Privacy Policy — LorisLabs

Introduction

LorisLabs ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how our applications — Clasp, TypeMetrics, Moi, Lumen for Frigate, CoreShield AI, Sinkhole, Synthesis, and Éclair (collectively, the "Apps") — handle your information. Our guiding principle is simple: your data belongs to you, and it stays on your device.

By using our Apps, you agree to the practices described in this policy.

Data Controller

The data controller for all personal data processed through the Apps is:

LorisLabs
Kevin Nadjarian, Sole Proprietor
Email: support@lorislab.fr
Website: https://lorislab.fr

LorisLabs has not appointed a Data Protection Officer (DPO) as the scale of our data processing does not meet the thresholds set by GDPR Article 37. For any data protection inquiries, please contact us at support@lorislab.fr.

Lawful Basis for Processing

For the limited data processing activities in our Apps, we rely on the following lawful bases under GDPR Article 6(1):

Consent (Art. 6(1)(a)): Community features (profiles, incident reporting, traffic data sharing, carpooling), optional cloud AI integrations, and any data shared via CloudKit. You may withdraw consent at any time by disabling the relevant feature in Settings or deleting your community profile. Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal.
Contract performance (Art. 6(1)(b)): On-device data processing required to provide the core functionality you have requested — route calculation, navigation, energy modeling, parking search, and vehicle data display.
Legal obligation (Art. 6(1)(c)): Retention of carpooling ride records for 12–24 months to comply with potential law enforcement requests (réquisition judiciaire) under French procedural law.
Legitimate interest (Art. 6(1)(f)): Freemium usage tracking (e.g., parking search count) to enforce feature gating. This data is stored locally and never transmitted.

Website Analytics

We use Umami, a privacy-friendly, open-source analytics tool that we self-host on our own servers. If you accept analytics when visiting our website:

What we collect: Page views, referrer source (e.g., Google, direct), country-level location, device type (desktop/mobile), and operating system. We also track whether you click an App Store download button (as an aggregate count, not tied to you).
Where it's stored: On our own self-hosted server. No data is sent to third parties.
Retention: Analytics data is retained for 12 months, then automatically deleted.
No cookies: Umami does not set any cookies. Your IP address is anonymized and never stored.
Your choice: Analytics only load if you explicitly accept. You can change your preference at any time via the "Privacy Settings" link in the footer of every page.

Learn more about Umami's privacy practices at umami.is.

Information We Collect

We collect minimal to no personal data. Our Apps are designed with a privacy-first architecture, meaning we have no servers collecting your information, no user accounts, and no analytics SDKs embedded in our code.

Specifically, we do not collect:

Personal identifiers (name, email, phone number)
Usage analytics or behavioral data
Location data
Device fingerprints or advertising identifiers
Clipboard contents, typing data, conversations, or any user-generated content

The only information we may receive is anonymized, aggregated data from Apple (such as crash reports and install counts) through Apple's App Analytics program, which you can opt out of in your device settings.

How Our Apps Work

All of our Apps are built to process data entirely on your device. There is no cloud component, no remote database, and no server infrastructure operated by LorisLabs for user data.

On-Device Data Storage

Your data — clipboard history, text snippets, typing statistics, AI conversations, camera feeds, network logs, and all other app content — is stored locally on your device using Apple's SwiftData framework and system-level encrypted storage. When you delete an app, all associated data is removed from your device.

On-Device AI Processing

AI-powered features in our Apps (such as content classification in Clasp, posture analysis in TypeMetrics, and threat detection in CoreShield AI) run on-device using Apple's CoreML framework. No data is sent to external servers for AI processing unless you explicitly choose to use an optional cloud-based AI provider.

