Privacy Policy

4.1 Local Device Storage

The following data is stored exclusively on your device:

• Generated Apps: All applications you create
• App Settings: Your preferences and configuration
• Usage Counters: Daily generation/edit limits (Free tier only)
• Subscription Status: Whether you have an active subscription
• Image Attachments: Photos you choose to include with prompts

Important: This data:

• Never leaves your device
• Is not uploaded to our servers
• Is protected by iOS security and device encryption
• Is permanently deleted when you uninstall the App

4.2 Data Sent to Third-Party AI Services

When you generate an app, the following data is transmitted:

To Anthropic Claude API:

• Your text prompt describing the desired app
• Any image analysis data (processed via Apple Vision API)
• Purpose: Generate app code and interface

To OpenAI API:

• Your app description for icon generation
• Image data processed through Apple's Vision API (not raw photos)
• Purpose: Generate app icons and analyze images

Important Processing Details:

• We do not store your prompts on our servers
• Requests are sent directly from your device to AI providers
• We act as a pass-through service only
• Change from v1.0: Images are now processed using OpenAI Vision API instead of Apple's on-device Vision API for improved accuracy

4.3 Photo Library Access

When you attach an image to a prompt:

What Happens:

1. You select a photo from your library (iOS permission required)

2. The image is processed using OpenAI's Vision API

3. Image analysis is sent with your prompt to Claude

4. We do not store the original photo

Permission Request Text:

> "Obra needs access to your photo library to let you attach images to your app generation prompts. Images are processed using OpenAI's Vision API to help our AI understand visual context and generate better apps. Original photos are never stored or transmitted in their entirety."

4.4 Subscription Information

Managed entirely by Apple through StoreKit:

We Receive:

• ✓ Subscription status (Free, Maker, or Pro)
• ✓ Subscription expiration date
• ✓ Subscription type and tier

We Do NOT Receive:

• ✗ Payment method details
• ✗ Billing address
• ✗ Credit card information
• ✗ Purchase history details
• ✗ Any personal financial information

---

5.1 App Generation

• Prompts are sent to Claude API to generate app code
• Results are returned directly to your device
• We do not store prompts or generated code on our servers

5.2 Icon Generation

• Icon descriptions are sent to OpenAI DALL-E API
• Generated icons are returned to your device
• We do not store icon prompts or generated images

5.3 Image Processing (**New in v2.0**)

• Photos you select are processed using OpenAI Vision API
• Image analysis (not the photo itself) is sent with your prompt
• Processed data helps AI understand visual context
• Original photos are never uploaded or stored

5.4 Usage Tracking (Free Tier Only)

• Daily counters track: apps generated, edits made
• Stored locally on your device
• Resets daily at midnight (device time)
• Used only to enforce free tier limits

---

6.1 Anthropic Claude

• What we send: Text prompts, image analysis data
• Purpose: Generate iOS app code
• Privacy Policy: https://anthropic.com/privacy
• Data Location: United States
• Data Retention: Per Anthropic's policy

6.2 OpenAI (**Updated in v2.0**)

• What we send:
• Icon generation requests
• Images for Vision API processing
• Combined prompts with image analysis
• Purpose: Generate app icons and process images
• Privacy Policy: https://openai.com/privacy
• Data Location: United States
• Data Retention: Per OpenAI's policy

6.3 Apple StoreKit

• What we use: In-App Purchase system
• Purpose: Subscription management
• Privacy Policy: https://apple.com/legal/privacy
• Data Location: Apple's global infrastructure

Important: We do not control these third-party services. Please review their privacy policies to understand how they handle your data.

---

7.1 Cross-Border Data Flow

AI Service Locations:

• Anthropic Claude: United States
• OpenAI: United States

Legal Basis for Transfers:

• Your explicit consent when using AI generation features
• Necessity for service performance
• Standard Contractual Clauses (where applicable)

7.2 Regional Compliance

European Economic Area (EEA) & United Kingdom:

• GDPR-compliant data processing
• Lawful basis: Consent and contract performance
• Data protection rights fully respected

California (CCPA/CPRA):

• We do not sell personal information
• Right to deletion honored immediately
• No discrimination for exercising privacy rights

Canada (PIPEDA):

• Minimal data collection principle
• Transparent privacy practices
• User consent for all data processing

Brazil (LGPD):

• Compliance with data protection principles
• User rights fully respected
• Transparent data processing

Other Jurisdictions:

• We comply with applicable local data protection laws
• Contact us for jurisdiction-specific questions

---

8.1 Technical Measures

• Local Storage: Protected by iOS security features and device encryption
• Network Security: All API requests use HTTPS/TLS 1.3 encryption
• No Servers: No user data stored on our servers = no server breaches possible
• No Accounts: No login credentials to compromise

8.2 Third-Party Security

• AI providers (Anthropic, OpenAI) implement industry-standard security
• Apple StoreKit uses Apple's secure payment infrastructure

---

9.1 Universal Rights (All Users)

Right to Access:

• All your data is stored locally on your device
• You have complete access at all times

Right to Deletion:

• Delete the App to permanently remove all local data
• Contact us to request deletion of any data with AI providers

Right to Data Portability:

• Export your generated apps at any time
• No lock-in or proprietary formats

9.2 Additional Rights (Region-Specific)

EEA/UK Users (GDPR):

• Right to rectification
• Right to restriction of processing
• Right to object to processing
• Right to lodge a complaint with supervisory authority

California Users (CCPA/CPRA):

• Right to know what personal information is collected
• Right to know if personal information is sold or shared
• Right to opt-out of sale/sharing (N/A - we don't sell data)
• Right to non-discrimination

Canadian Users (PIPEDA):

• Right to access personal information
• Right to correct inaccuracies
• Right to withdraw consent

To Exercise Your Rights:

• Email: privacy@obraos.com
• Response time: Within 30 days (or as required by local law)

---

10.1 Local Data

• Retained indefinitely on your device until you delete the App
• Controlled entirely by you

10.2 Third-Party Data

• AI prompts: Per Anthropic and OpenAI retention policies
• Subscription data: Per Apple's retention policies
• We do not retain copies of your data

---