← Back to home

Privacy Policy

Last updated: December 13, 2025

Introduction

InferrLM ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application ("App").

By using InferrLM, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register for an InferrLM account (optional for using remote models), we collect:

  • Email address
  • Display name
  • Authentication provider (email/password, Google Sign-In, or Apple Authentication)
  • Email verification status

2.2 Device and Security Information

For security and account protection purposes, we collect:

  • Device platform (iOS/Android)
  • Operating system version
  • Device type, brand, and model
  • IP address and approximate geolocation (city, region, country) derived from IP
  • Authentication timestamps and session information
  • Failed authentication attempt counters (for rate limiting)

2.3 Usage Analytics

To improve app experience and determine when to request reviews, we store locally on your device:

  • First app open timestamp
  • Total usage time and session count
  • In-app review request status

This data remains on your device and is not transmitted to our servers.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and provide access to cloud-based models (optional feature)
  • Protect your account from unauthorized access and attacks
  • Detect suspicious login activities and security threats
  • Send email verification and important account notifications
  • Improve security through rate limiting and threat detection
  • Comply with legal obligations

4. Data Storage and Security

4.1 Local Storage

Most of your data is stored locally on your device:

  • Authentication state is stored locally with device encryption
  • App preferences and settings are stored locally with device encryption
  • AI model files are downloaded and stored locally on your device
  • Chat conversations with local AI models are stored locally and never transmitted
  • RAG (Retrieval-Augmented Generation) vector databases are stored locally
  • Usage analytics remain on your device

4.2 Cloud Storage

When you create an account, the following is stored in Firebase Firestore:

  • User profile information (email, display name, verification status)
  • Account creation and last login timestamps
  • Security information (last login device info, geolocation data)
  • Account settings and preferences

4.3 Security Measures

We implement multiple security layers:

  • TLS/SSL encryption for all data transmission
  • iOS Keychain and Android KeyStore for sensitive data
  • Password validation with minimum requirements
  • Rate limiting to prevent attacks (5 attempts, 15-minute lockout)
  • Email verification for account creation
  • Input sanitization to prevent injection attacks
  • Trusted email provider validation
  • Temporary email address blocking

5. On-Device AI Processing

InferrLM's core functionality prioritizes privacy through local processing:

  • AI models run entirely on your device using llama.cpp
  • Apple Foundation models are supported on compatible iOS devices
  • Conversations with local models are stored only on your device and never transmitted
  • Model files are downloaded securely from HuggingFace
  • RAG (Retrieval-Augmented Generation) processes documents locally
  • Document OCR and text extraction happen on-device
  • Vector embeddings are generated and stored locally

Remote AI models (OpenAI, Gemini, Anthropic, DeepSeek) are optional and require your own API keys. When using remote models, your prompts are sent directly to those providers and subject to their privacy policies.

6. Device Permissions

The app requests the following permissions for specific features:

  • Camera: Capture photos to send to AI models with vision capabilities
  • Photo Library: Save captured photos and select images for upload
  • File Storage: Store AI models, chat history, and document embeddings
  • Network Access: Download models, authenticate accounts, and use remote AI services
  • Local Network: Enable the built-in HTTP server for sharing your chat interface on WiFi
  • Notifications: Alert you about model download completion
  • Background Tasks: Continue model downloads when app is in background

All permissions are optional and requested only when needed for the specific feature.

7. Local Server Feature

InferrLM includes an optional local HTTP server that:

  • Runs entirely on your device on your local WiFi network
  • Exposes REST APIs to access your local AI models from other devices
  • Supports peer-to-peer connections for secure communication
  • Does not transmit data outside your local network
  • Can be started/stopped at your discretion from the Server tab
  • Uses TCP signaling for peer-to-peer connection establishment

When the server is running, devices on your WiFi network can access your InferrLM instance through the provided URL or QR code.

8. Third-Party Services

We use the following third-party services:

  • Firebase Authentication: Account management and authentication (optional, only if you use remote models)
  • Google Sign-In: Optional authentication method
  • Apple Authentication: Optional authentication method for iOS devices
  • HuggingFace: Model downloads (no account required)
  • IP Geolocation Service: For security monitoring (approximate location only)

Third-party AI providers (when using remote models with your API keys):

  • OpenAI (ChatGPT)
  • Google Gemini
  • Anthropic (Claude)
  • DeepSeek

Each third-party service has its own Privacy Policy and Terms of Service. We do not control and are not responsible for their privacy practices.

9. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data only in the following circumstances:

  • Service providers: Firebase for authentication and data storage
  • Legal requirements: If required by law or to protect rights and safety
  • Remote AI providers: Only when you choose to use them with your own API keys

10. Security Measures

We implement comprehensive security measures throughout the app:

  • End-to-end encryption for data transmission (TLS/SSL)
  • Platform-native secure storage (iOS Keychain, Android KeyStore)
  • Rate limiting and attack prevention (5 attempts, 15-minute lockout)
  • Input sanitization and validation
  • Email verification requirements
  • Session timeout and automatic logout
  • Secure backup rules for sensitive data
  • Regular security audits and updates

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

11. Your Rights and Choices

You have the following rights regarding your data:

  • Access: View your personal information stored in your account
  • Correction: Update inaccurate or incomplete information
  • Deletion: Delete your account and associated data at any time
  • Opt-out: Choose not to create an account (local models work without authentication)
  • Export: Request a copy of your data
  • Local-only mode: Use the app entirely offline without any account

12. Data Retention

Data retention varies by type:

  • Account data: Retained while your account is active
  • Local chat history: Stored indefinitely on your device until you delete it
  • Local models: Stored until you manually delete them
  • RAG documents: Stored locally until you clear the database
  • Security logs: Retained for 90 days for security monitoring
  • Deleted accounts: Permanently removed within 30 days, except data retained for legal purposes

13. Children's Privacy

InferrLM is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us to have it removed.

14. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Firebase services are hosted globally. By using InferrLM, you consent to such transfers. We ensure appropriate safeguards are in place.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Changes become effective immediately upon posting.

We encourage you to review this Privacy Policy periodically for any updates. Continued use of the app after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

sage_mastermind@outlook.com