App-Specific Details

Clasp monitors your system clipboard locally to provide clipboard history and manages audio recordings, contacts, calendar events, reminders, mail metadata, notes, messages, and user-selected files for on-device semantic search. See the "Clasp — Clipboard & Semantic Search Privacy Details" section below for full details.
TypeMetrics records typing metrics locally. The AI Vision Coach analyzes camera input on-device for posture feedback — no facial data, biometrics, or images are stored or transmitted. On visionOS, TypeMetrics uses ARKit hand tracking to provide real-time finger placement feedback during typing sessions. Hand position data is processed entirely on-device in real time; no hand tracking video, skeletal data, or hand images are stored, recorded, or transmitted to any server.
Moi stores all conversations, memory, and indexed documents locally. System integrations (Calendar, Mail, Notes, Contacts) are accessed through Apple's official APIs with your explicit permission.
Lumen for Frigate connects directly to your self-hosted NVR over your local network or VPN. We do not operate relay servers or have access to your camera feeds. See the "Face Data (Lumen for Frigate)" section below for details on how face recognition data is handled.
Lumen Cam uses your device's camera and microphone to stream video over your local network to your self-hosted Frigate NVR. All streaming occurs directly between your device and your server — no data passes through LorisLabs servers. Camera and audio data are never recorded or stored by the app. Frigate server credentials are stored in iCloud Keychain (shared with Lumen for Frigate).
CoreShield AI inspects network traffic locally using a macOS Network Extension. All threat analysis runs on-device via CoreML. Packet contents are never stored or transmitted externally.
Sinkhole intercepts DNS queries on-device using a local-only VPN tunnel (NEPacketTunnelProvider). The VPN tunnel connects to 127.0.0.1 — no traffic leaves your device. All DNS query logs are stored locally in an on-device SQLite database and are never transmitted to any server. See the "Sinkhole — DNS Firewall Privacy Details" section below.
404 Network performs network diagnostics (ping, traceroute, port scanning, speed tests, device discovery) entirely on-device. Network scan results are stored locally in SwiftData. When Community Map sharing is enabled (opt-in), anonymized speed test results (ISP name, connection type, approximate location rounded to ~500m) are shared via CloudKit. Router integration credentials are stored in the iOS Keychain. See the "404 Network — Network Diagnostics Privacy Details" section below.
Synthesis stores all notes, notebooks, flashcards, study data, and attachments locally on your device using Apple's SwiftData framework. AI features (summarization, flashcard generation, quiz creation) run entirely on-device using Apple's Foundation Models framework — no data is sent to external servers unless you explicitly configure an optional cloud AI provider with your own API key.
Heol is a privacy-first email client. All email data (messages, metadata, contacts, AI analysis) is stored locally in an encrypted on-device database. Phishing detection runs entirely on-device via CoreML — no email content is ever sent to external servers for threat analysis. IMAP/SMTP credentials are stored in the iOS/macOS Keychain. See the "Heol — Email Client Privacy Details" section below for full details.
LumenTV is the Apple TV companion to Lumen for Frigate. It connects directly to your self-hosted NVR over your local network or VPN. No camera feeds, detection data, or credentials pass through LorisLabs servers. Server credentials are stored in the tvOS Keychain and synced from Lumen via iCloud Keychain.
Éclair is an electric vehicle navigation and trip planning app. It processes route calculations, energy models, and AI coaching entirely on-device. Location data is used for navigation and is stored locally. Vehicle data (SoC, battery health) from OBD-II adapters or brand APIs is processed and stored on-device. Parking searches use OpenStreetMap and ParkAPI — no personal data is sent with these queries. If you opt in to community features (traffic sharing, incident reporting, carpooling), anonymized or pseudonymized data is shared via CloudKit. See the "Éclair — EV Navigation Privacy Details" section below.
AuroraPulse is currently in development. Privacy details will be published before the app launches. Like all LorisLabs apps, AuroraPulse will be built on our privacy-first architecture with on-device processing and no analytics SDKs.

Synthesis — Education App Privacy Details

Data Storage

All user content in Synthesis — including notes, notebooks, pages, flashcards, drawings, templates, study statistics, and attachments — is stored locally on your device. When iCloud sync is enabled (opt-in), data is synced across your devices using Apple's CloudKit framework with Apple's end-to-end encryption. LorisLabs never has access to your synced data.

On-Device AI

Synthesis uses Apple's Foundation Models framework (available on Apple Silicon devices running iOS 26+) for AI-powered features including summarization, flashcard generation, quiz creation, and writing assistance. All AI processing occurs entirely on your device. No prompts, notes, or generated content are transmitted to LorisLabs or any third party.

If you choose to configure an optional third-party cloud AI provider (such as OpenAI or Anthropic), data you send to those services is governed by their respective privacy policies. This feature is off by default, requires your explicit configuration, and API keys are stored securely in the iOS/macOS Keychain.

Device Permissions

Synthesis may request the following permissions, each used solely for on-device functionality:

Camera — For scanning documents and capturing images to embed in notes. Images are stored locally and never transmitted.
Microphone — For voice annotations attached to blocks and audio recording within pages. Audio data is stored locally and never transmitted.
Speech Recognition — For on-device voice-to-text transcription. Processing occurs entirely on-device using Apple's Speech framework.
Photo Library — For importing images into notes. Selected images are copied into the app's local storage.

No Analytics or Tracking

Synthesis contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. We do not collect usage patterns, session data, feature usage statistics, or any behavioral data. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Children's Privacy & Education Compliance

Synthesis offers a "Young Student" persona designed for learners under 13, which includes parental controls and age-appropriate content. Because Synthesis processes all data on-device with no data collection by LorisLabs:

COPPA (Children's Online Privacy Protection Act) — Synthesis does not collect personal information from children or any users. Parental consent is recommended for users under 13.
FERPA (Family Educational Rights and Privacy Act) — Synthesis does not access, collect, or store education records. All student data remains on the student's device under their control.
GDPR (General Data Protection Regulation) — As no personal data is collected or processed by LorisLabs, GDPR data subject rights (access, rectification, erasure, portability) are inherently satisfied — your data is always under your control on your device.

iCloud Sync

When you enable iCloud sync in Synthesis (disabled by default), your data is synced using Apple's CloudKit with the following protections:

Data is encrypted in transit using TLS and at rest on Apple's servers.
LorisLabs cannot access your synced data — it is stored in your private CloudKit database tied to your Apple ID.
You can disable sync at any time in the app's settings. Disabling sync does not delete your local data.
File attachments are synced as CloudKit Assets with the same encryption protections.

