Privacy Policy
Effective Date: February 24, 2026 | Last Updated: March 6, 2026
IOU, INC ("we," "us," or "our") operates IOULegacy (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices.
1. Information We Collect
Account information. When you create an account we receive your name and email address from our identity provider (Microsoft Entra External ID). We do not store passwords — authentication is handled entirely by Microsoft.
Content you upload. Photos, documents, recipes, notes, capsules, and other files you choose to store in IOULegacy. Files are stored in Amazon Web Services (AWS) S3, encrypted at rest.
Usage data. We log basic request metadata (timestamps, pages visited, error codes) for security monitoring and debugging. We do not use third-party analytics trackers.
TV & streaming devices. If you pair a Roku or other TV device with your IOULegacy account, we collect a device identifier and device name. A secure token is generated and stored on the TV device (in the Roku Registry) to authenticate API requests. No passwords, personal data, or media files are stored on the TV device itself — content is streamed directly from our servers using time-limited URLs.
2. How We Use Your Information
- To provide and maintain the Service
- To authenticate you and manage your account
- To send transactional emails (welcome, capsule-sealed confirmations)
- To power AI features you explicitly invoke (photo descriptions, recipe suggestions, letter enhancement) — content is sent to Azure OpenAI and is not used to train models
- To detect and prevent abuse or security incidents
3. Data Storage & Security
Your data is stored in AWS (US-East-1 region) using DynamoDB and S3, both encrypted at rest. Server-side sessions are stored in DynamoDB with a 31-day expiry. We enforce HTTPS on all connections and apply security headers (HSTS, X-Frame-Options, X-Content-Type-Options).
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Microsoft Entra External ID | Authentication | Email, name |
| Azure OpenAI | AI features (opt-in) | Content you submit to AI tools |
| Azure Communication Services | Email delivery | Your email address |
| Amazon Web Services (S3, DynamoDB) | File & data storage | All stored content |
4a. TV & Streaming Device Data
When you pair a TV device (e.g., Roku) with IOULegacy:
- Pairing code: A temporary 6-digit code is generated and expires after 10 minutes. It is not stored after pairing completes.
- Device token: A randomly-generated authentication token is created on pairing and stored as a hash in our database. The token is stored locally on the TV device and expires after 30 days.
- Device info: We store a device identifier, device name, and model information to let you manage linked devices from the web interface.
- Media access: The TV device accesses your photos and videos via time-limited signed URLs (4-hour expiry). No media files are cached or stored on the TV device.
- Revocation: You can revoke any linked TV device at any time from the Household page. Revocation immediately invalidates the device token.
5. How AI Features Handle Your Data
IOULegacy includes optional AI-powered features. The table below explains exactly what data each feature sends, which AI model processes it, and what is retained afterward.
| AI Feature | What's Sent to AI | AI Model | What's Stored |
|---|---|---|---|
| Photo Description | Your photo (resized to 512px) | GPT-4o-mini (vision) | Only the text description — photo not retained by AI |
| Recipe Scan | Photo of ingredients | GPT-4o-mini (vision) | Only the ingredient list — photo not retained |
| Recipe Import (PDF) | PDF page image (if text unreadable) | GPT-4o-mini (vision) | Only the extracted recipe text |
| Letter Enhancement | Your letter text + recipient details | GPT-4o-mini | Only the enhanced letter — you control what's saved |
| Voice Chat / Dictation | Audio recording | Whisper (speech-to-text) | Only the text transcript — audio discarded immediately |
| Text-to-Speech | Text to be spoken | GPT-4o-mini TTS | Nothing — audio streamed and not stored |
| AI Chat (all pages) | Page context + your question | GPT-4o-mini | Chat history in your session only (cleared on logout) |
| Document Review | Document text excerpt (max 3000 chars) | GPT-4o-mini | Chat history in your session only |
| Biography Generation | Interview answers you provided | GPT-4o-mini | Only the generated biography — you approve before saving |
6. Your Data Rights
You have full control over your data. Here's how you can exercise your rights:
View
You can view all your data through the app. The Trust & Privacy page shows your security settings and the Access Graph shows who can see what.
Export
You can download a complete copy of your data at any time from the Personalize page. Available to all plans.
Delete
To request full account and data deletion, email info@ioutoday.org. All data will be permanently removed within 30 days.
7. Data Retention
We retain your data for as long as your account is active. If you request account deletion, we will remove your data from DynamoDB and S3 within 30 days. Session records expire automatically after 31 days.
8. Children's Privacy
IOULegacy is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact us and we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time. We will notify you by posting the updated policy on this page with a revised "Last Updated" date. Material changes will be communicated via email.
10. Contact Us
IOU, INC
Email: info@ioutoday.org
Phone: (404) 721-6940
