Last updated: June 2026
IO is designed so there is nothing to retain. Inference happens entirely in memory and is wiped on response. We do not operate a database, logs, analytics, or any persistent storage in the inference path. We do not collect or store IP addresses, device fingerprints, or account data. You arrive anonymous and leave no trace.
Every response includes a signed io_receipt_v1 receipt that attests which model answered and that no prompt was retained. Receipts are verifiable offline against our published Ed25519 public key. We do not store receipts; they are returned to you and you alone.
IO routes prompts to third-party AI models (Gemini Image, GPT Image, Claude, and open-weight models). We redact sensitive data before the model observes it. However, these providers operate under their own policies. We encourage users to review the privacy policies of underlying model providers for full transparency.
Since we retain no data, there is no data to access, correct, or delete. Your privacy is enforced by architecture, not by policy. If you have questions, contact us — though we will not be able to retrieve or identify any past interaction.
Any changes to this policy will be reflected on this page. The last updated date will be revised. Material changes will be announced via our official channels.