# Privacy Policy for Hercules. AI Assistant (iOS)
Effective Date: January 1, 2025
### Introduction
Hercules AI Assistant ("we," "our," or "us") respects your privacy. This policy explains what data the iOS app collects, how it’s used, where it’s stored, and with whom it’s shared, based on the app’s actual implementation.
### Information We Collect
- Personal Information
- Email address and Firebase user ID when you sign up or sign in (Firebase Authentication)
- Basic profile signals (e.g., account creation and last login timestamps stored in our backend database)
- Voice Data
- Short audio recordings you intentionally capture by tapping the microphone are saved temporarily on-device and uploaded to our server to process your request
- We do not keep these recordings on the device after processing, and our server does not retain the audio beyond processing
- Audio responses are generated for playback; the iOS app does not persist them
- Gmail Data (only if you connect Gmail)
- Email drafts you create (to, subject, body) and related metadata (e.g., Gmail draft ID)
- Limited inbox summaries and message content only when you ask for them or when required to fulfill your request
- Gmail OAuth credentials (access and refresh tokens) are stored securely as described below
- Conversation Data
- Chat messages between you and Hercules. (prompts and responses) to preserve context
- Device and Technical Information
- Microphone permission status (to enable voice interactions)
- Basic connectivity state used locally to show errors when offline
- We do not use third‑party analytics SDKs in the iOS app, and we do not collect advertising identifiers
### How We Use Information
- Account and Authentication: Manage sign up/sign in and secure access (Firebase Authentication)
- Voice Processing: Convert your voice to text via our server using Google Cloud Speech‑to‑Text
- AI Responses: Generate responses using Google’s Gemini models on our server
- Email Management (optional): Create, list, update, and send drafts through the Gmail API when you connect Gmail
- Conversation Context: Maintain conversation history to provide continuity
- Security and Support: Detect misuse, troubleshoot issues, and improve reliability
### Where Data Is Stored
- On Device (iOS)
- Temporary audio file while recording; removed after upload
- Gmail tokens are stored in the Apple Keychain when you connect Gmail
- Our Backend (Google Cloud)
- Conversation history and email drafts are stored in Firebase Firestore (encrypted at rest)
- Gmail credentials are additionally stored encrypted in Firestore using a server‑managed key so your Gmail can be used securely from our backend
- We do not retain raw audio after processing
### Third‑Party Services We Use
- Google: Firebase Authentication, Firebase Firestore, Google Cloud Speech‑to‑Text, Gmail API, and Google Secret Manager (Google Sign‑In on iOS is used only to connect Gmail, not for app login)
- Google Gemini (via `google.generativeai`): Used on our server to generate AI responses from your transcript and conversation context
- ElevenLabs: Used to synthesize audio from the AI response text and return it to the app
- Apple Keychain: Local secure storage for Gmail tokens
We use HTTPS/TLS for all data in transit. The iOS app does not implement certificate pinning at this time.
### What We Send to Each Service
- Google Cloud Speech‑to‑Text: the audio you record so it can be transcribed
- Google Gemini: the recognized transcript and necessary conversation context (and, if you ask, relevant email summaries/draft content) to produce a response
- ElevenLabs: only the AI response text for speech synthesis
- Gmail API: email draft content and commands you request (create, list, update, send), limited to the scope needed to fulfill your request
### Operational Logging and Diagnostics
- Our backend writes operational logs for troubleshooting and performance (e.g., speech‑to‑text timing). These logs may include the recognized transcript text and/or the AI response text. We do not log raw audio, and logs are retained per standard server log retention practices.
### Data Sharing
We do not sell your data. We share data only with service providers listed above to operate core features, or when required by law, or during a merger/acquisition.
### Data Retention
- Audio Recordings: Not kept after processing
- Conversation History: Retained until you clear it or delete your account
- Email Drafts: Retained until you delete the draft or your account
- Gmail Credentials: Retained until you disconnect Gmail (you can disconnect from the app; this also deletes stored credentials on our backend)
- Authentication Records: Managed by Firebase Authentication per their policies
### Your Choices and Rights
- Access, correction, deletion, and portability of your data where applicable
- Clear conversation history from within the app experience (or by contacting us)
- Disconnect Gmail at any time; this removes stored Gmail credentials from device Keychain and our backend
- Object to or restrict processing where applicable by law
### Children’s Privacy
The app is not directed to children under 13, and we do not knowingly collect personal information from them.
### International Transfers
Our servers and providers may process data in the United States and other locations. We use safeguards such as encryption and, where applicable, Standard Contractual Clauses.
### Security
We use TLS in transit and encryption at rest in Firestore. Gmail tokens are stored in the Apple Keychain on device and encrypted in our backend. No certificate pinning is implemented in the iOS app at this time.
### App Store Privacy Details (Summary)
- Data Linked to You: email address, Firebase user ID, conversation content, email drafts (when you use those features)
- Data Not Used for Tracking: we do not collect advertising identifiers and do not use third‑party analytics SDKs in the iOS app
### Changes to This Policy
We may update this policy. We’ll update the Effective Date and, where required, notify you in‑app or by email.
This policy reflects the current iOS app and backend behavior of Hercules. AI Assistant as implemented.