Privacy Policy

Last updated: April 2026

Introduction

LorisLabs ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how our applications — Clasp, TypeMetrics, Moi, Lumen for Frigate, CoreShield AI, Sinkhole, Synthesis, Éclair, and ProofCheck (collectively, the "Apps") — handle your information. Our guiding principle is simple: your data belongs to you, and it stays on your device, except where specific community or verification features require otherwise and only with your explicit opt-in.

By using our Apps, you agree to the practices described in this policy.

Data Controller

The data controller for all personal data processed through the Apps is:

LorisLabs
LorisLabs Team
Email: [email protected]
Website: https://lorislab.fr

LorisLabs has not appointed a Data Protection Officer (DPO) as the scale of our data processing does not meet the thresholds set by GDPR Article 37. For any data protection inquiries, please contact us at [email protected].

Lawful Basis for Processing

For the limited data processing activities in our Apps, we rely on the following lawful bases under GDPR Article 6(1):

Website Analytics

We use Umami, a privacy-friendly, open-source analytics tool that we self-host on our own servers. If you accept analytics when visiting our website:

Learn more about Umami's privacy practices at umami.is.

Information We Collect

We collect minimal to no personal data. Our Apps are designed with a privacy-first architecture, meaning we have no servers collecting your information, no user accounts, and no analytics SDKs embedded in our code.

Specifically, we do not collect:

The only information we may receive is anonymized, aggregated data from Apple (such as crash reports and install counts) through Apple's App Analytics program, which you can opt out of in your device settings.

How Our Apps Work

All of our Apps are built to process data entirely on your device. There is no cloud component, no remote database, and no server infrastructure operated by LorisLabs for user data.

On-Device Data Storage

Your data — clipboard history, text snippets, typing statistics, AI conversations, camera feeds, network logs, and all other app content — is stored locally on your device using Apple's SwiftData framework and system-level encrypted storage. When you delete an app, all associated data is removed from your device.

On-Device AI Processing

AI-powered features in our Apps (such as content classification in Clasp, posture analysis in TypeMetrics, and threat detection in CoreShield AI) run on-device using Apple's CoreML framework. No data is sent to external servers for AI processing unless you explicitly choose to use an optional cloud-based AI provider.

App-Specific Details

Filova — Music Transfer Privacy Details

Filova transfers playlists between music services. It has no server: matching runs entirely on your device, and your data is sent only to the music service you choose, via that service's official API, to perform the transfer you requested. LorisLabs does not receive, store, or retain your playlists, listening data, or account credentials.

Services You Connect

You sign in to each service only when you choose to (Apple Music via Apple's MusicKit; TIDAL, YouTube Music, and Spotify via OAuth). Access tokens are stored in the device Keychain and are never transmitted to LorisLabs. You can disconnect any service at any time in Filova's Settings, which deletes its cached authorization from your device.

YouTube Data

When you connect YouTube Music, Filova uses the YouTube API Services. By using this feature you agree to the YouTube Terms of Service, and Google's handling of your data is described in the Google Privacy Policy.

Filova requests the https://www.googleapis.com/auth/youtube authorization solely to act on your own YouTube account, at your request: to read the titles of your playlists so you can pick one to transfer, and to create a new playlist and add the matched videos to it. Filova never posts, comments, subscribes, deletes, rates, or modifies anything you did not explicitly initiate, and never accesses other users' data. YouTube data is used only to perform the transfer you asked for and is not stored by Filova or LorisLabs.

You can revoke Filova's access to your Google account at any time at myaccount.google.com/permissions. Filova's cached YouTube authorization is removed from your device when you disconnect the service or delete the app.

The Vault

Before each transfer, Filova saves a local snapshot of the resolved playlist on your device (so a transfer can always be undone). These snapshots are stored locally and are not transmitted to LorisLabs.

No Analytics or Tracking

Filova contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics, which you can opt out of in your device settings.

