Ruby ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services. By using Ruby, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
We collect the following categories of information to provide and improve our services:
Account Information
When you create an account, we collect your name, email address, and authentication credentials via Apple Sign-In. We use Apple's secure authentication system and do not store your Apple ID password.
Voice Data
Ruby uses on-device speech-to-text processing powered by Apple's Speech Recognition framework. Raw audio is never transmitted to our servers. Only the resulting text transcription is sent to Ruby's servers for processing. All voice recognition occurs locally on your device.
Conversation History
Your text and voice-transcribed conversations with Ruby are stored to provide continuity and context across sessions. You can view and delete your conversation history at any time.
Memory & Learning Data
Ruby learns your preferences, routines, relationships, and personal facts from your conversations to provide a personalized experience. This data is stored in our encrypted database and is fully editable and deletable from Settings > Memory within the app.
Device Information
We collect limited device information including your Identifier for Vendor (IDFV), operating system version, and device model. We do not collect your Identifier for Advertisers (IDFA).
Usage Analytics
We use Expo Insights to collect anonymized, aggregated usage analytics to understand how the app is used and to improve our services. This data cannot be used to identify individual users.
Payment Information
Subscriptions are processed primarily through Apple StoreKit for iOS in-app purchases, with Stripe available as a web fallback. RevenueCat is used for subscription verification and management. We never store your credit card numbers or full payment details. Payment processing is handled entirely by Apple, Stripe, and RevenueCat.
Push Notification Preferences
If you enable push notifications, we store your Expo push token along with your notification preferences including frequency, tone, and category settings to deliver personalized notifications.
2. How We Use Your Information
We use the information we collect for the following purposes:
Service Provision: To power Ruby's 120+ actions, workflows, and shortcuts that help you accomplish tasks throughout your day.
AI Responses: To generate intelligent, contextual responses using Anthropic's Claude (claude-sonnet-4-5) AI model.
Personalization: To tailor Ruby's responses using your memories, conversation context, and time of day for a more relevant experience.
Memory & Learning: To extract and store relevant information from your conversations. Ruby acknowledges when it learns something new about you.
Automated Actions: To execute device actions and app commands based on your voice or text instructions.
Subscription Management: To manage your subscription status through RevenueCat and Apple StoreKit.
Push Notifications & Coaching: To deliver AI-powered coaching messages, daily briefings, proactive suggestions, and system notifications based on your preferences.
Analytics: To analyze anonymized, aggregated usage data to improve app performance and features.
Communications: To send you service-related communications. Marketing communications are opt-in only.
Safety & Security: To protect against fraud, abuse, and security threats, and to ensure the integrity of our services.
3. AI Data Processing
Ruby uses Anthropic's Claude API to generate AI responses. Understanding how your data flows through this process is important:
Data Flow
Voice input → On-device speech-to-text → Text sent to Ruby server → Forwarded to Anthropic Claude API → Response returned to you.
What IS Sent to Anthropic
Your text messages and conversation context
Relevant memories for personalization
System instructions for Ruby's behavior
Your timezone (for time-aware responses)
What is NOT Sent to Anthropic
Raw audio recordings
Your Apple ID or email address
Payment or subscription information
Device identifiers (IDFV, etc.)
Contacts, calendar, or other device data
Anthropic does NOT use data submitted via their API to train their AI models. We practice data minimization, sending only the information necessary to generate helpful responses.
Ruby's memory system is designed to provide a personalized experience while keeping you in full control of your data.
How Memories Are Created: Ruby extracts relevant information from your conversations, such as preferences, facts, routines, and relationships. Ruby acknowledges when it saves a new memory so you are always aware.
Types of Data Stored: Personal preferences, factual information about you, daily routines and habits, and relationship details you share.
Storage: All memory data is stored in an encrypted PostgreSQL database with access controls.
User Control: You can view, edit, and delete individual memories or all memories at once from Settings > Memory in the app.
Use in AI Prompts: Relevant memories are included in AI prompts to provide personalized, context-aware responses.
Sharing: Memory data is not shared with any third parties beyond what is necessary for AI processing (Anthropic Claude).
Opt-Out: You can opt out of the memory and learning system at any time through your app settings.
5. Third-Party Services
Ruby integrates with the following third-party services:
Anthropic — Provides AI processing via the Claude API. We share text messages and conversation context with Anthropic. We do not share raw audio, your email, Apple ID, or payment information. Privacy Policy
Apple StoreKit — Handles iOS in-app purchases and subscriptions. Ruby receives only subscription status information from Apple; all payment processing occurs through Apple. Privacy Policy
RevenueCat — Manages subscription verification and analytics using an anonymized app user ID and purchase receipts. Privacy Policy
Stripe — Serves as a web fallback payment processor. Card details are processed entirely by Stripe; Ruby only stores a Stripe customer ID. Privacy Policy
Apple — Provides authentication (Apple Sign-In) and on-device speech recognition. Privacy Policy
Expo — Powers push notifications and provides anonymized analytics via Expo Insights. Privacy Policy
Third-Party Apps (via Deep Linking) — When Ruby opens other apps on your device (e.g., Maps, Uber, Spotify), it does so via deep links. No personal data is transmitted to these third-party applications.
6. Push Notifications
Ruby offers optional push notifications to enhance your experience:
Types of Notifications
AI Coaching: Personalized coaching messages and motivational insights generated by Anthropic Claude.
