this Privacy Policy, do not use the Service. This Privacy Policy is referenced from our Terms of Use; the two documents together govern your relationship with us.
Account Information. When you sign in, we receive (a) an opaque user identifier from your sign-in provider (Apple, Google, or our email service), and (b) your email address, if you choose to provide one. Apple's Sign in with Apple may anonymize your email; we receive only the relay address you choose to share. We do not receive your name, birthday, social network connections, or other profile data from your sign-in provider.
Document Content. When you upload a document for analysis, we store the file in our cloud storage and process its content with AI to identify findings (deadlines, fees, restrictions, money opportunities, and similar). The document, the extracted text, and the AI-generated findings are stored under your account. You can delete a document at any time through the in-app Delete action.
Subscription and Payment State. When you subscribe or purchase a one-time pass through Apple's App Store, our subscription-management vendor (RevenueCat) tells us about your entitlement (e.g., "this user has an active Pro subscription" or "this user has one unconsumed pass"). We do not receive your credit-card number, billing address, or other payment details — Apple and Apple's payment partners handle those.
Device and Operational Information. We receive basic device information from your sign-in session and from API calls: device type (iPhone / iPad), operating-system version, app version, locale (used for jurisdiction-level analytics — see Section 5), and request metadata such as IP address (used for rate-limiting and abuse detection, not stored long-term). We do not collect precise device location, contacts, photo library, or any other operating-system data without explicit OS-level permission.
Analytics Events. We collect a small set of typed analytics events to operate the Service and improve it. See Section 5 for details.
Push Notification Permission. If you grant the OS-level notification permission, the OS gives us a push-notification token tied to your device. We use it only to deliver the reminders you have explicitly configured. Withdraw the permission in iOS Settings at any time.
We do NOT collect: precise location (we never call Core Location), contacts, photo library, camera roll, microphone input, calendar, health data, biometrics, advertising identifiers, web browsing history, or any data from other apps on your device.
We do NOT use third-party advertising trackers. We do NOT sell or share your personal information for advertising purposes.
Our analytics pipeline is built so that document text, source clauses, finding titles, document file names, your email address, your name, names of landlords, employers, insurers, HOAs, counterparties, lawyers, or other identifying details from your uploaded documents NEVER enter the analytics records, even if a future code change tried to include them. The taxonomy is enforced at compile time on the device and again on the server.
When you upload a document, the file is transmitted over an encrypted connection (HTTPS) to our cloud storage (Amazon Web Services Simple Storage Service, in the United States, us-east-1 region). The file is stored under your account using a unique opaque identifier.
Our analysis pipeline extracts the text of the document and submits it, page by page or in chunks, to a large language model hosted on Amazon Bedrock for the purpose of identifying findings (Section 4 of the Terms describes the kinds of findings). The model returns structured data (categories, severities, source page numbers, exact quotes from the document). We store the structured findings under your account.
We do not use your documents to train our or any third party's AI model. Amazon's Bedrock service is contractually prohibited from retaining the input or output beyond the request, and the chosen model provider (Anthropic) does not train on customer-submitted Bedrock inputs.
AI output is probabilistic and may be wrong. See the Terms of Use for the disclaimer.
FinePrint uses a privacy-safe analytics pipeline organized into four consent buckets. You can adjust them in the app under Profile → Privacy.
Essential operational (always on). Required for the Service to function and to be debugged: sign-in success and failure events, identity transitions, quota-exceeded events, restore-purchase events, and similar. These events never include document content. We rely on these events to debug failures and to ensure the Service works correctly for you.
Anonymous product analytics (default on; you may turn off). Funnel-style product metrics for the team to understand which features users find valuable: onboarding completion, upload attempts, finding views, paywall presentations, and similar. Events contain only enum-tagged values (such as "document_type=apartment_lease" or "finding_category=deadlines") and never include document content or your account identity.
Marketplace demand (default on; you may turn off). Aggregated counts grouped by jurisdiction (at the state or country level only), document type, and finding category. These let us understand what kinds of fine-print issues are common in different regions to plan future features (such as a partner-matching marketplace). Marketplace-demand events do NOT carry your account identity — instead, each install of the app generates an opaque random identifier that is sent only with marketplace events and is never used for any other purpose. On our server, that identifier is one-way hashed before storage; only counts of distinct identifiers are reported in aggregate metrics, and aggregates are not exposed when the underlying cohort is smaller than ten (10) users.
Personalized partner (default off; off until you opt in). This bucket would attach your account identity to marketplace events so that, in a future lawyer-matching feature, we could surface partner offers tied to your situation. This bucket is not wired into any active feature today. Turning it on stores your preference; opting in to a specific data share would still require a separate explicit action in the relevant feature when it ships.