Synthesis — Education App Privacy Details

Data Storage

All user content in Synthesis — including notes, notebooks, pages, flashcards, drawings, templates, study statistics, and attachments — is stored locally on your device. When iCloud sync is enabled (opt-in), data is synced across your devices using Apple's CloudKit framework with Apple's end-to-end encryption. LorisLabs never has access to your synced data.

On-Device AI

Synthesis uses Apple's Foundation Models framework (available on Apple Silicon devices running iOS 26+) for AI-powered features including summarization, flashcard generation, quiz creation, and writing assistance. All AI processing occurs entirely on your device. No prompts, notes, or generated content are transmitted to LorisLabs or any third party.

If you choose to configure an optional third-party cloud AI provider (such as OpenAI or Anthropic), data you send to those services is governed by their respective privacy policies. This feature is off by default, requires your explicit configuration, and API keys are stored securely in the iOS/macOS Keychain.

Device Permissions

Synthesis may request the following permissions, each used solely for on-device functionality:

No Analytics or Tracking

Synthesis contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. We do not collect usage patterns, session data, feature usage statistics, or any behavioral data. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Children's Privacy & Education Compliance

Synthesis offers a "Young Student" persona designed for learners under 13, which includes parental controls and age-appropriate content. Because Synthesis processes all data on-device with no data collection by LorisLabs:

iCloud Sync

When you enable iCloud sync in Synthesis (disabled by default), your data is synced using Apple's CloudKit with the following protections:

Clasp — Clipboard & Semantic Search Privacy Details

Data Accessed On-Device

Clasp v2.6 accesses the following data types. All processing and storage occurs entirely on your device. LorisLabs never receives, transmits, or has access to any of this data.

Semantic Search & Embeddings

Clasp generates text embeddings (vector representations) of your indexed content using Apple's on-device NaturalLanguage framework. These embeddings are stored in a local SQLite database on your device and are used exclusively for semantic search. Embeddings cannot be reverse-engineered into the original text. No embeddings or search queries are transmitted to any server.

Optional Cloud AI Features

Clasp allows you to optionally configure a third-party AI provider (such as OpenAI) by providing your own API key. If you enable this feature:

Device Permissions

Clasp requests system permissions only when you enable the corresponding feature. Each permission is used solely for on-device functionality:

iCloud Sync

Clasp supports iCloud sync for clipboard items, snippets, and settings across your devices using Apple's CloudKit framework. When enabled, data is encrypted in transit and at rest by Apple. LorisLabs cannot access your synced data. You can disable sync at any time in the app's settings.

Data Retention & Deletion

All Clasp data — clipboard history, audio recordings, semantic search indexes, and embeddings — is stored locally on your device. You can delete individual items, clear all history, or remove specific source indexes at any time within the app. Uninstalling the app removes all associated data from your device.

No Analytics or Tracking

Clasp contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

GDPR Compliance

As no personal data is collected or processed by LorisLabs, your GDPR data subject rights (access, rectification, erasure, portability, restriction of processing, and the right to object) are inherently satisfied — all data resides on your device under your exclusive control. You are the sole data controller. If you use the optional cloud AI integration, the third-party AI provider acts as an independent data controller for data you send to their service, and their own GDPR policies apply.

Sinkhole — DNS Firewall Privacy Details

How Sinkhole Works

Sinkhole creates a local-only VPN tunnel on your iPhone using Apple's NEPacketTunnelProvider framework. The VPN tunnel connects to 127.0.0.1 (localhost) — it does not route your traffic through any external server. DNS queries are intercepted, checked against a locally-stored blocklist, and either blocked (returning an NXDOMAIN response) or forwarded to your configured upstream DNS provider (e.g., Cloudflare, Quad9, or Google).

