Local-First Architecture, governed under Indian Judiciary Laws. Your system remains your own.
Indian Legislative & Statutory Compliance
This policy is drafted, administered, and maintained in strict compliance with the laws of the **Republic of India**, including the **Information Technology Act, 2000 (Section 43A)** and the **Digital Personal Data Protection Act, 2023 (DPDP Act)**.
IRIS adheres to the statutory provisions of reasonable security practices, data minimization, and purpose-limitation. By utilizing the software, users consent to the local-first processing of metadata as outlined herein.
Google OAuth Authentication Data
IRIS utilizes Google Login protocols to securely verify identities. When logging in, we collect and store:
User's NameTo personalize your workspace interface logs.
Email AddressTo verify licensing keys and Google Authentication.
Profile PictureUsed strictly for visual layout indicators.
Payment Processing
We do not store your credit card details on our servers. All financial transactions are encrypted and processed directly by our PCI-compliant payment gateway (Razorpay).
Fraud Prevention: For legal chargeback defense and transaction integrity, our systems log your exact physical Geolocation coordinates, precise UNIX timestamps, client IP addresses, and Razorpay Cryptographic Order/Payment IDs at the exact moment of license generation.
Licensing Verification & HWID Telemetry
To enforce licensing boundaries and prevent bulk key sharing, the IRIS Pro Engine collects minimal device-specific parameters:
1. Motherboard Unique ID (HWID)A unique cryptographic hash generated by the motherboard of your computer to uniquely register the client machine.
2. Connected Device CountTracks how many devices are currently registered under your license (enforcing the strict limit of **two [2] devices** per user ID).
3. IP VerificationThe client machine's IP address is verified strictly at the **time of installation** and **licensing upgrade** to prevent bulk automated abuse.
Local-First Architecture
Aside from license verification parameters, IRIS operates as a local binary client. Your workspace contents, files, and logs remain on your workstation.
Workspace isolation: Directories are scanned, read, and indexed locally on your own machine.
Zero keylogging: Global macros and phantom inputs are captured and injected strictly on-device.
Zero Server Telemetry
We do not maintain centralized telemetry or logging collection servers.
•No Analytics: IRIS does not compile statistics regarding your terminal outputs, file creations, or script operations.
•No Tracking: Voice prompts, system metrics, and keyboard overlays are never uploaded back to any centralized IRIS database.
The BYOK (Bring Your Own Key) Disclosure
IRIS runs strictly in a BYOK configuration. To facilitate reasoning, code generation, search crawls, and multimodal tasks, the client routes local data queries to third-party endpoints.
IMPORTANT: Because data is routed directly to third-party API providers: **Google Gemini**, **Groq**, **Tavily**, and **Hugging Face**, all prompt context parameters, searches, and files passed to AI tools are governed by the privacy guidelines and policies of those specific companies. The author of IRIS holds zero responsibility or liability for third-party company data-harvesting or telemetry behaviors.
Local Vector Storage & Key Encryption
All memory elements, index structures, notes, and keys are stored locally on your hard disk:
• API Keys: Stored securely using the native OS keychain interface (Windows Credential Manager / macOS Keychain).
• Vector Databases: Local LanceDB embeddings are written locally and sandboxed under the desktop app data path.
• Local note cache: Markdown logs and macros remain exclusively inside the application sandbox structure.
Mobile Companion Bridge (IRIS-X)
The IRIS-X mobile companion application routes notification streams, system indicators, and push payloads directly over local network bridges (via native Android Debug Bridge [ADB] tunnels or local WebSocket connections).
The companion system has no analytics layer, does not hook into advertising scripts, and communicates exclusively with the local desktop environment.