Privacy Policy

Last updated: June 9, 2026

Bloom Street LLC ("Bloom Street," "we," "us," or "our") operates Osera, a personal AI application and related services, including the iPhone app, desktop daemon, backend services, admin systems, and website at osera.io. This Privacy Policy explains what information we collect, how we use it, where it may be processed, and the choices you have.

Osera is designed to be personal. That means it can process sensitive context, including messages, health signals, location, calendar events, reminders, photos metadata, contacts, files, voice notes, music context, and data from connected accounts when you choose to grant access.

1. AI and Safety Disclosure

Osera is powered by artificial intelligence. You are not talking to a human, therapist, doctor, lawyer, financial advisor, emergency service, or crisis counselor. AI responses can be inaccurate, incomplete, inappropriate, or unexpectedly personal because they are generated from your conversation and context.

Do not use Osera for emergencies. If you may harm yourself or someone else, call or text 988 in the United States, contact local emergency services, or reach a trusted person immediately. Osera may show crisis resources when our systems detect self-harm or crisis language, but those systems are not guaranteed to detect every emergency.

2. Information We Collect

2.1 Account and Authentication

• Email address, optional name, authentication identifiers, verification codes, and Sign in with Apple identifiers.
• Subscription tier, billing status, referral or campaign attribution, invite codes, and related account metadata.

2.2 Messages, Memory, and Personalization

• Messages you send, AI responses, reactions, cards, shared-space messages, polls, notebook/capture content, journal entries, to-dos and task lists, and related metadata.
• Derived memory, relationship context, entities, life threads, episodic summaries, goals, preferences, communication style, and proactive-notice state.
• Tool results used to answer you, such as calendar reads, reminder reads, web results, file contents, email snippets, weather, place results, or connected-service results.

2.3 Files, Images, Camera, and Photos

• Files, images, screenshots, documents, profile photos, and shared-space attachments that you upload or share with Osera.
• Camera captures when you choose to take a photo inside the app.
• If photo context is enabled, Osera scans non-hidden Photos library metadata on device and may send photo dates, media type, favorite/edit status, subtypes, durations, GPS coordinates from photo metadata, Vision scene labels, face counts, and summary statistics. Actual library images and facial identities are not uploaded by the photo-context scan.
• When you explicitly upload or attach a photo, that uploaded image itself is sent to our storage and may be processed as part of the conversation or feature you used.
• When you share or describe meals, food photos or text descriptions may be analyzed into structured nutrition data such as detected food items, estimated calories, and macronutrients, which may be stored to power food and wellness features.

2.4 Apple Health and Fitness Data

If you enable Apple Health sync and grant HealthKit access, Osera reads workouts, sleep, sleep stages when available, steps, active energy, exercise minutes, distance, flights climbed, resting heart rate, heart-rate variability, and cardio fitness.

When sync is enabled, Osera sends two layers to our backend:

• Derived categorical states such as recovery, strain, readiness, routine stability, workout recency, and routine-disruption flags.
• A daily numeric snapshot that may include sleep start/end, sleep duration, sleep stage minutes, resting heart rate, HRV, steps, active energy, exercise minutes, and latest same-day workout type/start/duration.

We use this data for morning cards, briefings, chat answers, pattern recognition, and proactive check-ins. HealthKit data is not sold, used for advertising, used for marketing data mining, or shared with data brokers. Relevant health context may be sent to AI providers when needed to answer you or generate a proactive message.

2.5 Location, Weather, and Places

• With location permission, Osera may collect latitude, longitude, accuracy, timestamp, timezone, city, country, and permission level.
• With When In Use access, Osera refreshes location while the app is active or when a user action needs fresh context.
• With Always access, Osera may use Apple significant-location-change and visit monitoring. These are OS-driven arrival/departure signals, not continuous GPS polling.
• Osera derives place profiles, home/work/routine clusters, movement state, likely destinations, trip state, and location-aware proactive reasons.
• WeatherKit data may be fetched from your current location and stored as the latest weather context in Apple-data sync rows.