Jurisdiction-level signals collected with these events are limited to state, province, or country granularity (such as "US-CA" for California or "DE" for Germany). We never collect city, ZIP code, neighborhood, exact address, or device GPS location.
We use PostHog as our analytics processor under a data-processing agreement that requires deletion on request.
We use the information we collect to: (a) provide and maintain the Service, including signing you in, processing document uploads, generating findings, and delivering reminders; (b) operate paid features and process subscriptions; (c) detect and prevent abuse, fraud, and security incidents; (d) debug failures and improve reliability; (e) understand product usage patterns and plan improvements (aggregated, see Section 5); (f) comply with legal obligations and respond to lawful requests.
We will NOT use your documents, findings, or account identity for advertising, marketing, or to sell to third parties. We will not share your document contents with any lawyer or partner without your separate explicit action.
We share limited information with the third-party service providers required to run the Service. Each provider is contractually bound to use the information only to provide the service to us.
Apple Inc. (App Store, Sign in with Apple, StoreKit, push notifications) — receives sign-in identity assertions, purchase events, and push tokens, as required for those services.
Google LLC (Sign in with Google) — when you choose Sign in with Google, Google processes the OAuth handshake. We receive only the verified email and the opaque Google subject identifier.
RevenueCat, Inc. (subscription management) — receives a per-user opaque identifier and the entitlement/purchase state from Apple to surface your active subscription or pass balance.
Amazon Web Services, Inc. (cloud hosting, in the United States) — stores documents, findings, reminders, account state, and analytics data. AWS does not access the content for its own purposes.
Anthropic, PBC (AI processing via Amazon Bedrock) — receives the text of your document for the purpose of returning the structured findings. Anthropic does not retain the input or train models on it under Bedrock's terms.
AWS Simple Email Service (one-time-code emails for email sign-in) — receives the email address you entered and the one-time code, for the sole purpose of delivering the code.
PostHog Inc. (anonymous product analytics) — receives the analytics events described in Section 5. Events do not contain document content or user-identifying details from documents.
We may also share information when required by law (subpoena, court order, lawful government request), to enforce these Terms or our other agreements, or to protect the rights, property, or safety of us, our users, or others. We will use reasonable efforts to notify you of such requests where legally permitted.
We do NOT sell your personal information. We do NOT share it for cross-context behavioral advertising (as those terms are defined under California law).
We store your data in Amazon Web Services in the United States, us-east-1 region. Data is encrypted in transit (TLS) and at rest (AWS server-side encryption with managed keys). Database backups are retained for thirty-five (35) days using AWS-managed point-in-time-recovery snapshots.
Access to your data inside our systems is restricted to a limited set of authorized personnel and to automated systems required to run the Service. All access is logged.
We hash user identifiers used in marketplace-demand analytics with a separate cryptographic secret key controlled by us, so analytics rows cannot be reversed to a real user identity even by us. Aggregated metrics enforce a minimum cohort size of ten (10) users before any aggregate is exposed.
No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you and any regulators as required by applicable law.
Documents you upload. Stored under your account in our cloud storage for up to three hundred sixty-five (365) days from upload. After ninety (90) days, the underlying object may transition to lower-cost storage; at three hundred sixty-five (365) days the underlying file is deleted from cloud storage automatically. The structured findings derived from the document remain available under your account until you delete them.
Findings and reminders. Retained under your account until you delete them or delete your account.
Analytics events (raw). Stored for ninety (90) days, then auto-deleted via time-to-live.
Analytics aggregates. Stored indefinitely; aggregates only include rows with cohort size of at least ten (10).
Account record. Retained until you delete your account through the in-app Delete Account action.
Backups and logs. Backups: 35 days. Operational logs (CloudWatch): up to 90 days for diagnostic logs; longer for security-relevant audit logs as required.
If you delete your account, we delete account-scoped data from our active systems within thirty (30) days. Encrypted backups containing your data may persist for up to thirty-five (35) days from deletion, after which they expire automatically.
Account access and control. You can view, manage, and delete your documents and reminders from inside the app at any time. You can delete your account using the in-app Delete Account action — this triggers a cascade that removes account-scoped data from our active systems.
Analytics preferences. Adjust the three toggleable analytics consent buckets at Profile → Privacy. Essential operational telemetry remains on; it is required to debug failures and does not include document content.
Notifications. Manage push-notification permissions in iOS Settings. Manage in-app reminder preferences at Profile → Notifications.
Sign out. Sign out at any time at Profile → Account. Signing out preserves your local data and returns to guest mode.
Data subject rights (where applicable, including California and EU/UK residents). See Sections 11 and 12. To exercise any right, email legal@irohtechnologies.com from the email associated with your account. We may need to verify your identity before responding.
If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:
Right to know what personal information we have collected, used, disclosed, and sold or shared about you.