Clasp — Clipboard & Semantic Search Privacy Details

Data Accessed On-Device

Clasp v2.6 accesses the following data types. All processing and storage occurs entirely on your device. LorisLabs never receives, transmits, or has access to any of this data.

Clipboard Data — Text, images, files, and links copied to your system clipboard are captured and stored locally to provide clipboard history, pinning, and snippet features.
Audio Recordings / Microphone — When you use the Audio Notes feature, Clasp records audio via the device microphone. Recordings are transcribed on-device using Apple's speech recognition (Whisper-based). Audio files and transcriptions are stored locally and are never transmitted to any server.
Contacts — Names, email addresses, phone numbers, and postal addresses are read from your Contacts via Apple's Contacts framework to enable semantic search. Contact notes are not accessed. This data is indexed locally and never leaves your device.
Calendar Events — Event titles, dates, and locations are read via Apple's EventKit framework for semantic search indexing. This data is stored locally and never transmitted.
Reminders — Reminder titles and due dates are read via Apple's EventKit framework for semantic search indexing. This data is stored locally and never transmitted.
Mail Metadata (macOS only) — Sender names, email subjects, and dates are read from Spotlight metadata indexes on macOS for semantic search. Clasp does not access email body content. This metadata is indexed locally and never transmitted.
Notes (macOS only) — Note titles and content are read via AppleScript on macOS for semantic search indexing. This data is stored locally and never transmitted.
iMessages (macOS only) — Message text, sender information, and dates are read from the local Messages database (chat.db) on macOS for semantic search. This requires Full Disk Access, which you grant explicitly in System Settings. Message data is indexed locally and never transmitted.
Files (macOS only) — Contents of folders you explicitly select are indexed for semantic search. Clasp only accesses folders you have granted via the macOS file picker — no other files are accessed. File content is indexed locally and never transmitted.
Keyboard Input (iOS only) — Clasp provides an optional custom keyboard extension for snippet expansion. Keystroke data is processed in real-time in memory and is never logged, stored, or transmitted. The keyboard extension has no network access.

Semantic Search & Embeddings

Clasp generates text embeddings (vector representations) of your indexed content using Apple's on-device NaturalLanguage framework. These embeddings are stored in a local SQLite database on your device and are used exclusively for semantic search. Embeddings cannot be reverse-engineered into the original text. No embeddings or search queries are transmitted to any server.

Optional Cloud AI Features

Clasp allows you to optionally configure a third-party AI provider (such as OpenAI) by providing your own API key. If you enable this feature:

Data you send to the AI provider (prompts, clipboard text) is transmitted to their servers and governed by their privacy policy.
This feature is off by default and requires your explicit configuration.
Your API key is stored securely in the iOS/macOS Keychain and is never transmitted to LorisLabs.
You can disable this integration at any time and revert to fully on-device processing.

Device Permissions

Clasp requests system permissions only when you enable the corresponding feature. Each permission is used solely for on-device functionality:

Microphone — Required for Audio Notes. Requested when you first create an audio note.
Contacts — Required for contact semantic search. Requested when you enable contact indexing in Settings.
Calendars & Reminders — Required for calendar and reminder semantic search. Requested when you enable these sources in Settings.
Full Disk Access (macOS) — Required for iMessage indexing. You grant this manually in System Settings > Privacy & Security.
Full Keyboard Access (iOS) — Required for the snippet expansion keyboard. You enable this in Settings > General > Keyboard.

iCloud Sync

Clasp supports iCloud sync for clipboard items, snippets, and settings across your devices using Apple's CloudKit framework. When enabled, data is encrypted in transit and at rest by Apple. LorisLabs cannot access your synced data. You can disable sync at any time in the app's settings.

Data Retention & Deletion

All Clasp data — clipboard history, audio recordings, semantic search indexes, and embeddings — is stored locally on your device. You can delete individual items, clear all history, or remove specific source indexes at any time within the app. Uninstalling the app removes all associated data from your device.

No Analytics or Tracking

Clasp contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

GDPR Compliance

As no personal data is collected or processed by LorisLabs, your GDPR data subject rights (access, rectification, erasure, portability, restriction of processing, and the right to object) are inherently satisfied — all data resides on your device under your exclusive control. You are the sole data controller. If you use the optional cloud AI integration, the third-party AI provider acts as an independent data controller for data you send to their service, and their own GDPR policies apply.

