Aion Privacy Policy

Privacy questions currently go to [email protected].

1. What Aion is

Aion is a memory-first assistant app for Android.

In the current Android release path:

• Aion's main mode uses the user's own AI provider key
• Aion stores its memory and profile data on the device
• there is no Aion-operated chat server in the shipped app path
• Aion can also use optional on-device runtime features for users who want a more local setup

2. Contact

If you have privacy questions, contact:

• [email protected]

3. What Aion stores on your device

Aion can store the following data locally on your device:

• chat messages and conversation history
• structured memory, including inferred facts, corrections, conflicts, and timeline events
• episodic conversation summaries
• profile settings and personalization
• reminders and timers
• journal entries
• attachment references and document-derived memory
• local runtime and model settings
• crash reports stored locally after an app crash
• profile exports or other files you explicitly generate and share

Sensitive credentials are also stored locally:

• cloud API keys are stored using Android Keystore-backed protection
• Gmail OAuth tokens are stored using encrypted on-device storage

4. What can leave your device

Some Aion features send data off device only when you use those features.

BYOK cloud mode

If you use Aion with your own cloud AI key, the app can send data directly from your device to the provider you selected.

That can include:

• your current message
• selected recent conversation turns
• selected memory and timeline context
• profile or personalization context
• selected attachments or imported documents when cloud analysis is used

Those requests are not routed through an Aion chat server in the current Android release path.

Gmail

If you connect Gmail, Aion talks directly from the app to Google's Gmail APIs using your granted token.

Calendar

Aion reads and writes calendar data through Android's calendar provider on your device. Calendar data is not sent to an Aion server. Some calendar-related context may still be included in BYOK cloud prompts if you ask Aion to reason about your schedule in cloud mode.

Voice input

Aion uses Android speech-recognition services for voice input. Depending on the device, Android version, and installed speech packs, speech recognition may be handled locally or by the device's speech service. If you send the resulting transcript in chat, that transcript is then handled like any other message.

User-initiated sharing

If you export or share a profile export, bug report, or similar file, that file leaves your device only because you explicitly chose to share it.

5. What Aion does not do in the current Android release path

• Aion does not require an Aion account for core use
• Aion does not proxy your chat traffic through an Aion-operated chat backend
• Aion does not proxy Gmail through an Aion server
• Aion does not proxy calendar access through an Aion server

6. Permissions Aion requests

Aion currently requests these Android permissions:

• INTERNET — required for direct requests to your chosen cloud AI provider and Gmail OAuth/API flows
• POST_NOTIFICATIONS — used for reminders and reminder notifications
• RECORD_AUDIO — used for voice input
• READ_CALENDAR — used to read calendar events
• WRITE_CALENDAR — used to create, move, or delete calendar events

7. Memory, inference, and provenance

Aion can derive memory from:

• things you say directly
• repeated patterns in your conversation history
• imported documents or attachments that appear to relate to you

Where supported in the app UI, Aion can show memory provenance, including where a memory came from and when it was learned.

Document-linked memory is not the same as a direct statement from you. In the current app path, Aion keeps document-linked clues separate so they can be reviewed or corrected.

8. Data deletion and control

Current in-app controls allow users to:

• clear a saved cloud API key
• disconnect Gmail
• forget individual memory items in supported flows
• wipe active profile memory
• archive or delete a profile
• export a profile as an encrypted file with a user-chosen passphrase

If a user wants a Gmail token revoked at the Google-account level, disconnecting inside Aion may not be enough on its own. They may also need to manage the connected app in their Google account settings.

9. Security practices

Current security and privacy controls in the Android app include:

• Android backup disabled for the app
• encrypted storage for cloud API keys
• encrypted storage for Gmail tokens
• encrypted profile export with a user-chosen passphrase
• release logging moved onto a sanitized path
• debug/tester export tools disabled in public builds

Important notes:

• Aion allows OS screenshots by default as a user-control choice
• users should not share an encrypted export file and its passphrase together

10. Retention

Aion generally keeps locally stored data until:

• you delete it
• you wipe a profile
• you delete a profile
• you clear app data
• you uninstall the app, subject to normal Android app-data removal behavior

BYOK cloud providers and other third-party services have their own retention practices. Those are controlled by the provider you choose, not by Aion.

11. Children

Do not treat Aion as a child-directed product unless Aion is prepared to meet the additional policy and compliance requirements that apply to children and student data.

12. Policy changes

If Aion later adds:

• Aion-hosted cloud features
• sync or backup services
• account systems
• billing
• analytics or crash collection services

this policy must be updated before those features ship.