Right to delete the personal information we hold about you, subject to limited exceptions.
Right to correct inaccurate personal information.
Right to limit the use and disclosure of "sensitive personal information." We do not use sensitive personal information for purposes that require offering this opt-out under California law.
Right to opt out of "sale" or "sharing" of personal information. We do NOT sell your personal information and do NOT share it for cross-context behavioral advertising as those terms are defined under California law.
Right to non-discrimination for exercising these rights.
To exercise these rights, email legal@irohtechnologies.com from the email associated with your account. You may also designate an authorized agent to make a request on your behalf.
We will respond to verified requests within forty-five (45) days, with one possible forty-five-day extension if reasonably necessary.
If you are located in the European Union, the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation and the UK GDPR:
Right of access to your personal data.
Right to rectification of inaccurate personal data.
Right to erasure ("right to be forgotten").
Right to restriction of processing.
Right to data portability.
Right to object to processing based on legitimate interests, including for direct marketing (we do not engage in direct marketing).
Right to withdraw consent at any time, where processing is based on your consent.
Right to lodge a complaint with your local data-protection authority.
Lawful basis. We process your personal data based on (a) the contract between you and us (Article 6(1)(b) — necessary to provide the Service); (b) your consent (Article 6(1)(a) — for the optional analytics buckets, push notifications, and personalized partner features when offered); and (c) our legitimate interests (Article 6(1)(f) — to operate, debug, and secure the Service, with safeguards described in Section 5 and Section 8).
International transfers. Your personal data is processed in the United States. For transfers from the EEA, UK, and Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum) with our cloud and analytics processors.
Controller. Iroh Technologies Inc., located at 18417 Polynesian Lane, Boyds, MD 20841, United States, is the data controller responsible for the personal data we collect through the Service.
Data Protection Officer. We have determined that the appointment of a Data Protection Officer is not required for our processing activities under Article 37 of the GDPR or the equivalent provision of the UK GDPR. Our processing is not carried out by a public authority, our core activities do not consist of regular and systematic monitoring of data subjects on a large scale, and we do not process special categories of personal data (Article 9) or criminal-conviction data (Article 10) on a large scale. We have nevertheless designated a single point of contact for privacy questions, identified below.
EU and UK Representative. For privacy-related inquiries from data subjects located in the European Union, the European Economic Area, the United Kingdom, or Switzerland, you may contact us at legal@irohtechnologies.com. If and when our user base in those regions grows to a level that requires the formal designation of an Article 27 EU representative (or a UK representative under the UK GDPR), we will designate one and update this Privacy Policy with their name, address, and contact details before continuing to offer the Service in those regions.
To exercise these rights, email legal@irohtechnologies.com. Where required, we will respond within one (1) month.
The Service is not directed to children under thirteen (13) years of age, and we do not knowingly collect personal information from children under thirteen. If we learn that we have collected personal information from a child under thirteen, we will delete it as soon as reasonably practicable.
If you are a parent or guardian and believe your child under thirteen has provided us personal information, please contact us at legal@irohtechnologies.com.
In jurisdictions where the minimum age for digital consent is higher (such as 16 in some EU member states), the higher age applies.
The Service may contain links to or integrations with third-party services (for example, the App Store link to manage your subscription, an external Privacy Policy link from a sign-in screen, or a future partner-marketplace surface). The third party's own privacy policy and terms govern your interaction with that service. We are not responsible for third-party privacy practices.
The Service is operated from the United States. If you use the Service from outside the United States, you understand that your personal data will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.
Specific safeguards for EU, UK, and Swiss users are described in Section 12.
Push notifications. We send push notifications only for the reminders you have explicitly created or have opted into through Profile → Notifications. We do not send marketing or promotional push notifications.
Email notifications. We send email only as required to deliver the Service — most commonly, one-time codes when you sign in with email. We do not send marketing emails.
We may, on rare occasions, email you about material changes to these documents, account-security events affecting your account, or service-disruption notices.
Our application is an iOS app, not a website, and does not respond to browser-based "Do Not Track" signals. We do respect the iOS-system advertising-tracking setting (we do not use the IDFA for any purpose).
If you submit a Global Privacy Control opt-out signal through a web channel we operate in the future, we will treat it as a request to opt out of sale or sharing under California law.
We may update this Privacy Policy from time to time. When we make a material change, we will update the "Last Updated" date and may surface an in-app notice or, where required by law, request your renewed agreement. Continued use of the Service after the effective date of an update means you accept the updated Privacy Policy.
For privacy questions or to exercise your rights, contact:
Iroh Technologies Inc.
18417 Polynesian Lane, Boyds, MD 20841, United States
Privacy / Legal: legal@irohtechnologies.com
Support: support@irohtechnologies.com