Data Stored On-Device

Sinkhole stores the following data exclusively on your device in a local SQLite database:

No Cloud Dependency

Sinkhole operates entirely on your device. There is no LorisLabs server, no user account, no analytics, no telemetry, and no cloud processing of any kind. DNS queries are resolved by forwarding to your chosen upstream DNS provider (Cloudflare, Quad9, Google, or a custom DoH server) — LorisLabs never sees or processes your DNS traffic.

Network Extension & VPN

Sinkhole requires the iOS VPN permission to function. This is a technical requirement of Apple's platform — there is no other way to intercept DNS queries system-wide on iOS. The VPN is local-only:

iCloud Sync (Optional)

When enabled, Sinkhole syncs custom rules, blocklist source URLs, and settings (upstream DNS URL, operating mode, home DNS IP) across your devices using Apple's iCloud Key-Value Store. This sync includes:

DNS query logs are never synced to iCloud. iCloud sync is disabled by default and can be toggled in Settings.

LAN Server Mode

In LAN Server mode, Sinkhole runs a local DNS server on your iPhone (UDP port 5053 and TCP port 8443). Other devices on your network can use your iPhone as their DNS resolver. DNS queries from these devices are logged locally on your iPhone with the querying device's LAN IP address. No data leaves your local network.

No Analytics or Tracking

Sinkhole contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Children's Privacy

Sinkhole does not collect personal information from any users, including children. The app is suitable for users of all ages. No account creation is required.

CoreShield AI — Network Security Privacy Details

How CoreShield AI Works

CoreShield AI is a macOS network security application that uses Apple's Network Extension framework to inspect network traffic locally on your Mac. All threat analysis runs on-device using Apple's CoreML framework. CoreShield AI does not route your traffic through any external server operated by LorisLabs.

Data Collected and Stored On-Device

Device Permissions

CoreShield AI requests the following system permissions, each used solely for on-device security functionality:

On-Device AI

Threat detection and traffic classification in CoreShield AI use Apple's CoreML framework. All AI models run entirely on your Mac. No network traffic data, DNS queries, or security events are sent to external servers for AI processing unless you explicitly configure an optional cloud AI provider with your own API key.

No Analytics or Tracking

CoreShield AI contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

404 Network — Network Diagnostics Privacy Details

How 404 Network Works

404 Network is a comprehensive network diagnostics toolkit. It performs ping, traceroute, port scanning, DNS lookups, speed tests, device discovery, and security audits — all directly from your iOS device. Network operations are executed on-device using system APIs (ICMP sockets, NWConnection, URLSession, mDNS/Bonjour).

Data Stored On-Device

Community Speed Map (Opt-In)

404 Network includes an optional Community Speed Map feature. When explicitly enabled in Settings → Community → "Share Speed Results", the following anonymized data is shared via Apple CloudKit:

Community sharing is disabled by default. No personal identifiers (name, email, device ID) are included. Data is stored in a CloudKit public database accessible to other 404 Network users for comparing ISP performance.

Location Data

404 Network requests location permission for two purposes:

Location data is never stored in full precision. Community map coordinates are always rounded to a ~500m grid before transmission.

Bluetooth

The BLE Scanner feature uses CoreBluetooth to discover nearby Bluetooth Low Energy devices. Device names, UUIDs, RSSI, and GATT profiles are stored locally. No Bluetooth data is transmitted to any server.

Network Extensions

404 Network includes optional VPN/content filter extensions for traffic inspection and packet capture. These extensions operate locally — no traffic is routed through external servers. The VPN tunnel connects to localhost for on-device packet analysis.

Speed Test

Speed tests download and upload data from Cloudflare's speed test infrastructure (speed.cloudflare.com). This is a direct connection between your device and Cloudflare — LorisLabs does not operate or have access to any speed test server. Cloudflare's privacy policy applies to their infrastructure.

