Privacy policy

Lore is an AI-first meeting companion built to turn walking meetings, phone calls, and in-person conversations into useful work product. This privacy policy explains what information we collect when you use the Lore iOS app, the web app at app.uselore.ai, or the marketing site at uselore.ai, why we collect it, who we share it with, and the choices you have.

Lore is operated by Lore Labs, Inc. (“Lore,” “we,” “us,” or “our”). If you have questions at any point, reach us at privacy@uselore.ai.

Information we collect

We collect only what we need to run the product. Below is every category of data Lore handles today.

• Audio recordingsRecordings you capture through the Lore iOS app or web client, stored encrypted at rest in our managed object storage. You can delete individual recordings at any time from the app.
• Transcripts and derived contentText transcripts generated from your recordings, along with AI-derived artifacts such as action items, decisions, summaries, mindmaps, and notes.
• Account and profile informationEmail address, name, and profile picture returned by your chosen authentication provider (email/password, Google, or Sign in with Apple).
• Google Calendar dataIf you connect Google Calendar, we request the calendar.readonly scope and read event titles, start and end times, attendee email addresses, meeting URLs, and event identifiers so we can show your upcoming schedule and match recordings to meetings.
• OAuth tokensRefresh and access tokens from connected providers. Tokens are encrypted with AES-256-GCM before being written to our database.
• Device push tokensApple Push Notification Service tokens so we can notify you when recordings are ready, when new action items are captured, or when collaborators share work with you.
• Health and motion dataIf you grant permission, Lore reads step count, distance, and walking activity during an active recording session. This is used on-device and in aggregate summaries to help you reflect on your walking meetings. You can deny or revoke this permission in iOS Settings at any time.
• User-created contentNotes, tasks, spaces, mindmaps, documents, and any sharing links you create inside the product.
• Product analyticsAnonymous or pseudonymous interaction events (pages viewed, features used, performance metrics) so we can understand what works and improve the product. Analytics can be disabled; see “Your choices” below.
• Device and log informationBasic technical information such as device model, operating system version, app version, IP address, and crash diagnostics. We use this to debug issues and keep the service reliable.

Why we collect it

• To provide the service. Audio, transcripts, calendar events, and user-created content power the core experience.
• To authenticate you. Account and profile information tells us who you are and protects your data from unauthorized access.
• To generate intelligence. Transcripts are processed by AI providers to produce summaries, action items, and decisions.
• To communicate with you. Push tokens and email let us send product notifications and account messages.
• To improve reliability. Logs and diagnostics help us fix bugs and keep the service running.
• To comply with law. Where legally required, we will process and retain data to meet our obligations.

Who we share it with

We do not sell your personal data. We share data only with vetted service providers (“subprocessors”) who help us run the product, and only to the extent needed to provide the service. All subprocessors are bound by written agreements that require appropriate security and privacy protections.

We do not share your recordings or transcripts with advertisers. We do not use your content to train third-party foundation models beyond the transient inference calls required to produce the result you asked for.

How long we keep it

• Recordings and transcripts — retained until you delete them or delete your account.
• User-created content — notes, tasks, mindmaps, and documents persist until you delete them or delete your account.
• Account and profile data — retained while your account is active and deleted within 30 days of account deletion, except where we are required to retain records longer (for example, tax or fraud prevention).
• OAuth tokens — held as long as the integration is connected. Revoking the integration destroys the tokens.
• Logs and diagnostics — kept for up to 90 days, then automatically purged.
• Backups — encrypted backups may persist for up to 30 days after deletion before rolling off.

Your choices and rights

You have control over your data. Depending on where you live, some of the rights below are legal requirements (see the CCPA and GDPR sections); we extend them to all users because it is the right thing to do.

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to fix information that is wrong or out of date.
• Deletion — delete your account directly from the app. On iOS and web, go to Settings → Danger zone → Delete account. This permanently removes your recordings, transcripts, notes, tasks, and profile. The action is irreversible.
• Portability — export your recordings and transcripts via the iOS share sheet or contact us for a bulk export.
• Opt out of analytics — disable analytics at any time from Settings inside the app.
• Revoke integrations — disconnect Google Calendar or any other integration from Settings. We delete the associated tokens when you do.

To exercise any of these rights, email privacy@uselore.ai. We will respond within 30 days.

Security

We use industry-standard safeguards to protect your data: TLS in transit, encrypted storage at rest, AES-256-GCM for sensitive secrets, strict row-level security on database access, and the principle of least privilege for internal access. No system is perfectly secure, but we take our responsibility seriously and will notify you promptly if we ever learn of a breach that affects your data.

Children’s privacy

Lore is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@uselore.ai and we will delete it promptly, in compliance with the Children’s Online Privacy Protection Act (COPPA).

International transfers

Lore is operated from the United States. If you use the product from outside the United States, your information will be transferred to, processed in, and stored in the United States. By using Lore you consent to this transfer. Where required we rely on appropriate safeguards such as Standard Contractual Clauses for data exported from the European Economic Area, the United Kingdom, or Switzerland.

Cookies

The marketing site at uselore.ai uses only essential, session-only cookies needed to operate the site and remember your waitlist submission. We do not use third-party advertising cookies on the marketing site. The web app uses authentication cookies that are strictly necessary to keep you signed in.

California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act gives you specific rights over your personal information:

• Right to know — request the categories and specific pieces of personal information we have collected about you.
• Right to delete — request that we delete personal information we collected from you, subject to narrow exceptions.
• Right to correct — request correction of inaccurate information.
• Right to opt out of sale or sharing — we do not sell or share personal information in the way the CCPA defines those terms. There is nothing to opt out of, but if that ever changes we will update this policy and provide a clear opt-out mechanism.
• Right to non-discrimination — we will not deny you service, charge different prices, or provide a different level of service because you exercised any of these rights.

To exercise California rights, email privacy@uselore.ai with “California privacy request” in the subject line. We may need to verify your identity before fulfilling the request.

European residents (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation and equivalent laws give you the following rights:

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with your local supervisory authority

The legal bases we rely on to process your data are: consent (for example, when you grant access to your microphone, health data, or calendar), performance of a contract (providing the service you signed up for), legitimate interest (improving product reliability and security), and legal obligation (where applicable). You may withdraw consent at any time, though doing so may limit what Lore can do for you.

To exercise these rights or contact our data protection point of contact, email privacy@uselore.ai.

Changes to this policy

We may update this privacy policy from time to time. When we make material changes we will notify you in the app and by email to the address on your account before the changes take effect. The “last updated” date at the top of this page reflects the most recent revision. Continuing to use Lore after an update means you accept the revised policy.

Contact us

Questions, concerns, or requests? Reach out:

• Privacy: privacy@uselore.ai
• Legal: legal@uselore.ai
• Support: support@uselore.ai