Legal

Privacy Policy

Last updated: June 2026 · We review and update this policy at least annually.

1. Who we are

parry is operated by Anomaly Labs LLC, a Washington (USA) limited liability company. "parry" is a DBA (doing-business-as) name for Anomaly Labs LLC. Where this policy uses "we", "our", or "us", it refers to Anomaly Labs LLC.

Contact:support@parryai.app
Mailing address: Anomaly Labs LLC, 6335 180TH Pl NE Unit 125, Redmond, WA 98052

This policy covers the parry iOS application and the parryai.app marketing website.

2. What we collect, why, and on what legal basis

We try to collect the minimum amount of personal data we need to run parry. The table below summarizes what we collect, why, and (for users in the European Economic Area, the United Kingdom, and Switzerland) the lawful basis we rely on under the GDPR / UK GDPR.

2.1 Identifiers

• Anonymous user identifier (UUID): created the first time you open the app. Used to store your custom tone presets and subscription state on our servers. There is no account attached to it: if you reinstall parry or switch devices, your Pro subscription and custom tones are recovered through your App Store purchase receipt (Restore Purchases), not through this identifier. Stored by Supabase. Lawful basis: Art. 6(1)(b) contract.
• Subscription state: whether you are on the Free or Pro tier, your renewal date, and your purchase history. Managed by RevenueCat. Lawful basis: Art. 6(1)(b) contract; Art. 6(1)(c) for tax/accounting retention.
• Usage-limit counters (fraud prevention): a random device identifier (free tier) and, for Pro subscribers, the Apple transaction identifier for the subscription, each kept with a daily count of generations. Neither record links to an account or contains personal details. We keep them so that daily limits cannot be reset by deleting data and reinstalling, and they survive in-app data deletion (see Section 14). Lawful basis: Art. 6(1)(f) legitimate interests: preventing circumvention of usage limits.

2.2 Message context (transient, not stored by us)

• Text and images you submit for reply suggestions are transmitted to Anthropic, the provider of the Claude™ AI model, for processing.
• We do NOT store your message content or images on our servers. They are forwarded to Anthropic, the AI generates suggestions, and we discard the input as soon as the response is returned to you.
• Anthropic processes the data on our behalf as our processor. Anthropic's published policy states it automatically deletes inputs and outputs from its backend within 30 days of receipt or generation (see Anthropic's data-retention article). For content that violates Anthropic's Usage Policy, Anthropic may retain inputs and outputs for up to 2 years and safety classification scores for up to 7 years.
• Your data is NOT used to train AI models. Anthropic's commercial terms expressly prohibit training on customer content (Commercial Terms §B).
• Lawful basis: Art. 6(1)(b) contract; generating the suggestion is the service you requested. If your prompt contains special-category data (health, religion, sexual orientation, etc.) we additionally rely on your explicit consent (Art. 9(2)(a)) captured by the in-app AI consent dialog.

2.3 Generation metadata (not your messages)

When you generate a reply suggestion, we log the following metadata to monitor service health, enforce rate limits, and improve the app:

• Anonymous user identifier
• Tone selection (one of the built-in tones, or a flag indicating a custom tone was used)
• Whether a custom tone was used (boolean)
• Input length (character count only, not the text)
• Number of responses generated
• Response latency
• AI model used
• Whether an image was attached (yes/no, not the image)
• Timestamp of the request

Generation metadata does not include your message content or images. Custom tone presets you create yourself (name + style description) are stored server-side so the AI can apply them; you can delete them at any time. Lawful basis: Art. 6(1)(f) legitimate interests: operating, securing, and improving the service. We have weighed this interest against your privacy and consider it proportionate.

2.4 Voice input

parry offers an optional voice-input mode for composing prompts. On iOS, speech recognition runs on your device using Apple's Speech framework, with SFSpeechRecognizer.requiresOnDeviceRecognition set to true. Audio never leaves your device. It is not transmitted to Apple, to parry, or to any other third party. If your device or language does not support on-device recognition, parry simply will not transcribe; it never silently falls back to server-based recognition. Only the resulting transcript text is sent onward, and only if you tap Generate (in which case it goes to Anthropic for AI processing under the same policies described in §2.2 above). Lawful basis: Art. 6(1)(b) contract.

Android support for parry is not yet available. When it ships, we will re-evaluate the on-device guarantee against the equivalent Android speech-recognition APIs and update this section before users encounter the feature on that platform.

2.5 Error reports and diagnostics

We use Sentry to capture errors and crashes so we can fix them. Sentry receives:

• Error reports (exception type, message, stack trace, file/line) at the moment of failure
• Breadcrumbs (categorized records of recent actions, such as a generation event, a purchase or restore attempt, or a voice-module load, used to understand what led up to an error)
• Your anonymous user identifier (so we can group repeated errors from the same user)
• Device metadata (model, OS version, app version, locale)

We do not send message content, images, or voice transcripts to Sentry. Lawful basis: Art. 6(1)(f) legitimate interests: debugging, security, and service integrity.