Daily Briefings: Morning summaries and daily planning prompts.
Proactive Suggestions: Context-aware suggestions based on your routines and goals.
System Notifications: Important account and service updates.
Data Used for Notifications
Notifications are personalized using your preferences, Expo push token, goals, and routines. AI coaching notifications are generated by Anthropic Claude using your relevant context.
Controls
Push notifications are off by default. You can enable or disable all notifications in iOS Settings, and customize notification types, frequency, and tone within the Ruby app. Disabling notifications does not affect any other app features or functionality.
7. Data Storage & Security
We implement comprehensive security measures to protect your data:
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
Encryption at Rest: Data stored in our PostgreSQL database is encrypted using AES-256 encryption.
Infrastructure: We use SOC 2 compliant infrastructure providers for hosting and data storage.
Authentication: Apple Sign-In provides secure, industry-standard authentication.
Access Controls: Strict access controls limit who can access user data within our organization.
API Security: All API keys and secrets are stored encrypted and are never exposed in client-side code.
On-Device Security: Sensitive data stored locally on your device uses AsyncStorage and SecureStore with platform-level encryption.
Incident Response: In the event of a data breach, we will notify affected users within 72 hours in accordance with applicable law.
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
8. Data Retention
We retain your data according to the following schedule:
Active Account Data: Retained for as long as your account remains active.
Conversation History: Retained until you manually delete it.
Memories: Retained until you manually delete them via Settings > Memory.
Push Notification Tokens: Retained while notifications are enabled; removed when disabled.
Analytics Data: Retained indefinitely in anonymized, aggregated form.
Subscription Records: Retained for 7 years as required by law for financial record-keeping.
Account Deletion: Upon account deletion, all personal data is removed within 30 days.
Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently removed.
Anthropic: Data sent to Anthropic is retained in accordance with their data retention policy.
9. Your Privacy Rights
All Users
Regardless of your location, you have the right to:
Access your personal data
Correct inaccurate data
Request deletion of your data
Data portability (export your data)
Withdraw consent at any time
Opt out of non-essential data processing
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:
Right to know what personal information is collected, used, and shared
Right to delete personal information
Right to opt out of the sale of personal information — Ruby does NOT sell your personal data
Right to non-discrimination for exercising your privacy rights
Right to limit the use of sensitive personal information
European Union Residents (GDPR)
If you are located in the European Economic Area, you have rights under the General Data Protection Regulation:
Legal Basis: We process your data based on consent, contractual necessity, and legitimate interest.
Right to restrict processing of your data
Right to object to data processing
Right to withdraw consent at any time
Right to lodge a complaint with your local data protection authority
Ruby does not make automated decisions with legal or similarly significant effects based solely on automated processing.
United Kingdom Residents (UK GDPR)
If you are located in the United Kingdom, you have equivalent rights under the UK General Data Protection Regulation, including all rights described in the GDPR section above.
How to Exercise Your Rights
You can exercise your privacy rights by navigating to Settings > Data & Privacy within the app, or by contacting us at privacy@luna-utk.com.
We will respond to all verified requests within 30 days. Complex requests may take up to 45 days, in which case we will notify you of the extension. Identity verification is required to process data requests to protect your security.
10. Children's Privacy
Ruby is not intended for use by children.
COPPA Compliance: Ruby is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13.
GDPR (Minors): In the European Union, Ruby is not intended for users under the age of 16 without verifiable parental consent.
App Store Rating: Ruby is rated 17+ on the Apple App Store.
If you believe that a child has provided us with personal information, please contact us immediately at privacy@luna-utk.com and we will take steps to delete such information.
11. International Data Transfers
Ruby is based in the United States. If you access our services from outside the United States, your data will be transferred to and processed in the United States.
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we ensure appropriate safeguards for international data transfers through:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
12. Cookies, Tracking & Apple Privacy
Ruby is a native mobile application and does not use browser cookies.
On-Device Storage: We use AsyncStorage and SecureStore for local data storage on your device, protected by platform-level security.
No Ad Tracking: Ruby does not use advertising tracking. We do not collect the Identifier for Advertisers (IDFA) and do not require an App Tracking Transparency (ATT) prompt.
Privacy Nutrition Labels: Our App Store privacy nutrition labels accurately reflect our data collection practices.
13. Auto-Execute & Device Actions
Ruby can perform actions on your device based on your voice or text commands:
How Actions Work: Ruby's AI interprets your intent and executes actions via native device APIs and deep links to third-party applications.
Data Used: Only the specific parameters needed for an action are used (e.g., a phone number to place a call, an address to open in Maps). No additional personal data is included.
Auto-Execute: Automatic action execution is configurable in your settings. We recommend keeping it off by default and confirming actions before execution.
Third-Party Apps: When Ruby opens third-party apps via deep links, no personal data is transmitted to those applications.
Action Logs: All executed actions are logged in your conversation history and can be reviewed and deleted at any time.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
Material Changes: For significant changes, we will provide an in-app notification, update the "Last updated" date, and may re-request your consent where required.
Non-Material Changes: Minor clarifications or formatting changes may be made without notice.
Your continued use of Ruby after changes are posted constitutes your acceptance of the updated Privacy Policy. Previous versions of this policy are available upon request.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: