Privacy Policy

App: Evie

Developer: Human Before AI

Online version: https://evie.humanbeforeai.org/privacy

Effective date: 2026-05-24

Last updated: 2026-05-24

This Privacy Policy describes how Evie (the "App") handles information when you use it on your iPhone or iPad. We have designed the App to keep your data on your device. We do not operate any backend servers that receive your conversations.

1. Summary

Your microphone audio is transcribed on-device by Apple's Speech framework. We require on-device recognition; audio is not sent to Apple's servers for transcription.
The language model (Gemma, by Google) and the text-to-speech model (Kokoro) run entirely on your device. Your prompts and the model's responses are not transmitted to us or to any third party during a conversation.
We do not have user accounts, do not collect analytics, and do not use advertising identifiers.
The App downloads model files over the internet on first launch from public model repositories. These downloads do not include any personal data about you.
Evie Pro purchases are processed by Apple via the App Store. We receive an entitlement signal only; we do not receive your payment details, Apple ID, or name.

2. Information processed on your device

When you press and hold the microphone button:

The App captures audio from your microphone and passes it to Apple's SFSpeechRecognizer configured to require on-device recognition.
The transcribed text is sent to the on-device language model to generate a response.
The response text is sent to the on-device text-to-speech engine to produce audio.

All of the above happens locally on your device. The audio recording itself is held in memory only for the duration of your utterance and is not written to persistent storage by the App.

3. Information stored on your device

The App may store the following locally:

Conversation history — the text of your messages and the model's replies, organized by profile, so that you can view conversations within the App.
Profiles — each household profile (kid / teen / adult) and its settings, audience preferences, allowed-hours schedule, and on-device safety state.
On-device safety flags — when a child's utterance triggers Evie's on-device classifier (self-harm, fear/threat, bullying, etc.), the flag and the surrounding text are stored locally so the parent can review them inside the App. Safety flags never leave the device.
Downloaded model files — the Gemma language model, the Kokoro voice model, and supporting assets, cached so you do not have to re-download them.
App settings — your preferences such as theme, audience mode, learning mode, and parent controls.
Pro entitlement cache — a local copy of whether StoreKit currently grants you Evie Pro. The underlying purchase record lives with Apple, not with us.

This information stays on your device. You can remove it at any time by deleting conversations from within the App, deleting individual profiles, or deleting the App, which removes all associated data.

4. Information we do not collect

We do not collect, receive, or have access to:

The content of your conversations or your voice recordings.
Your name, email address, phone number, contacts, photos, location, or any other identifier.
Your child's utterances, safety flags, or any parent-mode state.
Crash logs, performance metrics, or behavioral analytics.
Advertising identifiers (IDFA) or other tracking identifiers.
Your Apple ID, payment card, or billing address (these are handled by Apple, not by us — see Section 8).

5. Network activity

The App makes network requests in the following limited situations:

Model downloads on first launch (and when models are updated), fetched from public repositories such as Hugging Face. These requests do not include personal data about you beyond what is inherent to any HTTPS request (e.g., your IP address, which the model host may log under its own policy).
App Store / StoreKit — when you tap "Restore Purchases" or initiate a purchase, iOS talks to Apple's servers on Evie's behalf. We never see or store the underlying network traffic; we only receive an entitlement boolean back from the OS.
Operating-system level requests that Apple's frameworks may make (for example, certificate validation). These are governed by Apple's privacy practices.

The App does not phone home, does not send telemetry, and does not contact any servers operated by us during normal use after model files are downloaded.

6. Permissions

The App requests the following iOS permissions:

Microphone (NSMicrophoneUsageDescription) — required to capture your voice for on-device transcription.
Speech Recognition (NSSpeechRecognitionUsageDescription) — required to convert your speech to text using Apple's on-device recognizer.

You can revoke either permission at any time in iOS Settings → Privacy & Security. The App will not function as a voice assistant without these permissions, but it will not transmit your data either way.

7. Children's privacy

Evie is designed for family use, including children, and ships in the App Store rated for that audience. Because the App runs entirely on-device and we operate no servers, we collect no personal information from anyone, including children. We do not knowingly receive personal information from a child user under any circumstances.

Parent-mode controls (audience selection, allowed hours, safety monitoring, history deletion, profile management) are gated behind an in-app math challenge so children cannot change them on their own. The parent is the account holder on the device and is solely responsible for supervising a child's use of the App and for managing on-device data.

If you are a parent or guardian and want to remove a child's on-device data, delete the child's profile from inside the App, or delete the App, which removes all associated data. There is no server-side data for us to delete.

8. In-app purchases (Evie Pro)

Evie offers an optional paid upgrade, Evie Pro, sold by Apple through the App Store as one of two products:

Evie Pro — Lifetime (evie.pro.lifetime): one-time purchase.
Evie Pro — Annual (evie.pro.annual): auto-renewing subscription.

Purchases are processed by Apple via StoreKit. All payment information, billing address, Apple ID details, and transaction history are handled by Apple under Apple's Privacy Policy (https://www.apple.com/legal/privacy/). Human Before AI does not see or store your payment card, billing details, or Apple ID.

What we do see is an entitlement signal from StoreKit telling the App whether your device currently has Pro features unlocked. This signal is processed locally; it is not transmitted to any server operated by us.

If you initiate "Restore Purchases", the App asks StoreKit (on Apple's servers) for your current entitlements. Apple's privacy practices apply to that request.

9. Third-party services

The App incorporates open-source components listed in the in-app Acknowledgements screen. The App does not embed third-party analytics SDKs, advertising SDKs, social-login SDKs, or third-party payment SDKs.

When the App downloads model files, the request is sent to the model host (e.g., Hugging Face). The host's own privacy policy applies to those requests. We do not control and are not responsible for those third parties.

10. Security

Because your conversation data does not leave your device, the primary security boundary is your device itself. We rely on iOS sandboxing and your device passcode/biometrics to protect locally stored data. We recommend keeping iOS up to date and using a device passcode.

11. International users

The App is designed to work without sending your data anywhere. There is no cross-border transfer of your conversation content because we do not receive it. Model-file downloads are subject to the host's infrastructure, which may be located outside your country. Apple's App Store and StoreKit infrastructure handles purchases and may transfer purchase data internationally under Apple's privacy practices.

12. Your rights

Because we do not hold your data, requests to access, correct, or delete personal data we hold about you will return an empty result — we have no records to produce. You can manage all of your data directly on your device:

Access: view your conversation history inside the App, per profile.
Delete: remove individual conversations within the App, delete a profile, or delete the App to remove everything.
Purchases: view, restore, or cancel through iOS Settings → [your name] → Subscriptions, or via the App Store.

If you are in a jurisdiction with statutory privacy rights (e.g., GDPR, UK GDPR, CCPA, the Australian Privacy Act / APP), you may still contact us at evie@humanbeforeai.org and we will respond within the timeframe required by applicable law.

13. Changes to this policy

We may update this policy. Material changes will be reflected by an updated "Last updated" date and, where appropriate, a notice within the App. Your continued use of the App after an update constitutes acceptance of the revised policy.

14. Contact

Questions about this policy:

evie@humanbeforeai.org

Human Before AI