2.6 What we do NOT collect

• Your name or email address (parry has no sign-in or registration)
• Your phone number
• Your contacts
• Your location
• Your photo library beyond images you explicitly attach to a prompt
• Messages or conversations outside of what you explicitly submit
• Health, biometric, or precise-location data
• Government-issued identifiers
• Financial account credentials (purchases are handled by Apple)

3. Subprocessors: who else handles your data

We use the following third-party services to operate parry. Where a service holds personal data on our behalf, it acts as our processor under GDPR (and as our "service provider" under CCPA). We have data-processing agreements with each. We do not sell or share your personal data, and the services below are not authorized to use your data for their own purposes.

Linked privacy policies: Apple, Anthropic, Supabase, RevenueCat, Sentry.

4. Data retention

5. How to exercise your rights

Depending on where you live, you have some or all of the rights below. We honor them regardless of jurisdiction, to the extent operationally possible.

• Access: request a copy of the personal data we hold about you
• Rectification / correction: ask us to correct inaccurate data
• Erasure / deletion: ask us to delete the data we hold about you
• Restriction: ask us to limit processing in specific circumstances
• Portability: receive your data in a structured, commonly-used machine-readable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: if processing is based on your consent (including the AI consent given via the in-app dialog), withdraw it at any time without affecting prior lawful processing
• Not be subject to solely automated decisions: parry's reply suggestions are drafts; we do not make decisions about you with legal or similarly significant effects
• Lodge a complaint with a supervisory authority: if you are in the EEA or UK, see Section 11 for how

How to request:

• In-app: tap Delete data at the bottom of the Settings screen (for deletion).
• Email:support@parryai.app for any request.

We may ask you to verify your identity before we can act on a request (for example, by asking you to respond from inside the app). We aim to respond within 30 days. For complex requests, we may extend by up to 60 additional days and will tell you if that is needed. If we deny a request, we will explain why and how to appeal. See Section 6.

If you are in California, you may designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization (such as a signed permission letter from you) and to verify your identity directly with us.

6. Appeals

Several U.S. state privacy laws (Virginia, Colorado, Connecticut, and others) give you a right to appeal if we decline a privacy request. To appeal, reply to our denial email or write to support@parryai.app with "Privacy appeal" in the subject line. We will respond within 60 days. If we deny your appeal, you may also be able to complain to your state attorney general.

7. AI and automated processing

parry uses an AI system (specifically, Anthropic's Claude) to generate reply suggestions based on the message context you submit. You are always the decision-maker: parry presents suggestions; you choose which (if any) to send, you can edit before sending, and you send via your device's own messaging app.

Because the suggestions are drafts that you control, parry does not make decisions about you that produce legal or similarly significant effects within the meaning of GDPR Article 22. This disclosure also satisfies the transparency obligation under EU AI Act Article 50(1), which becomes applicable on 2 August 2026: when you use parry's generation feature, you are interacting with an AI system.

8. Children

parry is intended for users who are at least 13 years old. We do not direct parry to children under 13, and we do not knowingly collect personal data from anyone under 13. If we learn that we have collected personal data from a user under 13, we will delete it promptly without requiring proof of identity beyond what is reasonably necessary to identify the relevant data.

If you believe a child under 13 has provided us personal information, please email support@parryai.app.

Users aged 13–17

If you are between 13 and 17, you may use parry only with the awareness of a parent or guardian. We encourage parents and guardians to review this Privacy Policy and our Terms of Service with you. parry's reply suggestions are AI-generated drafts, not advice. Some suggestions may not be appropriate for your situation, and you are responsible for what you choose to send. Don't share personal information (your full name, school, address, phone number, photos, financial information) in your prompts. If a conversation feels unsafe, talk to a trusted adult or contact help: in the US, call or text 988 (Suicide & Crisis Lifeline) or text HOME to 741741 (Crisis Text Line).

We do not sell personal information of any user. We do not use the content of your messages or AI generations to train AI models or for targeted advertising. We do not knowingly share personal information of users under 18 with third parties for cross-context behavioral advertising.

9. International users and data transfers

Anomaly Labs LLC is based in the United States. If you use parry from outside the United States, your personal data will be transferred to, stored, and processed in the US (and in any other country in which our subprocessors operate). Data protection laws in the US may differ from those in your country.

Where we transfer personal data of users in the EEA, UK, or Switzerland to the US, we rely on the EU-US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795) and, where the recipient is not DPF-certified, the EU Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914), with supplementary measures where necessary following the Schrems II decision (C-311/18). For UK transfers, we rely on the UK Extension to the EU-US DPF and the ICO's International Data Transfer Agreement / UK Addendum as applicable. To request a copy of the safeguards we rely on, email support@parryai.app.

10. United States: your state privacy rights

The rights in Section 5 are available to all users regardless of jurisdiction. The following are additional or clarified rights for residents of specific U.S. states.

10.1 California (CCPA / CPRA)

Categories of personal information collected in the past 12 months (Cal. Civ. Code §1798.140):

• Identifiers: anonymous user UUID; a random device identifier and the Apple transaction identifier for your subscription, each used with a daily count to enforce usage limits; subscription/customer IDs.
• Customer records: subscription state.
• Commercial information: purchase history (via Apple/RevenueCat).
• Internet or other electronic network activity: generation metadata (no content), error reports.
• Inferences: none drawn beyond what's needed to deliver the service.