No Analytics or Tracking

404 Network contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Third-Party Services

While our Apps themselves do not transmit data to third parties, certain optional features and external services may be involved:

Apple App Store

Our Apps are distributed through the Apple App Store. Apple may collect information related to your purchase and download activity in accordance with Apple's Privacy Policy. In-app purchases and subscriptions are processed entirely by Apple — we do not receive or store your payment information.

Optional AI API Providers

Some of our Apps (Clasp and Moi) allow you to optionally configure third-party AI providers such as OpenAI or Anthropic (Claude) by providing your own API keys. If you choose to enable these integrations:

Apple App Analytics

We may receive anonymized, aggregated analytics from Apple about app usage (crash reports, install counts). This data cannot identify individual users. You can opt out by navigating to Settings > Privacy > Analytics on your device.

Data Security

We leverage Apple's built-in security infrastructure to protect your data:

Face Data (Lumen for Frigate)

Lumen for Frigate includes face recognition features that allow you to register and identify known people in your camera feeds. This section explains how face data is collected, used, and stored.

What Face Data Is Collected

When you use the face recognition feature, you may upload photographs of people from your device's photo library to your self-hosted Frigate NVR server. These photographs are used by your Frigate server to identify known people in camera feeds. The Lumen app acts solely as a client — it transmits the photos you select directly to your own server and displays face thumbnails retrieved from it.

How Face Data Is Used

Face data is used exclusively for the purpose of identifying known people in your camera feeds on your self-hosted Frigate NVR. The app displays face thumbnails and recognition results fetched from your server. LorisLabs does not process, analyze, or perform any computation on face data — all face recognition processing occurs on your own Frigate NVR hardware.

Third-Party Sharing

Face data is never transmitted to LorisLabs, Apple, or any third party. All face images and recognition data remain exclusively on your self-hosted Frigate NVR server, which you own and control. The app communicates only with your server over your local network or VPN — no relay servers or intermediaries are involved.

Storage Location

All face data is stored on your self-hosted Frigate NVR server. The Lumen app does not persistently store face images on your Apple device beyond standard temporary URL caching managed by the operating system.

Data Retention

Face data persists on your Frigate NVR server until you choose to delete it. You can delete individual face images or entire face registrations at any time through the Lumen app or through Frigate's web interface. LorisLabs has no ability to access, modify, or delete your face data as it resides entirely on hardware you control.

Your Control

You have full control over your face data at all times. You can add, view, and delete face registrations directly within the app. The face recognition feature is optional and requires your explicit action to register any face photographs.

Éclair — EV Navigation Privacy Details

Location Data

Éclair requires location permission for navigation and route planning. Your location data is processed entirely on your device and is never transmitted to LorisLabs. Location history is stored locally in SwiftData for trip analytics and driving statistics. You can delete individual trips or clear all location history at any time within the app.

Vehicle Data

Éclair connects to your electric vehicle through multiple methods:

Charging Station Data

Éclair searches for charging stations using the Open Charge Map API. Search queries contain your approximate location to find nearby chargers. No personal identifiers are included in these requests. Charger results are cached locally.

Parking Features

Éclair searches for nearby parking using third-party APIs:

Parking search count is tracked locally for freemium gating purposes and is never transmitted.

Traffic Data Collection

Éclair includes a community traffic intelligence system. When traffic data sharing is enabled in Settings:

Traffic data sharing can be disabled at any time in Settings.

Community Features & Incident Reporting

Éclair includes opt-in community features that require Apple Sign-In:

Community features are disabled by default and require explicit opt-in and Apple Sign-In.

Carpooling (Preview)

Éclair includes an optional carpooling feature, labeled as "Preview", that facilitates cost-sharing rides between users. This feature is structured as non-commercial ride-sharing (covoiturage) in compliance with French Transport Code Article L3132-1.

Carpooling is off by default, requires explicit opt-in in Settings, and requires an active community profile with Apple Sign-In.

