Privacy Policy

OpenAlly is a platform for your own on-device AI. The entire AI backend — agent runtime, messaging channels, sessions, skills — runs locally on your phone via an embedded Rust runtime (the cortex-kernel). OpenAlly and TheAppStack do not operate servers that process, store, or transmit your conversations.

We want to be straightforward about this. Almost everything you do in OpenAlly stays on your phone. A few things do leave it — and only when you choose them: an optional account, anonymous crash reports, the ads that keep the app free, and whatever you send to the model provider, channels, or tools you connect. This page walks through each one, plainly, so there are no surprises. OpenAlly is Android-only and free, supported by ads.

Who's responsible. This app and this policy are operated by TheAppStack (Satyajit Pradhan), the data controller for your personal information. You can reach us anytime at [email protected].

No usage analytics. We don't collect analytics or behavioral telemetry about how you use the app. The only data that leaves your device — to us or to our processors — is:

• an optional account record (email, display name, plan) — only if you sign in;
• anonymous crash reports (Firebase Crashlytics); and
• advertising signals, including your advertising ID (Google AdMob).

Each is described in the sections below. The rest — your conversations, SMS Analyser data, Voice Notes, automations, and connections — stays on your phone.

Crash reports (Firebase Crashlytics). When the app crashes, OpenAlly sends a diagnostic report to Google so we can find and fix the problem. A report includes your device model, OS version, app version, a random installation identifier, and the crash stack trace. It does not include your conversations or message content, and we don't use it to identify you personally — but a random installation ID and crash data are still considered personal data under some laws, so we count it here. This data is processed by Google as our processor; crash reporting is enabled as part of using the app under our Terms, and you can turn off Google-level crash and usage sharing in your device settings. You can read more in Google's Crashlytics data disclosure.

OpenAlly accounts are optional — you can use the app without one. If you do create an account, our identity service (hosted on Supabase) stores only your account email, display name, and subscription plan. It never stores your conversations, messages, or any content. You can sign in with email, or with Google, GitHub, Discord, LinkedIn, X, or Spotify. The sign-in session token lives in your device's secure storage.

Signing in also lets you download optional on-device model files (see below) through short-lived signed links — the SMS, audio, and other content on your device is never uploaded when you do. You can delete your account and server-side profile in the app, or via our data deletion request page.

OpenAlly is free, supported by ads through Google AdMob. AdMob and its partners may collect device information (advertising ID, device model, OS version) and ad-interaction data to serve and measure ads. This data is governed by Google's privacy policy. Sharing advertising identifiers for personalized ads counts as a "sale" or "share" under some US state privacy laws — see Your US State Privacy Rights below for how to opt out.

You can opt out of personalized ads on Android under Settings → Google → Ads (turn on "Delete advertising ID" or "Opt out of Ads Personalization"), or manage your ad preferences in your device's Google settings.

You bring your own model. When you connect a provider with your own API key, your messages go to that provider under your key, governed by that provider's own privacy policy. OpenAlly routes the request to the provider you selected — it does not proxy, log, or store those messages. Your use of any provider's service is subject to your agreement with that provider.

Subscription sign-ins. Some providers are connected by signing in with a subscription you already have — for example ChatGPT / OpenAI Codex (via "Sign in with ChatGPT"), GitHub Copilot, Gemini CLI, and Antigravity — using OAuth instead of an API key. When one of these is your active model, your prompts go to that vendor under your own subscription, governed by their privacy policy. OpenAlly stores only the OAuth tokens, sealed in your device's hardware-backed keystore.

Token counts. For Anthropic and Google Gemini models, OpenAlly may call those providers' token-counting endpoints to estimate how large a request is. This sends token counts, not your message content, to the provider you've selected under your own credentials, and results are cached on your device.

Providers you can connect include, for example:

• Cloud providers (your API key): Anthropic (Claude), OpenAI (GPT), Google Gemini / Vertex AI, Amazon Bedrock, NVIDIA (NIM / Nemotron), OpenRouter.
• Subscription sign-ins (OAuth): ChatGPT / OpenAI Codex, GitHub Copilot, Gemini CLI, Antigravity.
• Custom / self-hosted: Ollama and any OpenAI-compatible endpoint you configure.

This list is illustrative, not exhaustive — the exact set may change as we add or remove integrations.

When you choose to download an on-device AI model — for example Gemma, the Whisper voice-transcription model, or the SMS classifier — the model file is fetched over HTTPS from OpenAlly's model storage (Supabase Storage) using a short-lived signed link, which requires a signed-in account. Only the model file is downloaded. None of your prompts, audio, SMS, or other content is uploaded during this process.

When the AI uses a web-search or web-fetch tool, your search query is sent to the search provider you've configured — DuckDuckGo by default, or Brave, Google Custom Search, or SerpAPI if you enable and set them up — and the web-fetch tool requests the target web pages directly. These requests are subject to those providers' and sites' own policies. OpenAlly doesn't log or proxy them.

If you use the in-app Feature Requests or What's New screens, your votes and any feature-request text you submit are stored in OpenAlly's community database (Supabase). Please don't include personal or sensitive information there, since other users may see what you post.

