Privacy Policy

Octoryn LLM is operated by Octopus Core Pty Ltd (“Octopus Core”, “we”, “us”). We provide a secure AI workspace — chat, voice agents, and on-device inference — across web, mobile, and desktop. This Privacy Policy explains what data we collect, how we use it, and the choices you have. It applies to app.octopusos.dev, the Octoryn LLM iOS and Android apps, and the Octoryn LLM desktop client.

We collect only what we need to operate the service:

• Account data — your email address, display name, and an opaque user identifier from our OIDC identity service at id.octopusos.dev. We never see or store your password.
• Conversation content — the messages, attached images, and voice audio you send during a session. We forward this to the language model you have selected (Anthropic, OpenAI, Google, or our on-device LiteRT runtime) so it can produce a response.
• Memory you opt in to — small structured notes you ask Octoryn to remember across sessions. You can list, recall, or revoke them at any time from Profile → Memory.
• Audit and evidence chain — for each response we record a cryptographic hash of the inputs, outputs, and policy decisions so you (or your team admin) can replay any run for compliance review. The chain stores hashes, not the raw content.
• Operational telemetry — error reports and crash stack traces (via Sentry), latency and success-rate metrics. These are scrubbed of personally-identifying content before storage.
• Device and connection metadata — IP address, OS, app version, and locale. Used for abuse prevention and routing.

• We do not sell your prompts, conversations, or model outputs.
• We do not train any AI model on your data. Conversations are forwarded to upstream model providers under their no-training terms (where available); your BYOK keys go directly to your chosen provider without ever touching ours.
• We do not read your messages to build advertising profiles. Octoryn does not show ads.
• We do not request your contacts, location, calendar, or health data.

• To operate the service — route your messages to the model you chose, return the response, and persist your conversation thread.
• To enforce safety policies — our governance layer (KSI / NSI / RIS) checks inputs and outputs against abuse and risk rules. The check itself happens server-side; results are stored as audit hashes.
• To provide audit and replay — every response is hash-linked to the evidence chain so you can prove what was said and why.
• To improve reliability — anonymized error reports and aggregate latency metrics help us catch outages and regressions.
• To bill — usage tokens are counted per tenant for invoicing.

We share data only in these narrow cases:

• Model providers — Anthropic, OpenAI, Google. Your messages are forwarded so the model can respond. Octopus Core does not authorize these providers to train on your inputs; check each provider’s data-use terms for the latest commitments.
• Realtime media — voice audio for Voice mode is streamed through LiveKit infrastructure under our control.
• Crash reporting — anonymized stack traces go to Sentry.
• Payment processing — Stripe handles all card data; we never see card numbers. Mobile (iOS / Android) does not currently support in-app purchases.
• Legal — we will disclose data when required by an enforceable legal demand from Australian or applicable foreign authorities, and will challenge demands that look overbroad.

• Account data is stored in our identity database in Sydney (ap-southeast-2).
• Conversation content is stored encrypted at rest in the same region; we keep it until you delete it from Profile → Account → Delete data.
• Audit hashes are retained for the lifetime of your account so the evidence chain stays intact.
• Crash reports auto-delete after 90 days.

• Access and download — request an export of your data from Profile → Account → Export.
• Delete — request account deletion from Profile → Account → Delete. Your conversations and memory are removed within 30 days; audit hashes (which contain no readable content) are retained for integrity of the evidence chain.
• Memory revocation — delete individual memory points from Profile → Memory at any time.
• BYOK — bring your own API key for upstream providers. With BYOK enabled, your prompts are sent directly to the provider with your key; we route but never log the prompt body.
• Permissions — microphone, camera, and photo access are requested only when you trigger the corresponding feature. iOS and Android Settings let you revoke any permission at any time.

Octoryn is not directed at children under 13 (or the equivalent age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has signed up, contact us and we will delete the account.

Our services are operated from Sydney, Australia. Model providers we forward to may process data in the United States or the European Union. By using Octoryn you consent to those transfers under the relevant standard contractual clauses.

All transport is HTTPS via system-provided TLS. Identity tokens are short-lived JWTs signed with rotated RSA keys. Database storage is encrypted at rest. We disclose security incidents through our status page and direct email to affected accounts within 72 hours of confirmation.

We will post material changes to this page and update the effective date. Substantial changes will be announced in-app and by email at least 14 days before they take effect.

Privacy questions: [email protected]
Postal address: Octopus Core Pty Ltd, Sydney NSW, Australia
ACN 696 931 236 · ABN 28 696 931 236