Privacy Policy

Implicit is a voice-first personal AI assistant that lets you ask questions, take actions, and review past conversations. The App is built by Toma Itagaki, a solo developer based in the United States, operating under the name "Implicit Labs". We are not currently incorporated as a legal entity. For the purposes of GDPR, CCPA, and similar regulations, Toma Itagaki is the data controller.

• Data controller: Toma Itagaki (Implicit Labs)
• Privacy contact: toma@implicitlabs.ai
• Country: United States

We never store your voice. Audio captured by the microphone is held only in memory long enough to convert it to text — typically a few seconds. The audio buffer is then discarded. We do not write it to disk on your device, do not upload it to our servers for storage, and do not retain a copy anywhere after transcription completes. Only the resulting text transcript is kept.

2.1 Information you give us

• Email address — when you sign in via one-time password (OTP)
• Audio recordings of your microphone input — held in memory only, transcribed to text, then immediately discarded (see callout above)
• Text input you type into the App
• Prompts and conversation content — the questions, instructions, and follow-ups you send to the assistant
• Feedback you submit via thumbs-up / thumbs-down ratings and optional notes

2.2 Information collected automatically

• A unique user identifier issued by Supabase (a UUID) when you sign in
• Anonymous device identifier before you sign in, generated locally by our analytics SDK
• Product analytics events describing how you use the App — for example: app opens, sign-in completion, messages sent (and whether you used voice or text), navigation between Chat / Topics / Days views, feedback submissions
• Session recordings in the form of wireframe representations of the App's UI — these capture the structural layout, your taps, and your gestures. Recordings do not include screenshots, photos, or images. Form fields where you enter your email address or one-time password are masked. Message bubbles (the text of what you ask and what the assistant replies) are currently not masked during the dogfood beta phase, and we are working to mask them before the App ships publicly.
• Device and app metadata — iOS version, app version, build configuration, timezone, locale, hour-of-day, day-of-week

2.3 Information we do not collect

• We do not track you across other apps or websites
• We do not share data with advertising networks
• We do not collect precise location, contacts, calendars, photos, or HealthKit data unless we explicitly ask for permission and you grant it in a future feature

We use the information described above to:

• Authenticate you and keep you signed in across launches
• Process your audio and text input into AI-generated responses
• Improve the quality of voice transcription, AI responses, and the App's interface
• Diagnose bugs and crashes
• Measure adoption, retention, and feature usage across our beta testers
• Respond to your feedback and support requests

We do not sell your personal information.

When you send a prompt:

1. If you spoke it, your audio is transcribed using either Apple's on-device speech recognition or, optionally, a cloud transcription service (Deepgram, accessed via our backend). The audio is held in memory for the duration of transcription and then discarded — we do not write voice recordings to disk and do not retain a copy on our servers after the transcript is returned.
2. The transcribed text is sent to Anthropic's Claude API to generate a response. Anthropic retains this data only as needed to provide the service and per their own privacy policy: anthropic.com/legal/privacy.
3. The response is streamed back to your device, optionally synthesized into speech via ElevenLabs, and stored locally. We retain a copy on our backend servers (Supabase) so you can review past conversations across devices.

We do not use your prompts or responses to train AI models. Anthropic and the other model providers do not train on data sent through their commercial APIs by default.

We use the following service providers to operate the App. Each one may process some of your data on our behalf.

We do not sell or rent your data to anyone. We may share data with these providers as necessary to operate the App, with law enforcement when legally compelled, or with a successor entity in the event of a corporate transaction.

The App is currently in beta via Apple TestFlight. While in beta:

• Session replay is enabled, capturing wireframe representations of your usage
• Crash and event data is sent to our internal dashboards
• Some features may not behave reliably; please report issues to toma@implicitlabs.ai or via the in-app feedback prompts
• We may invite or remove testers at any time

When the App leaves beta and ships on the App Store, we will reduce session-replay coverage and update this policy.

No warranties or liability during alpha and beta. The App is provided "AS IS" and "AS AVAILABLE" during alpha and beta testing. To the maximum extent permitted by law, we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. We are not liable for any direct, indirect, incidental, consequential, special, or punitive damages, or for any loss of data, profits, or use, arising out of your participation in alpha or beta testing of the App. By installing or using a TestFlight build you acknowledge it is pre-release software and accept these terms.

• Conversation history — retained until you delete it from the App or request deletion
• Audio recordings — discarded immediately after transcription, never written to disk
• Analytics events — retained for up to 12 months on PostHog
• Session replay recordings — retained for up to 90 days on PostHog
• Authentication tokens — refreshed automatically; expire when you sign out or delete the App

To request deletion of all data tied to your account, email toma@implicitlabs.ai with the email address you signed up with. We will respond within 30 days.

Depending on where you live, you may have the right to:

• Access the data we hold about you
• Correct inaccurate data
• Delete your data
• Restrict or object to processing
• Receive your data in a portable format
• Opt out of "sale" or "sharing" of personal information (we do not sell or share for advertising)

To exercise any of these rights, email toma@implicitlabs.ai.

If you are in the EEA, UK, or Switzerland, you may also lodge a complaint with your local data protection authority. If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights — see above; we will honor them on request.

The App is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at toma@implicitlabs.ai and we will delete it.

We use industry-standard practices to protect your data: TLS for data in transit, at-rest encryption from our cloud providers, and least-privilege access controls. No system is perfectly secure; if we discover a breach affecting your data, we will notify you in accordance with applicable law.

If you use the App outside the United States, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (or equivalent safeguards) for transfers from the EEA, UK, and Switzerland.

We will update this policy as the App evolves. We will revise the "Last updated" date at the top of this page. For material changes (for example, adding a new category of data we collect), we will notify you in the App or by email before the change takes effect.

Privacy questions, deletion requests, or anything else: toma@implicitlabs.ai.

Toma Itagaki (Implicit Labs)
United States