Sinkhole — DNS Firewall Privacy Details

How Sinkhole Works

Sinkhole creates a local-only VPN tunnel on your iPhone using Apple's NEPacketTunnelProvider framework. The VPN tunnel connects to 127.0.0.1 (localhost) — it does not route your traffic through any external server. DNS queries are intercepted, checked against a locally-stored blocklist, and either blocked (returning an NXDOMAIN response) or forwarded to your configured upstream DNS provider (e.g., Cloudflare, Quad9, or Google).

Data Stored On-Device

Sinkhole stores the following data exclusively on your device in a local SQLite database:

DNS Query Log — Domain names, timestamps, blocked/allowed status, and response latency. This data is equivalent to a browsing history and is stored locally only. Logs are automatically purged based on your configured retention period (1 day, 7 days, 30 days, or indefinitely).
Blocklist Entries — Domains from blocklist sources you have added (e.g., StevenBlack, AdGuard DNS). Downloaded and stored locally.
Custom Rules — Block, allow, and redirect rules you create. Stored locally and optionally synced via iCloud KVStore (see below).
Client IP Addresses — In LAN Server mode, the local IP address of devices that query your iPhone's DNS server is logged for diagnostic purposes. These are LAN-internal addresses (e.g., 192.168.x.x), not public IPs.

No Cloud Dependency

Sinkhole operates entirely on your device. There is no LorisLabs server, no user account, no analytics, no telemetry, and no cloud processing of any kind. DNS queries are resolved by forwarding to your chosen upstream DNS provider (Cloudflare, Quad9, Google, or a custom DoH server) — LorisLabs never sees or processes your DNS traffic.

Network Extension & VPN

Sinkhole requires the iOS VPN permission to function. This is a technical requirement of Apple's platform — there is no other way to intercept DNS queries system-wide on iOS. The VPN is local-only:

Tunnel remote address: 127.0.0.1
No traffic is proxied, encrypted, or tunneled to an external server.
The VPN icon appears in the iOS status bar while Sinkhole is active.
Sinkhole does not provide anonymity, geo-unblocking, or any traditional VPN functionality.

iCloud Sync (Optional)

When enabled, Sinkhole syncs custom rules, blocklist source URLs, and settings (upstream DNS URL, operating mode, home DNS IP) across your devices using Apple's iCloud Key-Value Store. This sync includes:

Custom rule patterns and types
Blocklist source names and URLs
Wi-Fi SSID names (for per-network rules)

DNS query logs are never synced to iCloud. iCloud sync is disabled by default and can be toggled in Settings.

LAN Server Mode

In LAN Server mode, Sinkhole runs a local DNS server on your iPhone (UDP port 5053 and TCP port 8443). Other devices on your network can use your iPhone as their DNS resolver. DNS queries from these devices are logged locally on your iPhone with the querying device's LAN IP address. No data leaves your local network.

No Analytics or Tracking

Sinkhole contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Children's Privacy

Sinkhole does not collect personal information from any users, including children. The app is suitable for users of all ages. No account creation is required.

CoreShield AI — Network Security Privacy Details

How CoreShield AI Works

CoreShield AI is a macOS network security application that uses Apple's Network Extension framework to inspect network traffic locally on your Mac. All threat analysis runs on-device using Apple's CoreML framework. CoreShield AI does not route your traffic through any external server operated by LorisLabs.

Data Collected and Stored On-Device

Location Data — CoreShield AI requests location permission to identify the WiFi network you are connected to and to detect potential evil twin access points (rogue networks impersonating legitimate ones). Location data is stored locally on your device and is never shared with LorisLabs or any third party.
Bluetooth Scanning — CoreShield AI uses CoreBluetooth to scan for nearby Bluetooth devices to provide network environment awareness and detect potential threats. Bluetooth scan results are used in real-time for display purposes and are not persistently stored. No Bluetooth data is transmitted to any server.
DNS Query Logging — DNS queries made by your Mac are monitored locally for threat detection and DNS filtering. Query logs (domain names, timestamps, blocked/allowed status) are stored on your device in a local database. DNS logs are never shared externally. You control the retention period and can clear logs at any time.
Network Traffic Metadata — Connection destinations, protocols, ports, and bytes transferred are monitored for security analysis. This metadata is stored locally on your device and is never shared with LorisLabs or any third party. Actual packet contents are never stored or transmitted externally.
Device Identifiers — Bluetooth device identifiers (UUIDs, device names) are used solely for identifying nearby devices in the network environment view. These identifiers are not used for tracking and are not transmitted to any server.

Device Permissions

CoreShield AI requests the following system permissions, each used solely for on-device security functionality:

Network Extension — Required to inspect and filter network traffic on your Mac. Requires approval in System Settings > Privacy & Security.
Location — Required to identify WiFi network names (SSID) and detect evil twin access points. macOS requires location permission for WiFi network identification.
Bluetooth — Required for scanning nearby Bluetooth devices for network environment awareness.

On-Device AI

Threat detection and traffic classification in CoreShield AI use Apple's CoreML framework. All AI models run entirely on your Mac. No network traffic data, DNS queries, or security events are sent to external servers for AI processing unless you explicitly configure an optional cloud AI provider with your own API key.

