1. Overview

Lorelio is designed with privacy at its core. Your life story is deeply personal, and we built the app to keep it that way. This Privacy Policy explains what data is processed when you use the app, who is responsible for it, how it is handled, and what rights you have.

Lorelio is operated by Kiran Karthikeyan, operating as Lorelio, located in Bangalore, Karnataka, India (“Lorelio,” “we,” “us,” or “our”). You may contact us at privacy@lorelio.app.

2. Our Role and How Data Is Processed

Lorelio determines how your data is processed within the app. Under applicable data protection laws (including the GDPR, UK GDPR, and India’s DPDP Act), this makes Lorelio a data controller (or equivalent).

However, Lorelio’s architecture is unusual: all story content is processed on your device and stored in your private iCloud account under your Apple ID. Lorelio does not operate servers that store, access, or transmit your story content. We have no ordinary means to view, retrieve, or access your recordings, transcripts, photographs, or autobiography text. The AI models that generate your interview questions, transcribe your speech, and write your prose all run locally on your device.

In addition to on-device processing, limited technical data is processed by Lorelio and its service providers for app operation, as described in Sections 5 and 9.

3. Data Storage and iCloud Sync

Your content — voice recordings, transcripts, photographs, facts, and your autobiography — is stored locally on your device and synced to your private iCloud account using Apple’s CloudKit. Your data is encrypted in transit and at rest by Apple, and is subject to Apple’s iCloud security architecture and your account settings. For information about Apple’s iCloud security model, including the distinction between standard data protection and Advanced Data Protection, see Apple’s iCloud data security overview.

Lorelio requires iCloud to function. You are responsible for maintaining adequate iCloud storage for your content. iCloud Sync keeps your story available across all your devices signed into the same Apple ID. If your device is offline, your data remains safely on your device and syncs automatically when connectivity returns.

4. What We Process and What We Do Not Access

Your content — including voice recordings, transcripts, autobiography text, photographs, and the names and details of people, places, and events in your story — is processed entirely on your device and stored in your private iCloud account. Lorelio has no ordinary means to access, view, or retrieve any of this content.

We do not collect or store on our servers:

• Your voice recordings or audio data
• Your transcripts, autobiography text, or any written content
• Your photographs or their metadata
• The names or details of people, places, or events mentioned in your story
• Your contacts or address book

5. Analytics and Crash Reporting

Lorelio uses two third-party services for analytics and crash reporting. Neither service receives any of your story content, recordings, photographs, or personal narrative.

Behavioral Analytics (TelemetryDeck)

Analytics is entirely optional and strictly opt-in. During setup, you are asked whether you would like to help improve Lorelio by sharing anonymous usage data. If you choose to opt in, Lorelio collects minimal usage analytics — for example, which features are used, how many sessions are started, and general usage patterns. This data is sent to TelemetryDeck, a privacy-focused analytics service. TelemetryDeck uses an anonymous device identifier (a hashed value) for cross-session analysis. This identifier cannot be traced back to you, your Apple ID, or your device’s hardware identifiers. No analytics data is collected unless you explicitly opt in.

You can change your choice at any time in Settings > Privacy & Security.

Crash Reporting (Sentry)

Lorelio uses Sentry for crash reporting. When the app crashes, a report containing the technical stack trace and limited diagnostic context (such as which screen was active and which AI model was loading) is sent to Sentry. We configure Sentry to minimize the collection of identifying information: IP addresses are scrubbed both client-side and server-side, user identifiers are removed before transmission, and breadcrumbs are limited to UI transitions and model lifecycle events. We design and configure these safeguards to exclude story content and personal information, though we describe them as safeguards rather than absolute guarantees.

Crash reporting is always active and cannot be disabled, as it is essential for maintaining app stability across the range of on-device AI models the app uses.

6. Sensitive Content in Your Story

Life stories naturally include sensitive topics — health conditions, religious beliefs, family relationships, political views, and other deeply personal subjects. Under some data protection laws (including the GDPR and UK GDPR), this type of information may be classified as special-category data, which requires additional protections.

Because Lorelio is a tool you use to record your own life story at your own direction, the processing of sensitive content is based on your explicit choice to include it. You decide what to share, what to record, and what to keep. This content is processed on your device by on-device AI models and stored in your private iCloud account. Lorelio has no access to it and does not use it for any purpose other than providing the app’s features to you.

Where applicable law requires a specific legal condition for processing sensitive personal data (such as Article 9(2)(a) of the GDPR), your use of the app to voluntarily record and process your own story constitutes your explicit consent to that processing for the purpose of creating your life story.

7. Photo Metadata

When you add photos, Lorelio reads EXIF metadata (date taken, camera model, GPS coordinates) on your device to help contextualize your stories. GPS coordinates are used only to determine a human-readable place name (for example, “Portland, Oregon”) via on-device reverse geocoding. The raw GPS coordinates are then discarded and are never saved, synced to iCloud, or transmitted to any server. Only the place name is stored as part of your story data. Other EXIF fields such as date taken may also be stored to help organize your story. You can choose not to share photos with location data by disabling location access for your camera or by removing location metadata before adding photos. Apple provides instructions on managing location metadata in photos.

8. Biometric Authentication

Lorelio offers an optional biometric lock using Face ID or Touch ID for additional privacy. Biometric authentication is handled entirely by Apple’s device frameworks. Lorelio does not access, collect, process, or store any biometric data. The app only receives a success or failure result from Apple’s authentication system.

9. Data Sharing and Service Providers

We do not sell your personal data or share it for advertising, profiling, or marketing purposes.

We do share limited technical data with service providers as necessary to operate the app:

• Apple (App Store and iCloud): Apple processes subscription payments under their own privacy policy. We receive only confirmation of your subscription status — never your payment details. Apple’s CloudKit service syncs your story data across your devices within your private iCloud account.
• TelemetryDeck: If you opt in to analytics, anonymous usage data is sent to TelemetryDeck. TelemetryDeck does not receive any story content or personally identifiable information. TelemetryDeck’s privacy practices.
• Sentry: Limited technical crash data is sent to Sentry as described in Section 5. Sentry’s privacy practices.
• Hugging Face: AI model files are downloaded from Hugging Face during initial setup. While your device’s IP address is temporarily exposed to route the download (as is standard for any internet traffic), no story content, user profiles, or other personal data is sent to Hugging Face.

These are the only third-party services that receive data from the app.

10. Legal Basis for Processing

Core app functionality: The primary legal basis for processing your data is the performance of a contract — providing the app’s functionality as described in our Terms of Service. Your story content is processed on-device and synced to your iCloud solely to deliver the features you use.

Sensitive content: Where your story includes sensitive topics (health, religion, family, etc.), the legal condition for processing this special-category data is your explicit consent, given through your voluntary, user-directed use of the app to record and process your own life story. You can withdraw this at any time by deleting your content or the app.

Analytics (TelemetryDeck): The legal basis is your explicit, opt-in consent, given during setup. You may withdraw consent at any time by disabling analytics in Settings > Privacy & Security. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Crash reporting (Sentry): The legal basis is our legitimate interest in maintaining app stability and diagnosing technical issues. We configure Sentry to minimize the processing of personal data through IP scrubbing, identifier removal, and breadcrumb filtering.

11. Children’s Privacy

Lorelio is designed for adults and is not intended for use by anyone under 18. We do not knowingly permit use of the app by anyone under 18. If we become aware that someone under 18 is using the app, we will take reasonable steps available to us given the app’s on-device architecture, which may include removing any data accessible to us. If you believe someone under 18 has used the app, please contact us at privacy@lorelio.app.

12. Data Deletion

You can delete content within the app at any time. Here is what happens at each stage:

Deleting individual items (facts, chapters, sessions, photos): The item is moved to Recently Deleted within the app. It remains recoverable for 30 days. After 30 days, it is permanently removed from your device and from your iCloud account. Deletion propagates to other devices signed into the same Apple ID; the speed of propagation depends on each device’s connectivity.

“Delete My Story” (Settings): This permanently removes all story data — interview sessions, transcripts, photographs, facts, chapters, and related content — from your device and from your iCloud account. Deletion propagates to other devices signed into the same Apple ID. Your basic profile information (name and date of birth) is retained on your device’s local storage and in your iCloud account — not on any Lorelio servers — so that you can start a new story without repeating onboarding. You may remove this profile data entirely by deleting the app and managing your iCloud storage through Apple’s settings.

Uninstalling the app: This removes all data from your device’s local storage. Your story data remains in your iCloud account until you reinstall the app and use “Delete My Story,” or until you manage your iCloud storage directly through Apple’s settings (Settings > [your name] > iCloud > Manage Storage).