Sensitive personal information: message content you submit may include sensitive content of your choosing; we process it transiently to generate the suggestion you requested and we do not retain it (see Section 2.2). We rely on §1798.121(d) (use necessary to perform the service you requested) and do not use SPI for any secondary purpose. We do not display a "Limit the Use of My Sensitive Personal Information" link because we do not use SPI beyond the permitted purposes.

We do not sell or share personal information as those terms are defined under the CCPA, and we have not done so in the prior 12 months. Accordingly, we do not display a "Do Not Sell or Share My Personal Information" link. We do not offer any financial incentive in exchange for personal information.

Your CCPA rights: the right to know what personal information we collect, use, disclose, and (if applicable) sell or share; the right to delete; the right to correct; the right to opt out of sale/share (not applicable to us); the right to limit use of sensitive PI (not applicable as described above); and the right to non-discrimination for exercising your rights. To exercise these rights, see Section 5.

10.2 Washington: Consumer Health Data (My Health My Data Act)

We do not knowingly collect consumer health data as defined by Washington's My Health My Data Act (RCW 19.373.010(8)). parry is a messaging-assistance tool; it is not a healthcare service. parry's tone categories (casual, professional, supportive, witty, assertive) are stylistic choices for message drafting, not therapeutic interventions. The reply suggestions are drafts you control, not diagnoses, treatments, or mental-health advice.

We process the message content you submit transiently to generate the reply you requested and we do not retain it. We do not use that content to draw, store, or share inferences about your health or mental state. We do not use geofencing of any kind around healthcare facilities.

If you believe we have processed your consumer health data and you wish to exercise rights under RCW 19.373.050, email support@parryai.app. parry is not a substitute for medical, psychiatric, psychological, or therapeutic care.

10.3 Other U.S. states

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, Iowa, Delaware, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, and Indiana have substantially similar rights under their respective state privacy laws: access, correction, deletion, portability, and opt-out of sale, targeted advertising, and profiling that produces legal or similarly significant effects. We do not sell personal data, we do not use it for targeted advertising, and we do not engage in profiling that produces legal or similarly significant effects.

For users under 18, we apply heightened protections consistent with state minor-privacy laws (Colorado SB 24-041, Connecticut 2026 amendments, Maryland MODPA): no sale, no sharing for cross-context behavioral advertising, no profiling with legal effects.

To exercise these rights or to appeal a denial, see Sections 5 and 6.

11. EEA, UK, and Swiss users

Controller: Anomaly Labs LLC (see Section 1).

Right to complain to a supervisory authority: if you believe we are processing your data unlawfully, you can complain to your local Data Protection Authority. EEA users can find the relevant authority via the EDPB members list. UK users can contact the ICO. Swiss users can contact the FDPIC. We would also appreciate the chance to address your concern directly first.

We do not have a Data Protection Officer because parry's processing does not meet the Article 37 thresholds (no public-authority processing, no large-scale special-category processing, no large-scale systematic monitoring). Privacy questions can be directed to support@parryai.app.

12. Cookies and tracking on parryai.app

The parryai.app marketing website is a static site. It does not set tracking cookies. It does not run analytics. It does not embed third-party advertising or tracking pixels. The site loads typefaces from Google Fonts; doing so transmits your IP address to Google as part of the font request. If we add any tracking, we will update this section and seek consent where required.

Inside the parry mobile app, we do not use third-party analytics or advertising SDKs.

13. Security

All requests between the app and our servers use HTTPS / TLS. Supabase enforces row-level security so users can only access their own data. The Anthropic API key is held server-side as a Supabase edge-function secret and is never shipped in the app bundle. We do not log message content. We follow the principle of least privilege for our service-provider accounts.

No system is perfectly secure. If you believe you've found a security issue, please email support@parryai.app.

14. Data deletion

You can delete your parry data at any time by tapping Delete data at the bottom of the Settings screen inside the mobile app. Deletion removes your anonymous user identifier, your custom tone presets, and your generation metadata. It also requests deletion of your customer record from RevenueCat on a best-effort basis.

What survives deletion. Two anonymous fraud-prevention records are deliberately retained, because deleting them would let anyone reset their daily usage limits by deleting their data and reinstalling: (a) a random device identifier together with its daily count of free-tier generations, and (b) for Pro subscribers, the Apple transaction identifier for the subscription together with its daily count. Neither record links to an account or contains personal details. If you use Restore Purchases after a deletion, a new subscription record is created from your App Store receipt.

If you have an active subscription, you should also cancel it through your device's Settings → [Your Name] → Subscriptions. Uninstalling parry or deleting your data does not by itself cancel the subscription.

15. Changes to this policy

We may update this policy as our service, vendors, or applicable law change. When we make a material change, we will update the "Last updated" date at the top and post a notice inside the app. The previous version will remain available on request for at least 12 months.

16. Contact

Privacy questions, requests, and complaints:
support@parryai.app
Anomaly Labs LLC, 6335 180TH Pl NE Unit 125, Redmond, WA 98052