AI Features

Éclair's three-tier AI system processes data as follows:

Cross-Border Data Transfers

When you enable community features, data is stored in Apple CloudKit, which may process and store data on servers located outside the EU/EEA. Apple provides appropriate safeguards for international data transfers under GDPR Articles 44–49. See Apple's Privacy Policy for details.

If you connect your vehicle via SmartCar, data is transmitted to SmartCar Inc. (US-based). See SmartCar's Privacy Policy. If you use optional cloud AI providers (Anthropic, OpenAI), data is transmitted to US-based servers and is subject to their respective privacy policies.

For on-device-only usage (the default), no personal data is transferred outside your device.

CarPlay

When used with CarPlay, Éclair displays navigation and charge information on your vehicle's display. No additional data collection occurs through CarPlay beyond what is described above.

Device Permissions

Éclair requests the following permissions, each used solely for on-device functionality:

Location Permission Justification

Éclair requests "Always" location permission (rather than "When In Use") for the following specific reasons:

You can change location permission to "When In Use" or revoke it entirely at any time in iOS Settings > Privacy & Security > Location Services > Éclair. Background trip recording and traffic collection will not function without "Always" permission, but all other features remain available.

Data Retention

Éclair retains data for the following periods:

Data Deletion & GDPR Rights

You can delete your community profile, ride history, incident reports, and all local data at any time within the app. Deleting your community profile removes your profile record, associated trust score events, and incident reports from CloudKit. Anonymous traffic segment contributions cannot be individually deleted as they contain no user identifiers.

Account deletion: In compliance with Apple App Store Review Guideline 5.1.1(v), Éclair provides in-app account deletion for community profiles. Deleting your account removes all associated data from CloudKit, except carpooling ride records within the legal retention period (12–24 months), which are retained in anonymized form with participant IDs removed.

Under GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, contact [email protected]. We will respond within one month as required by GDPR Article 12(3). You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) at www.cnil.fr if you believe your data protection rights have been violated.

No Analytics or Tracking

Éclair contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Heol — Email Client Privacy Details

Email Data

Heol connects directly to your email provider via IMAP and SMTP protocols. All email messages, headers, subjects, sender addresses, and metadata are stored locally on your device in an encrypted SQLite database (SQLCipher). LorisLabs never has access to your emails — the app communicates only with your email provider's servers.

Credentials

Your IMAP/SMTP credentials (passwords, OAuth tokens) are stored exclusively in the iOS/macOS Keychain. API keys for optional AI providers are also stored in the Keychain. Credentials are never transmitted to LorisLabs servers.

On-Device AI Processing

Heol uses multiple on-device AI features that run entirely on your device:

Optional Cloud AI Providers

Heol allows you to optionally configure third-party AI providers (such as Anthropic Claude or OpenAI) using your own API key. If you enable a cloud provider:

Contacts, Calendar, Location, Reminders

Heol requests access to your Contacts (to show sender details), Calendar (to create events from emails), Location (for location-based snooze), and Reminders (to create follow-up tasks). Each permission is requested only when you use the corresponding feature, and all data is processed on-device. LorisLabs never receives this data.

Microphone & Speech Recognition

If you use voice input in Heol's AI chat, audio is processed on-device using Apple's speech recognition. Audio is not recorded, stored, or transmitted to any server.

Data Storage & Encryption

Tracker Blocking

Heol blocks known email tracking pixels and strips EXIF metadata from images displayed in emails. Blocked tracker domains are matched against a locally-stored blocklist — no network requests are made for tracker detection.

End-to-End Encryption (PGP)

Heol supports optional PGP encryption for email content. PGP keys are stored locally on your device and are not synced to iCloud. Encryption and decryption happen entirely on-device.

Data Deletion

You can delete individual emails, clear cached data, or remove entire email accounts at any time within the app. Uninstalling the app removes all associated data from your device, including the encrypted database and Keychain entries.