What may persist: After permanent deletion, data may persist temporarily in Apple’s iCloud infrastructure as part of Apple’s standard data management processes. This is outside Lorelio’s control.

Important: Deleting your story or uninstalling the app does not automatically cancel your premium subscription. Subscriptions must be managed and canceled directly through your device’s Apple ID settings (Settings > [your name] > Subscriptions).

13. Data Retention

Your story data is retained on your device and in your iCloud account for as long as you choose to keep it. Lorelio does not impose any time-based retention limits on your content. You are in full control of when data is created, modified, and deleted.

Items in Recently Deleted are retained for 30 days before permanent removal.

Anonymous analytics data sent to TelemetryDeck and crash reports sent to Sentry are retained according to those services’ respective data retention policies.

14. Data Breach

Because Lorelio does not store your story content on its servers, the risk of a data breach originating from Lorelio is minimal. In the unlikely event of a security incident affecting any data we do process (such as analytics or crash data), we will notify affected individuals and relevant authorities as required by applicable law.

15. Your Rights

You have the right to:

• Access all data stored by the app. Your story content is on your device and in your iCloud account and is directly accessible to you. For any data processed by our service providers (analytics, crash reports), you may contact us at privacy@lorelio.app.
• Delete any or all of your data at any time using the app’s deletion features (see Section 12). For data held by service providers, contact us and we will facilitate deletion where possible.
• Export your data in portable formats (PDF) using the app’s built-in export feature.
• Withdraw consent for analytics at any time in Settings > Privacy & Security.
• Object to processing based on legitimate interest (crash reporting). Contact us at privacy@lorelio.app and we will assess your request.
• Restrict or rectify your data directly within the app, as all content is under your control.

Because most of your data resides on your device and in your private iCloud account, most rights are exercisable directly through the app or through Apple’s iCloud settings. For any request that Lorelio needs to fulfill directly, contact us at privacy@lorelio.app. We will respond within 30 days, or within the timeframe required by applicable law.

Depending on your jurisdiction, you may have additional rights under local data protection laws. See the Regional Addenda below for details.

16. Data Security

Your data is protected by your device’s built-in security features, including device encryption, Face ID/Touch ID (if enabled), and your device passcode. Data synced to iCloud is encrypted in transit and at rest by Apple, subject to Apple’s iCloud security architecture and your account settings. Lorelio adds an optional biometric lock for additional privacy. Password-protected PDF exports use standard PDF encryption.

17. International Data Transfers

Your story content stays on your device and in your iCloud account and is not transferred by Lorelio to any third party.

For the limited technical data processed by our service providers:

• TelemetryDeck (analytics, if opted in) is based in the EU.
• Sentry (crash reports) is based in the US. Sentry has self-certified to the EU-US Data Privacy Framework (DPF) and its UK Extension, and offers EU Standard Contractual Clauses (SCCs) as an alternative transfer mechanism. We configure Sentry to scrub IP addresses and device identifiers from crash data.
• Hugging Face (model downloads) is based in the US. Your device’s IP address is temporarily exposed during model file downloads as part of standard internet traffic. No other personal data is sent.

If the legal mechanisms governing international data transfers change, we will update our practices and this policy accordingly.

18. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this document will reflect the most recent revision. For material changes, we will provide notice through the app or the App Store. Continued use of the app after changes constitutes acceptance.

19. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at privacy@lorelio.app.

For data protection inquiries specific to India, you may also contact our designated officer: Kiran Karthikeyan, at privacy@lorelio.app.

20. Regional Addenda

India — Digital Personal Data Protection Act, 2023 and DPDP Rules, 2025

If you are located in India, the following additional provisions apply under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules, 2025 (DPDP Rules):

• Data Fiduciary: Lorelio acts as a Data Fiduciary under the DPDP Act. The designated officer for data protection queries is Kiran Karthikeyan, reachable at privacy@lorelio.app.
• Consent: Where we collect any data (such as optional analytics), we obtain your informed, free, specific, and unconditional consent as required under the DPDP Act. For analytics, consent is obtained through an explicit opt-in during setup.
• Purpose Limitation: Any data collected is used solely for the purpose for which consent was given.
• Right to Correction and Erasure: You have the right to correct or erase your personal data at any time. Since your story content is stored on your device and in your iCloud account, you can exercise these rights directly within the app.
• Right to Grievance Redressal: You may raise a grievance regarding your personal data by contacting us at privacy@lorelio.app. We will acknowledge your grievance and respond within the timeframe prescribed under the DPDP Act and DPDP Rules.
• Right to Nominate: Under the DPDP Act, you have the right to nominate another individual to exercise your data rights in case of death or incapacity.
• Children’s Data: Lorelio does not knowingly process data of children under 18 without verifiable parental consent, in compliance with Section 9 of the DPDP Act.
• Data Protection Board: If you are unsatisfied with our response to your grievance, you may approach the Data Protection Board of India.

