#Privacy & Your Data
The short version: your data is yours, it stays yours, and nobody else gets to rummage through it. The long version follows, because privacy deserves more than a slogan.
#What It Does
ambientChat takes a fundamentally simple position on privacy: the data you put into the app belongs to you, is accessible only to you, and exists to serve you. There's no advertising model, no data marketplace, and no shadowy third party getting a copy of your grocery receipts.
Your inventory, documents, chat history, and location data are stored in a secure cloud account protected by Firebase Authentication and Firestore security rules. These rules enforce that each user can only read and write their own data — not just as a policy, but as a technical constraint enforced at the database level. Even if someone managed to guess your document IDs, the database itself would refuse to hand over the data. It's like having a bank vault that checks your ID at the molecular level.
When you talk to the AI, your context (inventory, location, conversation history) is sent to whichever AI provider you've selected — OpenAI, Google Gemini, or Anthropic Claude — to generate a response. This is necessary for the AI to be useful, but the data is sent per-request and is subject to each provider's data handling policies. You control which AI provider you use and what context is shared.
#How to Use It
#iOS App
#Reviewing Your Privacy Settings
- Go to Account (tap your profile icon)
- Scroll to Privacy
- Here you can review:
- What data is collected and stored
- Which AI providers receive your context
- Your current context sharing settings
#Managing Context Sharing
- Go to Account > Context Sharing Settings
- You'll see a list of any brands or partners that have requested access to your inventory context
- For each, you can:
- Allow — share your relevant inventory data with that partner
- Deny — block the partner from seeing any of your data
- Review — see exactly what data would be shared before deciding
- By default, nothing is shared with any third party. You opt in explicitly, not out.
#Using the Privacy Assistant
- Go to Account > Privacy
- Tap Privacy Assistant
- The AI explains ambientChat's privacy policy in plain, conversational language
- Ask follow-up questions: "What happens to my location data?" or "Who can see my inventory?"
- The Privacy Assistant answers based on the actual privacy policy — no lawyer-speak, no fine print, just straight answers
#Exporting Your Data
You can download a complete copy of everything ambientChat knows about you at any time. See the Data Export & Import guide for full details.
- Go to Account > Data Export/Import
- Tap Export My Data
- Download your ZIP archive
#Deleting Your Account
If you want to leave and take nothing with you:
- Go to Account > Delete Account
- Read the warning carefully — this is genuinely permanent
- Confirm deletion
- All your data is permanently removed: inventory, documents, conversations, preferences, location history, everything
There is no "undo" for account deletion. Export your data first if you might want it later.
#Via Chat
You can ask the AI about your privacy:
- "What data does ambientChat collect about me?"
- "Who can see my inventory?"
- "Is my location data shared with anyone?"
- "What happens to my data if I delete my account?"
- "Explain the privacy policy to me."
#Tips & Tricks
- Review context sharing settings periodically. If you've granted access to a brand or partner and no longer want to share, revoke it at any time. Permissions are easy to grant and just as easy to remove.
- Export your data before deleting your account. Account deletion is a one-way door. If there's even a chance you'll want your data later, download the JSON export first. You can always delete afterward, but you can't un-delete.
- The Privacy Assistant is genuinely useful. Rather than trying to parse a legal privacy policy, just ask the AI to explain it to you. It answers in plain language, based on the actual policy, and you can ask follow-ups until you're satisfied.
#Options
| Setting | What It Does | Default |
|---|---|---|
| Context Sharing | Controls whether any third parties can see your inventory data | Off (no sharing) |
| AI Provider | Which LLM provider receives your context for chat responses | Gemini |
| Background Location | Whether location data is recorded (see Location Trails guide) | Off |
| Privacy Assistant | AI-powered plain-language privacy explainer | Available in Account > Privacy |
#What Data Is Collected
Here's a transparent breakdown:
| Data Type | Stored Where | Who Can Access |
|---|---|---|
| Inventory items | Firebase (your account) | Only you |
| Documents (receipts, manuals, etc.) | Firebase (your account) | Only you |
| Chat history | Firebase (your account) | Only you |
| Location trails (if enabled) | Firebase (your account) | Only you |
| Beacon visit history | Firebase (your account) | Only you |
| AI provider interactions | Sent per-request to selected provider | You + AI provider (per their policies) |
| Usage metrics | Aggregate analytics | anonymized, not personally identifiable |
| Account info (email, auth) | Firebase Authentication | Firebase infrastructure |
#What Is NOT Collected
- Your data is not sold to third parties. Ever.
- There is no ad targeting based on your inventory or location.
- Your specific items, documents, and conversations are not used to train AI models by ambientChat. (Individual AI providers have their own training data policies — review them if this matters to you.)
- No third party gets your data by default. Context sharing is strictly opt-in.
#Known Limitations
- AI providers receive your context per-request. When you ask a question, the selected AI model (OpenAI, Gemini, or Claude) receives the context needed to answer. This is how AI works — it needs your data to help you. Each provider has its own data retention and training policies, which are outside ambientChat's control.
- Aggregate analytics are collected for service improvement. Things like "how many users scanned a barcode today" or "average response time for chat queries." These are anonymized and don't identify you personally, but they do exist.
- Account deletion is irreversible. Once deleted, your data cannot be recovered. There is no 30-day grace period, no recycle bin, no "are you really sure?" email three weeks later. It's gone.
- Firebase security rules are the enforcement layer. Privacy isn't just a promise — it's enforced by database rules that physically prevent cross-user data access. But like any system, it depends on correct configuration. Security rules are regularly reviewed and tested.
#Version History
| Version | Date | What Changed |
|---|---|---|
| 1 | 2026-03-01 | Initial guide |