Privacy Policy
Last updated: November 2025
OpenCone is a retrieval-augmented generation (RAG) client that lets you search your own documents using OpenAI completions and Pinecone vector search. This policy describes the data flows involved so you understand your privacy controls.
1. On-Device Processing
- Local Sandboxing: Source documents you import (PDFs, DOCX, TXT, images) are copied into the secure application sandbox for indexing.
- Local OCR: Text extraction runs locally on your device using PDFKit, Vision OCR, and native Apple text utilities.
- Background Threading: Embedding generation queues work on a background thread. Local diagnostic logs only record high-level status and anonymized identifiers.
- Keychain Security: Security-scoped bookmarks created for your original files stay on-device and are securely stored in the Keychain.
2. Data Sent Off Device
To perform its core functions, OpenCone transmits data directly from your device to the following services using secure HTTPS connections. No data is routed through or stored on developer-owned servers.
| Destination | Data Sent | Purpose | Notes |
|---|---|---|---|
| OpenAI Responses API | Conversation history (user prompt + retrieved context snippets) | Generate natural-language answers using RAG | Transmitted over HTTPS; stateless on OpenAI's end. No data stored by OpenCone after completion. |
| OpenAI Embeddings API | Chunked text generated from your documents | Produce high-dimensional vector representations | Only the specific text chunks being embedded are transmitted. |
| Pinecone Vector DB | Embedding vectors and metadata (document ID, file name, up to 200-char preview) | Similarity search and retrieval | Encrypted in transit; metadata excludes raw document bodies. |
3. Keys & Authentication
- User-Provided Credentials: You supply your own OpenAI and Pinecone API keys via the in-app onboarding flow.
- Keychain Storage: Stored credentials are saved in the Secure Enclave-backed iOS Keychain and are never shared with the developer or third parties.
- Build Guard: A release build guard blocks application launch if these keys are missing, ensuring your configuration is safe.
4. Retention & Deletion
- Document Removal: Removing a document in OpenCone deletes the sandbox copy and requests deletion of associated vectors from your Pinecone index.
- Clearing History: Clearing conversation history removes cached completions. Requests to OpenAI are stateless.
- Application Reset: You can completely clear all local data, preferences, and Keychain secrets from Settings → Advanced → Reset App.
5. Analytics & Tracking
- OpenCone does not include or utilize third-party analytics, tracking SDKs, or advertising libraries.
- Only local diagnostic logs (viewable in the Logs tab) are retained on-device for user troubleshooting.
6. User Consent & Transparency
- In-app Disclosures: The first time you import a file, OpenCone explicitly explains that it creates a sandbox copy and may upload derived text to your configured OpenAI and Pinecone services.
- Privacy Reset: Users can reset credentials, conversation history, and security-scoped bookmark consents via the "Reset Stored Keys & Preferences" panel at any time.
7. Contact
For privacy questions or data deletion requests, contact support at: gunnarguy@me.com or gunnarguy@me.com.