Analytics & Telemetry

Heol contains no analytics SDKs, no tracking pixels, no advertising frameworks, and no telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

ProofCheck — Device Verification Privacy Details

What ProofCheck Is

ProofCheck is a device-inspection and verification app for iPhone, iPad, Mac, and Apple Vision Pro. It runs a battery of diagnostic tests on the local device (sensors, battery, storage, warranty status, etc.), combines them into a "trust score", and produces a report that a seller can share with a buyer via a short code or link. Unlike most LorisLabs apps, ProofCheck does collect and transmit personal data by design, because the product purpose is for a buyer to verify a seller's device across the internet. This section explains exactly what is collected, why, where it is stored, and how you can delete it.

Data We Collect

Where Your Data Is Stored

What Is Shared Publicly When You Share a Report

When a seller generates a share code, a report copy is written to the CloudKit public database so a buyer can fetch it. We minimize what is placed in the public record. Publicly-shared records expire automatically and are periodically purged.

Third-Party Verification Pages

ProofCheck also supports a web-viewer flow where a buyer without the app scans a QR code and opens https://lorislab.fr/verify#<fragment>. The entire report payload travels in the URL fragment (which never leaves the buyer's browser and is not sent to our server logs). The page performs integrity verification in-browser using JavaScript. No personally-identifying fields are transmitted to LorisLabs beyond standard web-server access logs (IP, User-Agent) which are retained for 30 days for security purposes.

Account Deletion and Data Erasure

In compliance with Apple App Store Review Guideline 5.1.1(v) and GDPR Article 17 (right to erasure), ProofCheck provides in-app account deletion. From Settings → Account you can:

If Delete All My Data encounters any record it cannot delete (e.g., due to iCloud being unavailable), you will be informed and can retry when connectivity is restored.

Retention

Device Permissions

No Analytics or Tracking

ProofCheck contains no third-party analytics SDKs, no tracking pixels, no advertising frameworks, and no behavioral telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Children's Privacy

ProofCheck is not directed at children under 13 and we do not knowingly collect personal information from children. In the EU, Sign in with Apple requires users to be at least the digital age of consent in their member state (16 in France under CNIL guidelines).

Velya — Smart Alarm Privacy Details

What Velya Is

Velya is a smart alarm app for iPhone (with Apple Watch, Mac, and widget companions) built on Apple's AlarmKit framework. Its purpose is to wake you reliably — breaking through silent mode, Do Not Disturb, and Focus — and to run optional automations around your alarms. Velya is a privacy-first, on-device app: it requires no account, no sign-in, and LorisLabs operates no server that receives your data. App Privacy: Data Not Collected.

Data Stored On Your Device

Optional Remote Control (Self-Hosted)

Velya includes an optional feature for advanced users to trigger or reschedule alarms remotely — for example from a home-automation system. This requires you to run your own self-hosted relay server. You provide a server address and an access token (which you generate on your own server) in Settings; the token is stored in the iOS Keychain on your device. All communication is between your device and your own server. LorisLabs does not operate any relay or backend, and receives no data through this feature. The app is fully functional without it.

Notifications

With your permission, Velya sends local notifications before alarms and when your automations run. On iOS versions before 26 (where AlarmKit is unavailable), notifications are also used as the wake mechanism.

Device Permissions

No Analytics or Tracking

Velya contains no third-party analytics SDKs, no tracking pixels, no advertising frameworks, and no behavioral telemetry. The only information we may receive is anonymized, aggregated data from Apple's App Analytics program, which you can opt out of in your device settings.

Children's Privacy

Most of our Apps do not collect personal information and are suitable for users of all ages. However, certain features in specific apps do involve data collection:

If you are a parent or guardian and believe your child has created a community profile or used carpooling without authorization, please contact us at [email protected] and we will promptly delete the account and associated data.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Apps or applicable regulations. We will notify users of significant changes through app updates or on our website. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our Apps after changes constitutes acceptance of the revised policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Website: Support Page