United Kingdom — UK GDPR and Data Protection Act 2018

If you are located in the United Kingdom, the following additional provisions apply under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

• Data Controller: Lorelio is the data controller for the purposes of UK data protection law, as it determines the purposes and means of processing within the app. The processing of your story content occurs on your device and in your private iCloud account; Lorelio has no ordinary access to this content.
• Lawful Basis: The primary lawful basis for processing your data is the performance of a contract (Article 6(1)(b) of the UK GDPR). For optional analytics, we rely on your explicit consent (Article 6(1)(a)). For crash reporting, we rely on legitimate interest (Article 6(1)(f)). For sensitive content in your story, the additional condition is your explicit consent under Article 9(2)(a), given through your voluntary use of the app.
• Your Rights Under UK GDPR: In addition to the rights listed in Section 15, you have the right to: request rectification of inaccurate personal data, request restriction of processing, object to processing (including processing based on legitimate interest), data portability, and lodge a complaint with the Information Commissioner’s Office (ICO). Because your story content resides on your device and in your iCloud account, most of these rights are exercisable directly through the app or through Apple’s iCloud settings.
• Automated Decision-Making: Lorelio uses AI to generate interview questions and autobiography prose. These are creative aids, not decisions that produce legal or similarly significant effects on you.
• International Data Transfers: See Section 17. Sentry has self-certified to the UK Extension to the EU-US Data Privacy Framework (DPF), with Standard Contractual Clauses as an alternative transfer mechanism.
• EU/UK Representative: We have assessed the Article 27 UK GDPR representative requirement and determined that it does not apply to Lorelio’s processing. All story content is processed on the user’s device and in their private iCloud account; Lorelio has no ordinary access to this content and does not process it on its own infrastructure. The limited technical data we process (crash reports, optional analytics) does not constitute large-scale processing of special-category data or systematic monitoring.
• Information Commissioner’s Office: If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the ICO at ico.org.uk.

European Union and European Economic Area — EU GDPR

If you are located in the European Union or the European Economic Area, the following additional provisions apply under the General Data Protection Regulation (EU) 2016/679 (GDPR):

• Data Controller: Lorelio is the data controller for the purposes of EU data protection law, as it determines the purposes and means of processing within the app. The processing of your story content occurs on your device and in your private iCloud account; Lorelio has no ordinary access to this content.
• Lawful Basis: The primary lawful basis for processing your data is the performance of a contract (Article 6(1)(b) of the GDPR). For optional analytics, we rely on your explicit consent (Article 6(1)(a)). For crash reporting, we rely on legitimate interest (Article 6(1)(f)). For sensitive content in your story, the additional condition is your explicit consent under Article 9(2)(a), given through your voluntary use of the app.
• Your Rights Under GDPR: In addition to the rights listed in Section 15, you have the right to: request rectification of inaccurate personal data, request restriction of processing, object to processing (including processing based on legitimate interest), data portability, erasure (“right to be forgotten”), and lodge a complaint with your local data protection supervisory authority. Because your story content resides on your device and in your iCloud account, most of these rights are exercisable directly through the app or through Apple’s iCloud settings.
• Right to Object to Legitimate Interest Processing: You may object to our processing of crash reporting data under legitimate interest. To do so, contact us at privacy@lorelio.app. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Automated Decision-Making: Lorelio uses AI to generate interview questions and autobiography prose. These are creative aids, not decisions that produce legal or similarly significant effects on you. You are not subject to any automated decision-making that produces legal or similarly significant effects.
• International Data Transfers: See Section 17. Sentry has self-certified to the EU-US Data Privacy Framework (DPF), with EU Standard Contractual Clauses (SCCs) as an alternative transfer mechanism.
• EU Representative: We have assessed the Article 27 GDPR representative requirement and determined that it does not apply to Lorelio’s processing. All story content is processed on the user’s device and in their private iCloud account; Lorelio has no ordinary access to this content and does not process it on its own infrastructure. The limited technical data we process (crash reports, optional analytics) does not constitute large-scale processing of special-category data or systematic monitoring.
• Supervisory Authority: If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the data protection supervisory authority in your EU/EEA member state.