No Analytics or Tracking

CoreShield AI contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

404 Network — Network Diagnostics Privacy Details

How 404 Network Works

404 Network is a comprehensive network diagnostics toolkit. It performs ping, traceroute, port scanning, DNS lookups, speed tests, device discovery, and security audits — all directly from your iOS device. Network operations are executed on-device using system APIs (ICMP sockets, NWConnection, URLSession, mDNS/Bonjour).

Data Stored On-Device

Tool Results — Ping, DNS, traceroute, speed test, port scan, and audit results are stored locally in SwiftData. These are never transmitted to any server.
Discovered Devices — IP addresses, MAC addresses, hostnames, open ports, and device types found during network scans are stored locally.
Network Profiles — Gateway IP, SSID, and scan history per network are stored locally.
Router Credentials — If you configure router integration (MikroTik, OPNsense, UniFi), credentials are stored in the iOS Keychain — never in UserDefaults, files, or cloud storage.
AI API Keys — If you configure optional cloud AI providers (Claude, OpenAI), API keys are stored in the iOS Keychain.

Community Speed Map (Opt-In)

404 Network includes an optional Community Speed Map feature. When explicitly enabled in Settings → Community → "Share Speed Results", the following anonymized data is shared via Apple CloudKit:

ISP name (detected from your public IP via Cloudflare)
Connection type (WiFi, Cellular, Ethernet)
Speed metrics (download/upload Mbps, latency, jitter, packet loss)
Approximate location — your GPS coordinates are rounded to a ~500m grid before storage. Your exact location is never stored or transmitted.

Community sharing is disabled by default. No personal identifiers (name, email, device ID) are included. Data is stored in a CloudKit public database accessible to other 404 Network users for comparing ISP performance.

Location Data

404 Network requests location permission for two purposes:

WiFi SSID detection — iOS requires location permission to access the current WiFi network name via NEHotspotNetwork.
Community Speed Map — When community sharing is enabled, your approximate location (~500m) is used to position speed results on the map.

Location data is never stored in full precision. Community map coordinates are always rounded to a ~500m grid before transmission.

Bluetooth

The BLE Scanner feature uses CoreBluetooth to discover nearby Bluetooth Low Energy devices. Device names, UUIDs, RSSI, and GATT profiles are stored locally. No Bluetooth data is transmitted to any server.

Network Extensions

404 Network includes optional VPN/content filter extensions for traffic inspection and packet capture. These extensions operate locally — no traffic is routed through external servers. The VPN tunnel connects to localhost for on-device packet analysis.

Speed Test

Speed tests download and upload data from Cloudflare's speed test infrastructure (speed.cloudflare.com). This is a direct connection between your device and Cloudflare — LorisLabs does not operate or have access to any speed test server. Cloudflare's privacy policy applies to their infrastructure.

No Analytics or Tracking

404 Network contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Third-Party Services

While our Apps themselves do not transmit data to third parties, certain optional features and external services may be involved:

Apple App Store

Our Apps are distributed through the Apple App Store. Apple may collect information related to your purchase and download activity in accordance with Apple's Privacy Policy. In-app purchases and subscriptions are processed entirely by Apple — we do not receive or store your payment information.

Optional AI API Providers

Some of our Apps (Clasp and Moi) allow you to optionally configure third-party AI providers such as OpenAI or Anthropic (Claude) by providing your own API keys. If you choose to enable these integrations:

Data you send to these services (prompts, text content) is transmitted to their servers and governed by their respective privacy policies.
This feature is off by default and requires your explicit configuration.
API keys you provide are stored securely in the iOS/macOS Keychain and are never transmitted to LorisLabs.
You can disable these integrations at any time and revert to fully on-device processing.

Apple App Analytics

We may receive anonymized, aggregated analytics from Apple about app usage (crash reports, install counts). This data cannot identify individual users. You can opt out by navigating to Settings > Privacy > Analytics on your device.

Data Security

We leverage Apple's built-in security infrastructure to protect your data:

App sandboxing restricts each app's data access to its own container.
Encrypted storage — data is stored in encrypted containers managed by the operating system.
Keychain is used for all sensitive credential storage (API keys, server passwords).
TLS encryption is used for all network communications when applicable.
No remote access — since we do not operate servers, there is no remote attack surface for your data.

Face Data (Lumen for Frigate)

Lumen for Frigate includes face recognition features that allow you to register and identify known people in your camera feeds. This section explains how face data is collected, used, and stored.

What Face Data Is Collected

When you use the face recognition feature, you may upload photographs of people from your device's photo library to your self-hosted Frigate NVR server. These photographs are used by your Frigate server to identify known people in camera feeds. The Lumen app acts solely as a client — it transmits the photos you select directly to your own server and displays face thumbnails retrieved from it.

