Legal
Privacy Policy
Last updated: 2026-03-09
01Introduction
This Privacy Policy describes how Iris ("the App") handles personal information and data. Iris is an application that delivers screenshots taken on remote servers to iOS devices using end-to-end (E2E) encryption.
The App is designed based on privacy-by-design principles. The relay server temporarily holds only ciphertext and has no technical means to view the contents of any image.
02E2E Encryption Design
All images sent and received through Iris are encrypted using ECIES (Elliptic Curve Integrated Encryption Scheme) based on the P-256 elliptic curve. Specifically, the system uses ECDH key exchange, HKDF-SHA256 key derivation, and AES-256-GCM authenticated encryption.
The decryption key (private key) exists only in the iPhone's Secure Enclave. This key cannot be exported from the device. The Relay operator, Cloudflare, and any other third party have no means of accessing image contents.
03Data We Process
The following data is processed by the App and the Relay server.
| Data | Storage | Retention | Purpose |
|---|---|---|---|
| Encrypted images | Relay (KV) | 30 minutes | Delivery to iOS app |
| channel_id | Relay (KV) | 30 days | Routing identifier |
| push_token hash | Relay (KV) | 30 days | CLI authentication (hash only) |
| pull_token hash | Relay (KV) | 30 days | iOS authentication (hash only) |
| public_key | Relay (KV) | 30 days | Public key used by CLI for encryption |
| APNs device token | Relay (KV) | 30 days | Push notification destination |
| device_name | Relay (KV) | 30 days | Channel display label |
| Private key | iOS Secure Enclave | Until device erase | Image decryption |
| pull_token | iOS Keychain | Until device erase | Authentication for fetching images from Relay |
04Data We Do Not Collect
The App does not collect any personally identifiable information such as names, email addresses, or phone numbers. There is no account registration or login functionality. The App does not access location data, contacts, calendars, photo libraries, or any other iOS system data. No usage analytics or crash reports are sent to external services. There is no advertising tracking or data sharing with third parties.
05Data Protection
Encrypted images on the Relay are automatically deleted after 30 minutes. Channel information (channel_id, token hashes, public key, device token) is automatically deleted after 30 days. Tokens in the iOS Keychain and the private key in the Secure Enclave persist across app reinstallation due to iOS platform behavior. These are permanently erased when the device is erased or reset.
Authentication tokens (push_token, pull_token) stored on the Relay are kept only as SHA-256 hashes. The original token values cannot be recovered from the Relay.
06Third-Party Services
The App uses the following third-party services.
| Service | Provider | Purpose |
|---|---|---|
| Workers / KV | Cloudflare | Relay server hosting and data storage |
| APNs | Apple | Push notification delivery to iOS devices |
All data stored in Cloudflare Workers and KV is either encrypted or hashed. Cloudflare cannot access image contents. Only notification payloads (image ID and channel ID) are sent to APNs; no image data is included.
07Children's Privacy
The App is a developer tool and is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.
08Changes to This Policy
This Privacy Policy may be updated from time to time. Any significant changes will be indicated by updating the "Last updated" date at the top of this page.
09Contact
If you have any questions about this Privacy Policy, please reach out through the GitHub repository's Issues.