Australia — Privacy Act 1988 and Australian Privacy Principles

If you are located in Australia, the following additional provisions apply under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs):

• APP Entity: Lorelio operates as an APP entity. Your story content is processed on your device and stored in your private iCloud account; Lorelio does not hold your story content on its servers.
• Collection (APP 3): Lorelio does not collect personal information beyond optional, anonymised analytics (when opted in) and limited technical crash reports. We collect only information that is reasonably necessary for the functioning of the app.
• Use and Disclosure (APP 6): Any personal information collected is used only for the purpose for which it was collected. We do not use or disclose personal information for direct marketing.
• Access and Correction (APP 12 & 13): You have the right to access and correct your personal information. Since your story content is stored on your device and in your iCloud account, you can access and modify it directly within the app.
• Cross-Border Disclosure (APP 8): AI model files are downloaded from Hugging Face (overseas servers), but no personal information is sent. Limited technical crash data is sent to Sentry (US-based), configured to minimize personal information. No story content is disclosed to overseas recipients.
• Complaints: If you have a complaint about how we handle your personal information, contact us at privacy@lorelio.app. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Canada — PIPEDA

If you are located in Canada, the following additional provisions apply under PIPEDA and applicable provincial privacy legislation:

• Accountability: Lorelio is accountable for all personal information in its possession. Your story content is processed on your device and stored in your private iCloud account; Lorelio does not hold your story content on its servers.
• Consent: Where we collect any personal information (such as optional analytics), we obtain your meaningful consent through an explicit opt-in. You may withdraw consent at any time.
• Limiting Collection: Lorelio limits the collection of personal information to what is necessary for the purposes identified. Since all story content is processed on-device, we collect no personal story content.
• Access and Correction: Under PIPEDA, you have the right to access and request correction of your personal information. Since your story content is stored on your device and in your iCloud account, you can access and modify it directly within the app.
• Challenging Compliance: You have the right to challenge our compliance with PIPEDA. Contact us at privacy@lorelio.app with any concerns. If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.
• Provincial Laws: If you are in Alberta, British Columbia, or Quebec, substantially similar provincial privacy legislation may also apply.

New Zealand — Privacy Act 2020

If you are located in New Zealand, the following additional provisions apply under the Privacy Act 2020:

• Agency: Lorelio operates as an agency under the Privacy Act 2020. Your story content is processed on your device and stored in your private iCloud account; Lorelio does not hold your story content on its servers.
• Information Privacy Principles (IPPs): Lorelio complies with the 13 Information Privacy Principles, including collection by lawful means (IPPs 1–4), secure storage (IPP 5), access and correction rights (IPPs 6–7), accuracy (IPP 8), retention only as necessary (IPP 9), use for original purpose only (IPPs 10–11), and no assignment of unique identifiers (IPP 13).
• Cross-Border Disclosure (IPP 12): Limited technical crash data is sent to Sentry (US-based), configured to minimize personal information. No story content is disclosed to overseas recipients.
• Notifiable Privacy Breaches: In the event of a privacy breach that poses a risk of serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as required under Part 6A of the Privacy Act 2020.
• Complaints: If you have a complaint about how we handle your personal information, contact us at privacy@lorelio.app. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner at privacy.org.nz.

United States — State Privacy Laws (Including CCPA/CPRA)

If you are located in the United States: We do not sell your personal information or share it for advertising or profiling purposes, as defined under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or any other applicable state privacy law. Since all story content is processed and stored on-device, the primary rights under state privacy laws (access, deletion, portability) are exercisable directly within the app.

Depending on your state of residence (including but not limited to California, Virginia, Colorado, Connecticut, Utah, and Texas), you may have specific rights regarding your personal data. Because Lorelio operates on-device and does not collect, sell, or share your story content, your rights to access, delete, and port your data are fulfilled directly through the app’s built-in tools.

In the preceding 12 months, the only category of personal information we may have collected (if you opted in to analytics or experienced an app crash) is “Internet or other electronic network activity information” in the form of anonymous usage analytics and technical crash reports. We have not collected any other categories of personal information.