Messages on a connected channel are exchanged directly between your device and that messaging platform — WhatsApp, Telegram, Discord, Slack, Signal, LINE, Google Chat, iMessage, Mattermost, Nextcloud Talk, Twitch, or Zalo. There is no OpenAlly server in between, and those messages are subject to that platform's own privacy policy. OpenAlly processes them on your device to generate replies.

Channel credentials (bot tokens, API keys, account passwords) are sealed in hardware-backed secure storage on your device — the Android Keystore. They are never sent to OpenAlly or TheAppStack.

If you enable the backup feature, your data is encrypted on your device (AES-256-GCM, with a key derived from a 12-word recovery code only you ever see) before it's uploaded to your own Google Drive account. OpenAlly uses Google Drive's app-data scope only, so it can see only its own backup folder — never the rest of your Drive. The recovery code is generated on your device and never sent to us; without it, a backup cannot be decrypted, including by us.

Backups are not deleted when you uninstall the app — if you want them gone, remove them from your Google Drive yourself.

OpenAlly requests device permissions only when needed for features you choose to use:

A lot happens entirely on your phone, with no network involved:

• on-device AI models (Gemma / llama.cpp);
• voice-note transcription (Whisper);
• SMS classification (on-device BERT / NER);
• semantic-search embeddings (MiniLM);
• token estimation;
• image editing (resize, convert, HEIC→JPEG, and stripping EXIF metadata — images are never uploaded); and
• text-to-speech using your device's built-in voices (no cloud voice service).

Your conversations, SMS Analyser data, Voice Notes, automations, and connections are stored only in local on-device databases.

OpenAlly has no server in the path of your conversations. The recipients below are the only parties that receive any data, each for the stated purpose. Your conversations, SMS, and audio are never uploaded to OpenAlly — including when you download an on-device model. The "category" column uses Google Play's collect / share wording so this page lines up with our Data Safety disclosures.

Sensitive credentials — API keys, channel tokens, your backup recovery code — are sealed in your device's hardware-backed keystore (the Android Keystore) and, on disk, are stored only as AES-256-GCM ciphertext. Optional backups are end-to-end encrypted on your device (AES-256-GCM with an Argon2id-derived key) before they're uploaded, using a 12-word recovery code only you hold. Without that code, a backup cannot be decrypted — by anyone, including us.

Most of your data — conversations, settings, credentials, session history — lives on your device, and we keep it only until you delete it or uninstall the app. Uninstalling removes all local data. Backup data stored in your Google Drive is not removed when you uninstall; you'll need to delete it from Google Drive separately.

How long we keep things:

• On-device data is kept until you delete it or uninstall the app.
• Optional account data (email, display name, plan) is kept on our account service until you delete your account or request deletion.
• Server-side deletion requests are processed within about 90 days, with an email confirmation.
• Crash and advertising data are kept by Google under its own policies.

To request deletion of any server-side data associated with your account, visit our data deletion request page.

You can delete your account in the app or via our data deletion request page. You can also ask to access, correct, or get a copy of the limited account data we hold by emailing [email protected]. Because your conversations and most of your data live only on your device, you control them directly — uninstalling removes everything local, though Drive backups have to be deleted separately.

OpenAlly does not sell your personal information for money. That said, our use of Google AdMob to show personalized ads may count as a "sale" or "share" of identifiers (such as your advertising ID) under the California Consumer Privacy Act (CCPA/CPRA) and similar US state laws.

Do Not Sell or Share. You can opt out of personalized advertising by:

• On Android: Settings → Google → Ads, then turning on "Delete advertising ID" or "Opt out of Ads Personalization"; and/or
• emailing [email protected] with the subject line "Do Not Sell or Share."

California residents also have the right to know, delete, and correct their personal information, and the right not to be treated differently for exercising these rights.

If you're in the European Economic Area or the United Kingdom, you have the right to access, correct, delete, restrict, and port your personal data, and to object to its processing. You can withdraw consent at any time, and you can lodge a complaint with your local data protection authority. To exercise any of these, email [email protected].

Our legal bases (Article 6 GDPR):

• your consent — for crash reporting and personalized ads, where consent is required;
• performance of a contract, or steps taken at your request — to provide the app and any optional account features; and
• our legitimate interests — app stability, security, and fraud prevention.

Some of our processors — for example Google, our account and storage provider, and the AI providers you choose — may handle data on servers outside your country, including in the United States. Where required, those transfers rely on appropriate safeguards, such as the EU Standard Contractual Clauses or the relevant provider's certification. Prompts you send to an AI provider are transferred under that provider's own terms and safeguards.

OpenAlly is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided information through the app, please contact us so we can take appropriate action.

This policy is about the OpenAlly app. The website at openally.ai is informational — it doesn't set advertising or tracking cookies. It uses only essential local storage, such as remembering your light or dark theme preference.

This policy is consistent with our Google Play Data Safety disclosures. In Play's terms: advertising ID and ad-interaction data are shared (for advertising); crash diagnostics and your optional account email are collected; and your conversations, SMS, and audio are not collected — they're processed on your device.

If we update this privacy policy, we'll update the "Last updated" date at the top of this page and post the new version here. For material changes that affect how we use your personal data, we'll give you a more prominent heads-up — such as an in-app notice — and, where required, ask for your consent again. We encourage you to check back from time to time.

Questions about this privacy policy? Reach us at [email protected].

TheAppStack — Satyajit Pradhan