Legal
Privacy Policy
Last updated: March 3, 2026
Iris Studio ("we", "us", "our") is a native desktop application for AI-powered creative workflows. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and the choices you have.
1. Our Privacy-First Approach
Iris Studio is designed so that the majority of your creative work stays on your local machine. Your AI-generated media, prompts, moodboards, collections, and project files are stored in a local SQLite database on your computer — not on our servers.
When using managed credits, your generation requests are routed through our servers to AI providers. We do not store your generated content on our servers.
2. Data Stored Locally on Your Device
The following data is stored entirely on your computer and never leaves your device unless you explicitly choose to share it:
- AI generation history — prompts, parameters, model selections, and generation results
- Media library — downloaded images, videos, thumbnails, and file metadata
- Moodboards — canvas layouts, items, and positions
- Collections & tags — your organizational structure for media
- Prompt templates — saved templates and block definitions
- Search history — image search queries and preferences
- API keys — stored in a local configuration file on your device
On macOS, local data is stored in ~/Library/Application Support/iris-studio-desktop/. You can delete this data at any time.
3. Data We Collect on Our Servers
When you create an Iris Studio account or use our web platform, we collect and store the following on our servers:
Account information
- Email address, display name, and profile picture
- Authentication credentials (hashed passwords or OAuth tokens)
- Country (determined via geolocation at signup)
Workspace data
- Workspace name, slug, and settings
- Team member emails, names, and roles
- Device registrations (device name, platform, app version)
Usage & billing (managed credits plan only)
- Generation requests — model, provider, media type, status, and cost
- Credit balance and transaction history
- Subscription status and billing cycle
Support & communications
- Live chat messages and conversation metadata if you contact support
- Product feedback and feature requests you submit
4. Third-Party Services
We use the following third-party services to operate Iris Studio. Each service receives only the data necessary for its function:
| Service | Purpose | Data shared |
|---|---|---|
| Replicate | AI image & video generation | Prompts, generation parameters, uploaded reference images |
| Fal.ai | AI image generation | Prompts, generation parameters |
| Kling AI | AI video generation | Prompts, generation parameters |
| Stripe | Payment processing | Email, subscription details (we never see your full card number) |
| Convex | Backend database & real-time sync | Account and workspace data |
| Resend | Transactional emails | Email address |
| Vercel | Web hosting & analytics | Page views, performance metrics, IP-based geolocation |
| OAuth sign-in, image search | Email and profile info (OAuth); search queries (image search) |
When using managed credits, your prompts and generation parameters are sent to AI providers through our platform to process your generation requests.
5. AI-Generated Content
When you generate images or videos through Iris Studio, your prompts and input parameters are sent to the selected AI provider for processing. Generated outputs are downloaded to your local machine.
Please review each AI provider's own privacy policy for details on how they handle generation requests and outputs. Uploaded reference images on Replicate are automatically deleted after 24 hours.
6. Analytics
Our web application uses Vercel Analytics and Speed Insights to understand page views and performance. These collect anonymized usage data such as page URLs, browser type, and load times. No personal information or creative content is included.
The desktop application does not include any third-party analytics or tracking services.
7. Cookies & Local Storage
We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party services (Vercel, Stripe) may set their own cookies as described in their respective policies.
8. Data Security
We take reasonable measures to protect your data, including:
- The desktop app uses Electron's context isolation and disables Node.js integration in the renderer process
- API keys are stored only in the main process and never exposed to the browser context
- Passwords are hashed before storage
- All server communication uses HTTPS/TLS encryption
- Stripe handles all payment data — we never store card details
9. Data Retention & Deletion
Local data: You have full control. Delete it at any time by removing the application data folder or uninstalling the app.
Server data: Your account data is retained while your account is active. You can request deletion of your account and associated data by contacting us at the email below.
Third-party data: Data held by AI providers, Stripe, and other third parties is subject to their respective retention policies.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and data
- Export your data in a portable format
- Withdraw consent for optional data processing
To exercise these rights, contact us at dev@iristech.my.
11. Children's Privacy
Iris Studio is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of Iris Studio after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this privacy policy or your data, contact us at dev@iristech.my.