How Face Data Is Used

Face data is used exclusively for the purpose of identifying known people in your camera feeds on your self-hosted Frigate NVR. The app displays face thumbnails and recognition results fetched from your server. LorisLabs does not process, analyze, or perform any computation on face data — all face recognition processing occurs on your own Frigate NVR hardware.

Third-Party Sharing

Face data is never transmitted to LorisLabs, Apple, or any third party. All face images and recognition data remain exclusively on your self-hosted Frigate NVR server, which you own and control. The app communicates only with your server over your local network or VPN — no relay servers or intermediaries are involved.

Storage Location

All face data is stored on your self-hosted Frigate NVR server. The Lumen app does not persistently store face images on your Apple device beyond standard temporary URL caching managed by the operating system.

Data Retention

Face data persists on your Frigate NVR server until you choose to delete it. You can delete individual face images or entire face registrations at any time through the Lumen app or through Frigate's web interface. LorisLabs has no ability to access, modify, or delete your face data as it resides entirely on hardware you control.

Your Control

You have full control over your face data at all times. You can add, view, and delete face registrations directly within the app. The face recognition feature is optional and requires your explicit action to register any face photographs.

Éclair — EV Navigation Privacy Details

Location Data

Éclair requires location permission for navigation and route planning. Your location data is processed entirely on your device and is never transmitted to LorisLabs. Location history is stored locally in SwiftData for trip analytics and driving statistics. You can delete individual trips or clear all location history at any time within the app.

Vehicle Data

Éclair connects to your electric vehicle through multiple methods:

OBD-II Bluetooth — Vehicle telemetry (state of charge, battery temperature, energy consumption) is read via a Bluetooth OBD-II adapter and processed on-device. No vehicle data is transmitted to LorisLabs.
Brand APIs (Renault, Volvo) — If you connect via a manufacturer API, authentication tokens are stored in the iOS Keychain. Vehicle data retrieved from these APIs is stored locally.
SmartCar API — If you connect via SmartCar, OAuth tokens are stored in the iOS Keychain. SmartCar's privacy policy applies to data processed by their service.
Manual Entry — No external connections. All data is stored locally.

Charging Station Data

Éclair searches for charging stations using the Open Charge Map API. Search queries contain your approximate location to find nearby chargers. No personal identifiers are included in these requests. Charger results are cached locally.

Parking Features

Éclair searches for nearby parking using third-party APIs:

OpenStreetMap Overpass API — Parking location queries are sent as geographic bounding box coordinates. No personal identifiers, device IDs, or user data are included. Results are cached locally for 7 days.
ParkAPI (parkendd.de) — Real-time parking availability queries are sent by city name and coordinates. No personal identifiers are included. City lists are cached for 24 hours.
Payment App Integration — Éclair can deep-link to third-party parking payment apps (PayByPhone, EasyPark) if installed on your device. No payment data is processed, stored, or transmitted by Éclair. You interact directly with the payment app. If the payment app is not installed, Éclair redirects to its App Store listing.

Parking search count is tracked locally for freemium gating purposes and is never transmitted.

Traffic Data Collection

Éclair includes a community traffic intelligence system. When traffic data sharing is enabled in Settings:

What is collected: Average speed per road segment, stop events, route deviation indicators, and energy consumption anomalies.
Anonymization safeguards: Raw GPS traces are never uploaded. All data is aggregated on-device into road segment averages. Coordinates are converted to H3 spatial cell hashes (not exact locations). Timestamps are coarsened to 5-minute intervals.
K-anonymity gate: Traffic data for a road segment is only uploaded to CloudKit when at least 3 users have contributed data for that segment. This prevents individual trip traces from being reconstructable.
No user IDs: Traffic segment records in CloudKit contain no user identifiers. Individual contributions are not traceable to any user.
Storage: Traffic data is stored in the CloudKit public database (iCloud.com.lorislab.eclair). LorisLabs does not operate separate servers for traffic data.

Traffic data sharing can be disabled at any time in Settings.

Community Features & Incident Reporting

Éclair includes opt-in community features that require Apple Sign-In:

Community Profile — When you sign in, a profile is created containing: your first name and last initial (e.g., "Kevin N."), vehicle model, member-since date, and a computed trust score. Your full name, email address, and Apple ID are not exposed to other users. Profiles are stored in the CloudKit public database.
Incident Reporting — You can report road incidents (accidents, police controls, road closures, hazards, construction, weather). Reports include: incident type, location, direction of travel, and your reporter ID. Other users can upvote or downvote incidents. Incidents auto-expire after 1–7 days depending on type.
Trust Score — A reputation score (0–100) is computed from an audit trail of events (confirmed incident reports, ride ratings, user reports). The score is computed from the event log — never stored as a mutable value. Trust score events are stored in CloudKit.

Community features are disabled by default and require explicit opt-in and Apple Sign-In.

Carpooling (Preview)

Éclair includes an optional carpooling feature, labeled as "Preview", that facilitates cost-sharing rides between users. This feature is structured as non-commercial ride-sharing (covoiturage) in compliance with French Transport Code Article L3132-1.