2.6 Calendar, Reminders, Contacts, and Connected Accounts

• Calendar sync reads upcoming events, including title, start/end time, all-day status, and location. Current iOS code reads roughly the next 90 days.
• Reminder sync reads incomplete reminders, including title, due date, and priority, and may create or complete reminders when you ask.
• Contact access may read names, phone numbers, email addresses, and birthdays for contact discovery and relationship context. Osera may match synced contacts against existing Osera users and create contact-match suggestions.
• Osera may create calendar events, reminders, contacts, playlists, or other records only when a feature or command asks the device to perform that action and the relevant permission is granted.
• If you connect Google, Microsoft, email, JMAP, Composio, or other integrations, Osera stores connection metadata and the tokens or credentials needed to act on your behalf. Disconnecting an integration revokes future access for that integration.
• If you add ICS calendar feed URLs, we store the URL, fetch and parse events, and refresh the feed periodically.

2.7 Voice, Audio, Speech, and Music

• Voice notes you record are uploaded and stored so they can be delivered and played in the app.
• Osera may generate assistant audio or TTS voice notes and store playback references.
• Speech recognition is used for local and streaming transcription experiments or voice features when enabled.
• Apple Music access may read library and recently played context to build a music taste profile. ShazamKit-style recognition may identify songs and store recognition results. Raw music-recognition audio is not stored as a music profile.

2.8 Desktop Daemon and Local Workers

If you use the Mac desktop daemon, Osera may process daemon status, worker installation and health, local command results, machine connection state, logs, and local integration outputs. Some desktop flows can access local tools or Apple services on your Mac only after local OS permission or user setup. The desktop app is intended as a setup and worker dashboard, not the primary chat surface.

2.9 Device, Usage, Analytics, and Diagnostics

• Device identifiers, app version, OS version, push tokens, notification state, connection events, sessions, errors, latency, token counts, model/provider usage, cost estimates, and feature interactions.
• Website page views, referrers, UTM parameters, approximate country from IP geolocation, waitlist submissions, SMS waitlist opt-in status, and cookie-consented advertising measurement where applicable.
• Feedback messages, screenshots, recordings, and diagnostic context you submit.

3. Apple Permission Strings and App Permissions

The current iOS app declares permission use for Health sharing and updating, location When In Use and Always, photo library read/write and add-only save, camera, microphone, speech recognition, calendars, reminders, contacts, Apple Music, notifications, WeatherKit, Sign in with Apple, associated domains, Live Activities, and communication notifications.

Permissions can be revoked through iOS Settings. Turning off an Osera toggle or revoking an OS permission stops new collection for that feature, but it does not automatically delete data already synced to our backend unless the feature specifically offers deletion or you delete your account.

4. How Data Reaches AI Providers

To generate responses, route tools, summarize context, create proactive messages, process files, or power voice features, Osera may send relevant information to third-party AI providers. This can include your message, previous conversation context, memory, files, image attachments, tool results, calendar/reminder context, location/weather/place context, photo-derived context, health and nutrition context, and connected-service results.

Current provider families in code include Anthropic, Google Gemini, MiniMax, DeepSeek, xAI/Grok, OpenAI, Groq, Moonshot/Kimi, Mistral, Together, DeepInfra, Fireworks, and OpenRouter. OpenRouter is an aggregator that may route a request to additional downstream model providers, primarily when our direct providers are unavailable. Provider order can change through configuration for reliability, quality, cost, or latency. These providers and infrastructure may process data in the United States, European Union, China, or other jurisdictions.

We do not intentionally send your account password, payment card number, OAuth tokens, API keys, or integration credentials to AI providers as prompt context. We do not currently guarantee redaction of personal information you include in messages, files, or tool results before they are sent to AI providers.

5. How We Use Information

• Operate Osera, authenticate users, sync devices, generate AI responses, execute requested actions, and maintain memory and personalization.
• Deliver proactive check-ins, notifications, cards, briefings, meeting prep, relationship context, location-aware suggestions, health-aware moments, and other contextual features.
• Provide connected-service functionality such as calendar, reminders, contacts, email, files, music, weather, desktop daemon control, and local workers.
• Process billing, enforce usage limits, prevent abuse, debug errors, improve reliability, and monitor system health.
• Communicate with you about authentication, support, feedback, important service changes, and policy changes.

