This policy covers the Android version of Enigma AI and explains what data we collect, why, how long we keep it, and what rights you have.
| Principle | Implementation in Enigma AI |
|---|---|
| Data minimisation | We collect only what is strictly necessary: an e-mail address (if you choose to register) plus the prompts you send to obtain AI responses. |
| Local-first storage | Chat history remains on your device only. |
| Transparent processing | Prompts are forwarded—after pseudonymisation—to external AI providers solely to generate answers. |
| Security by design | TLS 1.2+ in transit, AES-256 for stored data, salted-hash for e-mail addresses at rest. |
| User control | Delete chats, export data, or delete your account at any time from in-app settings. |
| Data category | Examples | Source | Stored on device | Stored on our server | Sent to AI providers | Purpose |
|---|---|---|---|---|---|---|
| E-mail address (optional) | you@example.com | Registration form | ✖ | ✔ (hashed, EU data-centre) | ✖ | Account creation; password-less sign-in & service continuity |
| User-provided text | Prompts, messages | You | ✔ | ✖ | ✔ (pseudonymised) | Generate AI responses |
| Technical metadata (minimal) | Random request ID, model name, latency | App | ✖ | ✖ | ✔ | Abuse-prevention & QoS |
We do not collect or share: names, phone numbers, location, advertising ID, device ID, photos, contacts, analytics, crash logs, usage profiling, ads data.
| Processing activity | Legal basis (GDPR Art. 6) | Why we need it |
|---|---|---|
| Account creation & login with e-mail | (b) Contractual necessity | To give you persistent access across devices and enable password-less “magic-link” log-ins. |
| AI inference on your prompts | (b) Contractual necessity | Without sending the prompt, the service cannot reply. |
| Abuse-prevention logs (max 30 days) | (f) Legitimate interest | Stop malicious use (spam, denial-of-service, etc.). |
| Recipient | Data shared | Safeguard |
|---|---|---|
| External AI model providers (e.g., OpenAI, Anthropic) | Pseudonymised prompt text & random request ID | Standard Contractual Clauses (SCCs) + GDPR-compatible DPAs |
| No other third parties | — | — |
We never sell or rent your information.
| Data | Where kept | Retention rule | How to delete |
|---|---|---|---|
| E-mail address (hashed) | Secure EU server | Until you delete your account | Settings › Profile > Delete Account |
| Chat history | Local device storage | Until you clear chats or uninstall the App | Settings › Clear Data or uninstall |
| Provider abuse-prevention logs | Provider side | ≤ 30 days | Auto-deleted; you may also request early erasure via Contact Us |
Exercise any right via Settings or the “Contact Us” form on our website.
Enigma AI is intended for users aged 16 and older. We do not knowingly process data from children under 16.
Material updates trigger an in-app notice and a new effective date.
Data Controller: Enigma Technology, Radom, Poland
Privacy inquiries & data-subject requests: Use the “Contact Us” form linked in the App settings.
| Data type | Collected | Shared | Purpose | User-controlled deletion |
|---|---|---|---|---|
| Personal info › E-mail address | Yes (hashed on server) | No | Account creation & login | Yes – Delete Account |
| User-generated content › Chat messages | Yes (device only) | Yes (pseudonymised to AI providers) | Generate responses | Yes – Clear Data / uninstall |
| App info & performance › Crash/diagnostics | No | — | — | — |
| Device or other IDs / Ads | No | — | — | — |
| Data encrypted in transit: Yes | User can request deletion: Yes (self-service + Contact Us) | ||||
By continuing to use Enigma AI, you agree to this Privacy Policy. If you disagree, please uninstall the App or refrain from creating an account.