Data collected: Ride requests (origin, destination, departure time, passenger count), booking confirmations, in-ride messages between participants, post-ride ratings, and ride history.
Cost-splitting: The cost-splitting algorithm calculates shares based on actual trip costs (energy, tolls, vehicle wear). The algorithm is designed so that drivers cannot profit — cost-sharing is capped at actual trip cost.
Messaging: In-ride messages are stored in CloudKit and are visible only to ride participants. Messages are not end-to-end encrypted.
Ratings & Moderation: Post-ride ratings affect trust scores. Users with low trust scores (below 40) or who are suspended cannot access carpooling. Users can be reported, which triggers trust score penalties. Repeated offenses result in 7-day bans or permanent suspension.
Data retention: Carpooling ride records (including route, participants, and cost breakdown) are retained for 12–24 months. This retention period is required for potential law enforcement requests (réquisition judiciaire) under applicable French and EU law (GDPR Article 6(1)(c)).
Anonymized vs. identifiable data: Anonymous traffic data (segment averages with no individual traces) is kept separate from identifiable ride data (which includes participant IDs and routes).

Carpooling is off by default, requires explicit opt-in in Settings, and requires an active community profile with Apple Sign-In.

AI Features

Éclair's three-tier AI system processes data as follows:

Apple Intelligence — Runs entirely on-device. No data leaves your device.
Local LLM (Ollama) — Runs on your local network. No data leaves your network.
Cloud AI (Claude, OpenAI) — If you configure a cloud provider with your own API key, trip data you choose to analyze is sent to their servers. This is off by default. API keys are stored in the iOS Keychain. See Anthropic's Privacy Policy and OpenAI's Privacy Policy for details on how they handle your data.

Cross-Border Data Transfers

When you enable community features, data is stored in Apple CloudKit, which may process and store data on servers located outside the EU/EEA. Apple provides appropriate safeguards for international data transfers under GDPR Articles 44–49. See Apple's Privacy Policy for details.

If you connect your vehicle via SmartCar, data is transmitted to SmartCar Inc. (US-based). See SmartCar's Privacy Policy. If you use optional cloud AI providers (Anthropic, OpenAI), data is transmitted to US-based servers and is subject to their respective privacy policies.

For on-device-only usage (the default), no personal data is transferred outside your device.

CarPlay

When used with CarPlay, Éclair displays navigation and charge information on your vehicle's display. No additional data collection occurs through CarPlay beyond what is described above.

Device Permissions

Éclair requests the following permissions, each used solely for on-device functionality:

Location (Always) — Required for navigation, route tracking, background trip recording, and traffic data collection. Location data is stored locally; only anonymized segment data is shared if traffic sharing is enabled.
Bluetooth — Required for OBD-II adapter connectivity. No Bluetooth data is transmitted externally.
Speech Recognition — Required for voice commands during navigation. Processing occurs on-device.
Notifications — Required for charge alerts, navigation updates, incident alerts, and carpooling notifications.

Location Permission Justification

Éclair requests "Always" location permission (rather than "When In Use") for the following specific reasons:

Background trip recording: To accurately track your route, energy consumption, and driving statistics while the app is in the background or the screen is off during navigation.
Live Activities: To update your Lock Screen with real-time navigation progress and charge status.
Traffic data collection: If enabled, to contribute anonymized segment speed data while navigating in the background.

You can change location permission to "When In Use" or revoke it entirely at any time in iOS Settings > Privacy & Security > Location Services > Éclair. Background trip recording and traffic collection will not function without "Always" permission, but all other features remain available.

Data Retention

Éclair retains data for the following periods:

Trip history & driving statistics: Stored locally indefinitely until you delete them within the app.
Community profiles: Stored in CloudKit indefinitely until you delete your profile.
Incident reports: Auto-expire after 1–7 days depending on type.
Trust score events: Stored in CloudKit for the lifetime of your community profile. Deleted when you delete your profile.
Traffic segment data: Anonymous segment averages in CloudKit are retained indefinitely as they contain no user identifiers.
Carpooling ride records: 12–24 months (legal retention requirement), then permanently deleted.
Carpooling messages: Retained for the same period as their associated ride record (12–24 months).
Vehicle data (OBD-II readings): Stored locally indefinitely until you delete them or disconnect the vehicle.
Parking search cache: OpenStreetMap results cached 7 days; ParkAPI city lists cached 24 hours.

Data Deletion & GDPR Rights

You can delete your community profile, ride history, incident reports, and all local data at any time within the app. Deleting your community profile removes your profile record, associated trust score events, and incident reports from CloudKit. Anonymous traffic segment contributions cannot be individually deleted as they contain no user identifiers.

Account deletion: In compliance with Apple App Store Review Guideline 5.1.1(v), Éclair provides in-app account deletion for community profiles. Deleting your account removes all associated data from CloudKit, except carpooling ride records within the legal retention period (12–24 months), which are retained in anonymized form with participant IDs removed.