5.1 Subscription, Consumption Tracking, and Pricing Changes

Osera is a paid subscription at $20 per month. We will notify you before any price change takes effect.

We measure your usage of the service (including message counts, voice minutes, attachment volume, tool invocations, and model/provider token consumption) to operate billing, enforce plan limits, prevent abuse, and give you visibility into how much of the service you have used.

6. How We Share Information

We do not sell personal information. We share information only as needed to run Osera, at your direction, or where legally required.

• AI providers: receive prompts, context, files, images, tool results, and other relevant data needed to generate or process output.
• Backend and infrastructure providers: host databases, workers, object storage, authentication, email delivery, DNS, content delivery, observability, and deployments.
• Integration providers: process account connections, OAuth flows, connected-service calls, email/calendar/productivity actions, and local worker commands.
• Payment processors: process subscription payments. We receive subscription identifiers and status, not full card numbers.
• Website and SMS providers: process waitlist, support, analytics, consent, and SMS delivery. SMS opt-in data is not shared with third parties for marketing or promotional use.
• Legal and safety recipients: when required by law, court order, government request, safety issue, abuse investigation, merger, acquisition, or with your consent.

7. Retention and Deletion

Account deletion: You can request deletion in the app where available or by contacting privacy@osera.io. The backend starts a multi-phase deletion process that removes high-volume user tables, remaining account-linked tables, tokens, credentials, devices, contacts matches, health rows, photo rows, location rows, memory rows, and the user record. Some records may be anonymized instead of deleted where other users depend on shared context.

Known deletion limitations: Current code notes that some underlying authentication-provider records may not be deleted by the Convex account-deletion flow, and some file object-storage blobs may require separate lifecycle or cleanup beyond deleting database records. We will continue tightening this path and will update this policy when enforcement changes.

8. Security

• Data in transit is encrypted with TLS.
• Device authentication tokens are stored in the iOS Keychain where applicable.
• API keys and provider credentials are kept server-side, not shipped in the app.
• We use access controls, guarded operational scripts, and deployment separation for development and production systems.

Osera does not currently provide end-to-end encryption for conversations, and we cannot guarantee that any internet-connected service or third-party provider is perfectly secure.

9. Legal Bases for EEA/UK Users

• Contract: account operation, messages, AI responses, sync, billing, and requested features.
• Consent: HealthKit, location, photo library, camera, microphone, speech recognition, contacts, calendar, reminders, Apple Music, notifications, integrations, cookies, and similar permissioned features.
• Legitimate interests: security, fraud prevention, debugging, reliability, product analytics, and service improvement.
• Legal obligation: tax, accounting, compliance, and lawful requests.

10. Your Choices and Rights

• Revoke device permissions in iOS Settings or macOS System Settings.
• Turn off in-app toggles for features such as health sync, photo context, and location where available.
• Disconnect integrations, remove credentials, delete files where the product exposes deletion, or request account deletion.
• Reply STOP to opt out of waitlist SMS messages, or HELP for help. Message and data rates may apply.
• Contact privacy@osera.io to request access, correction, deletion, export, restriction, objection, or consent withdrawal. We aim to respond within 30 days.

California users have the right to know, delete, correct, and opt out of sale/share as provided by applicable law. We do not sell personal information.

11. Cookies and Website Tracking

The Osera app does not use advertising SDKs. The website may use server-side analytics without cookies for page views, referrers, UTM parameters, and approximate country. With consent, advertising measurement tools may set cookies or pixels to measure campaign effectiveness. You can reject or clear cookies through browser controls and the consent banner where available.

12. Children

Osera is not intended for users under 18 or the age of majority in their jurisdiction. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information, contact privacy@osera.io.

13. Changes to This Policy

We may update this policy as Osera changes. When changes are material, we will update the date above and use reasonable notice such as email, in-app notice, or website notice.

14. Contact

Bloom Street LLC
Email: privacy@osera.io

Effective as of June 9, 2026.