ASTRA

Privacy Policy.

Effective: May 24, 2026 · iOS edition

The short version. Saved readings live on your phone only. The text of the question you ask is sent through our backend to the AI provider (OpenAI) so it can write the reply — that is the one thing that leaves your device. No account, no email, no name, no contacts, no location, no advertising or analytics SDKs.

1. Who we are

Astra (on iPhone, App Store name "Astra: Six Voices, One Reply") is a personal-oracle app published by CodeEnsis Ltd. ("we", "our", "us"). This policy explains what Astra collects, what it transmits, and the rights you have.

If you arrived here from our Android app under the same brand, that product is a separate application with a different data flow — its privacy policy lives at codeensis.com/astra/privacy.

2. What Astra stores on your device

The following data lives only on your phone, in the app's private storage, and is never transmitted to CodeEnsis:

The voice you last picked (e.g. Stoic).
Saved readings — the question you asked, the reply you received, the voice that wrote it, the language, and a timestamp. Saving is explicit; nothing is saved until you tap the bookmark.
The text of the conversation you are in right now, until you start a new one or close it. Each conversation is at most ten replies long.
An anonymous per-device daily-quota counter (today's count of new questions; resets at local midnight).
A small set of preferences: whether you finished onboarding, whether you've seen the ritual hint, whether the OS review prompt has been shown.

If you uninstall Astra, all of this is removed with the app. There is nothing for us to delete on a server, because we never had it.

3. What is sent to our backend

When you tap Ask, Astra calls a CodeEnsis Cloud Function. The request contains:

The text of your current question.
The text of any earlier turns in the same conversation (so the voice can continue coherently).
The identifier of the voice you picked (e.g. stoic).
Your app locale (e.g. en-US), so the reply is in the right language.
An anonymous opaque identifier, used purely to enforce a per-device daily quota that protects the AI endpoint from abuse. The identifier is not linked to your name, email, or any device identifier we control. It is not used to build a profile of you.

What is not sent: your name, email, contacts, location, advertising identifier, photo library, microphone, camera, the device model or operating-system version beyond what the network stack reveals, or anything written into a different conversation.

4. The AI provider

To generate a reply, our Cloud Function calls OpenAI (currently the gpt-4o-mini model). The prompt contains: the system instructions that define the voice you picked, the prior turns of the current conversation, and your latest question. It contains nothing that could be used to identify you to OpenAI.

OpenAI's data handling for API traffic is described at openai.com/policies/privacy-policy. CodeEnsis has commercial API terms with OpenAI under which prompts and outputs are not used to train OpenAI models.

5. The shared reply cache

For the first message of a new conversation, the AI output is cached server-side, keyed by the normalised question text + voice + locale. If a different user asks a near-identical question with the same voice in the same language, the cached reply is returned without a second AI call. The cache contains no user identifier and no personal information. Follow-up turns within a conversation are not cached, because they depend on the conversation history.

6. What Astra does not collect

No real name, email, phone number, password, or social login.
No advertising identifiers. No third-party advertising SDKs.
No analytics or crash-reporting SDKs in the current release.
No contacts, location, microphone, camera, or photo-library access.
No precise device location. No background activity.

7. Permissions Astra asks for

Notifications (optional) — to deliver any local reminders you have explicitly enabled. Reminders are scheduled locally on your device; no remote push servers are used. You can revoke this permission at any time in iOS Settings.

8. Children

Astra is rated 12+ on the App Store and is not directed at children under 13. We do not knowingly collect data from children under 13.

9. Your rights

Because there is no account and we hold no profile of you, the exercise of your rights is straightforward:

Access / portability: Saved readings are visible in Library. They live on your device and are visible to you directly.
Deletion: Uninstalling Astra removes all of your data, because all of it is local. There is no server-side profile to delete. If you would like written confirmation that nothing is held about you, write to [email protected] — we will reply.

10. Data retention

On-device data is retained until you uninstall the app or clear it from app settings. The shared anonymous reply cache is retained for up to 30 days. The anonymous per-device quota counter resets daily and is overwritten in place.

11. Sensitive content

The text of the question you choose to send is the substance of the AI request. Please do not include information you would not want a third party (OpenAI, as described above) to process. Astra is for reflection and not a confidential medium.

12. Changes to this policy

We may update this policy as Astra evolves. Material changes will be reflected here with an updated "Effective" date above. Continuing to use Astra after a change means you accept the updated policy.

13. Contact

Questions or requests about this policy: [email protected]. A human reads every message.