Privacy Policy
Last updated: May 2026
OpenCone is a cloud-hybrid retrieval client that parses documents locally, sends chunk text to OpenAI and Pinecone for the retrieval path, and uses the OpenAI Responses API for grounded answers. This policy describes those data flows so you can understand the privacy boundary clearly.
1. On-Device Processing
- Local Sandboxing: Source documents you import (PDFs, DOCX, TXT, images) are copied into the secure application sandbox for indexing.
- Local OCR: Text extraction runs locally on your device using PDFKit, Vision OCR, and native Apple text utilities.
- Background Threading: Embedding generation queues work on a background thread. Local diagnostic logs only record high-level status and anonymized identifiers.
- Keychain Security: Security-scoped bookmarks created for your original files stay on-device and are securely stored in the Keychain.
2. Data Sent Off Device
To perform its core functions, OpenCone transmits data directly from your device to the following services using secure HTTPS connections. No data is routed through or stored on developer-owned servers.
| Destination | Data Sent | Purpose | Notes |
|---|---|---|---|
| OpenAI Responses API | Conversation history (user prompt + retrieved context snippets) | Generate natural-language answers using RAG | Transmitted over HTTPS. OpenCone may retain local answer history until you clear it, but no developer-owned server is involved in the request path. |
| OpenAI Embeddings API | Chunked text generated from your documents | Produce high-dimensional vector representations | Only the specific text chunks being embedded are transmitted. |
| Pinecone Vector DB | Embedding vectors and metadata (document ID, file name, up to 200-char preview) | Similarity search and retrieval | Encrypted in transit; metadata excludes raw document bodies. |
3. Keys & Authentication
- User-Provided Credentials: You supply your own OpenAI and Pinecone API keys via the in-app onboarding flow.
- Keychain Storage: Stored credentials are saved in the Secure Enclave-backed iOS Keychain and are never shared with the developer or third parties.
- Build Guard: A release build guard blocks application launch if these keys are missing, ensuring your configuration is safe.
4. Retention & Deletion
- Document Removal: Removing a document in OpenCone deletes the sandbox copy and requests deletion of associated vectors from your Pinecone index.
- Clearing History: Clearing conversation history removes cached responses and local answer history. Requests to OpenAI remain direct API calls rather than developer-proxied state.
- Application Reset: You can completely clear all local data, preferences, and Keychain secrets from Settings → Advanced → Reset App.
5. Analytics & Tracking
- OpenCone does not include or utilize third-party analytics, tracking SDKs, or advertising libraries.
- Only local diagnostic logs (viewable in the Logs tab) are retained on-device for user troubleshooting.
6. User Consent & Transparency
- In-app Disclosures: The first time you import a file, OpenCone explicitly explains that it creates a sandbox copy and may upload derived text to your configured OpenAI and Pinecone services.
- Privacy Reset: Users can reset credentials, conversation history, and security-scoped bookmark consents via the "Reset Stored Keys & Preferences" panel at any time.
7. Contact
For privacy questions or data deletion requests, contact support at: gunnarguy@me.com or gunnarguy@me.com.