Under GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15) — Request a copy of your personal data.
Right to rectification (Art. 16) — Correct inaccurate data.
Right to erasure (Art. 17) — Request deletion of your data, subject to legal retention obligations.
Right to restrict processing (Art. 18) — Request that we limit how we process your data.
Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
Right to object (Art. 21) — Object to processing based on legitimate interest.
Right regarding automated decisions (Art. 22) — Éclair's trust score is computed algorithmically from your activity history. You have the right to request human review of trust score decisions that affect your access to features (e.g., carpooling eligibility).
Right to withdraw consent — You may withdraw consent for any optional feature at any time by disabling it in Settings.

To exercise any of these rights, contact support@lorislab.fr. We will respond within one month as required by GDPR Article 12(3). You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) at www.cnil.fr if you believe your data protection rights have been violated.

No Analytics or Tracking

Éclair contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Heol — Email Client Privacy Details

Email Data

Heol connects directly to your email provider via IMAP and SMTP protocols. All email messages, headers, subjects, sender addresses, and metadata are stored locally on your device in an encrypted SQLite database (SQLCipher). LorisLabs never has access to your emails — the app communicates only with your email provider's servers.

Credentials

Your IMAP/SMTP credentials (passwords, OAuth tokens) are stored exclusively in the iOS/macOS Keychain. API keys for optional AI providers are also stored in the Keychain. Credentials are never transmitted to LorisLabs servers.

On-Device AI Processing

Heol uses multiple on-device AI features that run entirely on your device:

Phishing Detection — Uses custom CoreML models to classify email threats. No email content is sent to any server for threat analysis. This is a core privacy guarantee of Heol.
Email Triage — AI priority scoring, category classification, urgency detection, and action item extraction all run on-device via CoreML and Apple Intelligence.
Email Summaries — Generated on-device using Apple's Foundation Models framework when available.

Optional Cloud AI Providers

Heol allows you to optionally configure third-party AI providers (such as Anthropic Claude or OpenAI) using your own API key. If you enable a cloud provider:

Email content (subjects, body text, sender addresses) may be sent to the configured provider for AI processing (summarization, chat, composition assistance).
A clear privacy warning is shown when you first enable a cloud provider.
You can switch back to on-device-only processing at any time.
LorisLabs does not operate these cloud services and has no access to the data you send to them.

Contacts, Calendar, Location, Reminders

Heol requests access to your Contacts (to show sender details), Calendar (to create events from emails), Location (for location-based snooze), and Reminders (to create follow-up tasks). Each permission is requested only when you use the corresponding feature, and all data is processed on-device. LorisLabs never receives this data.

Microphone & Speech Recognition

If you use voice input in Heol's AI chat, audio is processed on-device using Apple's speech recognition. Audio is not recorded, stored, or transmitted to any server.

Data Storage & Encryption

All email data is stored in an encrypted SQLite database (SQLCipher) on your device.
The database encryption key is stored in the Keychain and synced via iCloud Keychain for multi-device access.
iOS Data Protection (completeUntilFirstUserAuthentication) is applied to the database directory.
PDF sanitization output is written to the system temporary directory and cleaned up automatically.
Quarantined phishing emails are stored in a dedicated directory excluded from iCloud backup.

Tracker Blocking

Heol blocks known email tracking pixels and strips EXIF metadata from images displayed in emails. Blocked tracker domains are matched against a locally-stored blocklist — no network requests are made for tracker detection.

End-to-End Encryption (PGP)

Heol supports optional PGP encryption for email content. PGP keys are stored locally on your device and are not synced to iCloud. Encryption and decryption happen entirely on-device.

Data Deletion

You can delete individual emails, clear cached data, or remove entire email accounts at any time within the app. Uninstalling the app removes all associated data from your device, including the encrypted database and Keychain entries.

Analytics & Telemetry

Heol contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Children's Privacy

Most of our Apps do not collect personal information and are suitable for users of all ages. However, certain features in specific apps do involve data collection:

Éclair community features and carpooling: These features require Apple Sign-In and collect personal data (display name, ride history, messages). Community features require users to be at least 16 years old (the digital age of consent in France under CNIL guidelines). Carpooling requires users to be at least 18 years old. Minors under 16 may not create a community profile. Minors aged 16–17 may use community features (incident reporting, traffic sharing) but may not use carpooling.
Synthesis Young Student persona: Includes parental controls and age-appropriate content. See the Synthesis privacy section for COPPA and FERPA details.
All other apps: Do not collect personal information from any users, including children. No account creation is required.

If you are a parent or guardian and believe your child has created a community profile or used carpooling without authorization, please contact us at support@lorislab.fr and we will promptly delete the account and associated data.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Apps or applicable regulations. We will notify users of significant changes through app updates or on our website. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our Apps after changes constitutes acceptance of the revised policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: support@lorislab.fr

Website: Support Page