Home → Legal documents → Privacy
Privacy Policy
App: Iridai (iOS) Last revision: 11 May 2026 Document version: 1.1
Pursuant to Articles 13 and 14 of EU Regulation 2016/679 (the "GDPR"), the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018), the UK GDPR and Data Protection Act 2018 for users in the United Kingdom, and the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA") for residents of California.
1. Data Controller
RAVENG by CE4U S.r.l. Registered office: Via Gioacchino Rossini 29/2, 37012 Bussolengo (VR), Italy VAT / Tax ID: 04731920239 Privacy contact: privacy@raveng.it General contact: c.tenca@raveng.it
No Data Protection Officer (DPO) has been appointed as the criteria set forth in Article 37 GDPR are not met. Users may nevertheless direct any privacy enquiry to the contact above.
2. Personal Data Processed
The App processes the following categories of data on the User's device only, except where expressly indicated otherwise.
2.1 Data collected and stored locally on the device
| Category | Detail | Storage |
|---|---|---|
| Photographs | Images captured by Ray-Ban Meta smart glasses or by the iPhone camera, attached to inspections | App sandbox file system (Documents/inspections/) |
| Audio (transient) | Microphone audio processed in real time by Apple's
SFSpeechRecognizer framework for speech recognition and
wake-word detection |
Not persisted, discarded after transcription |
| Voice transcriptions | Text of the User's requests | Volatile memory, discarded at session end |
| GPS data | Latitude, longitude and address of inspection locations (reverse
geocoding via Apple's CLGeocoder) |
Saved into JSON / PDF inspection reports |
| Inspection records | JSON + PDF technical reports containing non-conformities, photos, regulatory markers | App sandbox file system |
| AI conversations | Last 8–10 voice / text turns for conversational memory of the assistant | App sandbox file system |
| Third-party API credentials | API keys for Anthropic, OpenAI, Google Gemini, ElevenLabs, Perplexity, Twilio, n8n, and the RAVENG portal Secret Key | iOS Keychain protected by Secure Enclave |
| Preferences | Active AI model, activation mode, current persona, wake phrase | UserDefaults (app sandbox) |
| Diagnostic logs | Ring buffer of 200 entries for debugging | OSLog local — never transmitted |
2.2 Data transmitted to the AI provider selected by the User
When the User runs a cloud AI analysis (the "Describe", "CE Analysis", "Safety Audit", "I4.0 Maintenance" buttons, or any other configured prompt) or uses the conversational voice feature, the following data is transmitted to the provider selected by the User:
- The captured photograph (base64-encoded JPEG, ~150–500 KB)
- The text of the request (voice-transcribed or typed)
- The system prompt (analysis context configuration)
- Possibly the most recent conversation turns
The AI providers currently supported are:
| Provider | Registered office | Privacy policy | Transfer safeguards |
|---|---|---|---|
| Anthropic, PBC (Claude models) | San Francisco, CA, USA | https://www.anthropic.com/legal/privacy | SCCs + EU-US Data Privacy Framework |
| OpenAI, OpCo LLC (GPT models) | San Francisco, CA, USA | https://openai.com/policies/privacy-policy/ | SCCs + EU-US Data Privacy Framework |
| Google LLC (Gemini models) | Mountain View, CA, USA | https://policies.google.com/privacy | SCCs + EU-US Data Privacy Framework |
Zero-cloud alternative: the User may use the on-device MLX local model (e.g. SmolVLM2, Qwen2-VL, Phi-Vision, Llama 3.2 Vision). In that case no data is transmitted to external servers — inference runs entirely on the device.
2.3 Data transmitted to optional integrations
Only if the User expressly activates the corresponding integration:
| Integration | What is transmitted | Provider |
|---|---|---|
| Twilio (SMS) | Recipient phone numbers and message contents | Twilio Inc., privacy: https://www.twilio.com/legal/privacy |
| n8n (workflow) | Arbitrary payloads chosen by the User | The n8n instance configured by the User |
| RAVENG Portal | Inspections and structured data (placeholder in v0.3 — feature not yet active) | RAVENG by CE4U S.r.l. (Controller) |
2.4 Apple services intrinsic to iOS
The App uses Apple frameworks that may transmit data to Apple Inc. within the limits of the iOS system policies:
- SFSpeechRecognizer: by default voice requests are transmitted to Apple servers for recognition; the User may enable on-device recognition from iOS Settings where supported. (https://www.apple.com/legal/privacy/)
- CLGeocoder: translates GPS coordinates into addresses via Apple servers.
- PHPhotoLibrary, EventKit, HKHealthStore, HomeKit: access managed by the iOS consent prompts.
2.5 Meta services intrinsic to the Wearables DAT SDK
The App uses the Meta Wearables Device Access Toolkit (DAT) SDK version 0.6.0 to connect to Ray-Ban Meta smart glasses. To access the glasses' camera the SDK requires pairing / registration via the User's Meta AI app. Communication occurs locally over Bluetooth; no Iridai application data is transmitted to Meta servers from our SDK. For details: https://www.meta.com/legal/privacy-policy/
3. Purposes of Processing
Data is processed exclusively for:
a) Service delivery: providing the App's features (AI analysis, inspections, reports, integrations); b) Legal compliance: within the limits set by Italian, EU and applicable foreign law; c) Security: protecting the Controller and Users from unauthorised access or fraudulent activity; d) Service improvement: within the scope of strictly local diagnostic logs (non-profiling).
4. Lawful Basis
| Purpose | Lawful basis (Art. 6 GDPR) |
|---|---|
| Delivery of the App's services | Performance of a contract (Art. 6.1.b) |
| Transmission of photos/voice to the selected AI provider | Explicit consent + performance of contract (Art. 6.1.a, 6.1.b) |
| Activated optional integrations (Twilio, n8n, RAVENG) | Explicit consent (Art. 6.1.a) |
| Local storage of inspections and professional data | Performance of contract + legitimate professional interest of the User (Art. 6.1.b, 6.1.f) |
| Tax and accounting obligations if the App becomes paid | Legal obligation (Art. 6.1.c) |
5. Categories of Recipients
Personal data may be communicated to:
- AI providers selected by the User (Anthropic, OpenAI, Google) — when the User enables cloud analysis;
- Optional integration providers (Twilio, n8n, any future RAVENG portal) — only if activated;
- Apple Distribution International Ltd. and the Apple group — for the management of the Iridai Pro Monthly subscription (€ 9.90/month, see §5.bis below) and for native iOS system services;
- Law enforcement and competent authorities — upon legitimate request and after legal verification.
No data is sold, transferred or monetised to third parties for marketing, profiling, advertising or data-broking purposes.
5.bis Apple as Independent Controller for Subscription Payments
The Iridai App is distributed exclusively through Apple App Store. The "Iridai Pro Monthly" auto-renewable subscription (€ 9.90/month, 3-day free trial for eligible new users) is managed entirely by Apple as part of the In-App Purchase services. In this flow:
a) Apple Distribution International Ltd. (Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) — Apple's competent entity for the European Economic Area — acts as an Independent Controller of the User's payment data (cardholder name, card number, expiry date, CVV, billing address, Apple ID transaction history); b) The Owner DOES NOT receive, store or process the User's payment data in any way. The Owner receives from Apple only anonymous aggregate sales reports (number of subscribers, currency, gross value) via the App Store Connect dashboard, without any personally identifiable information on individual subscribers; c) Apple's processing of payment data is governed by the Apple Privacy Policy (https://www.apple.com/legal/privacy/) and the Apple Media Services Terms (https://www.apple.com/legal/internet-services/itunes/), which the User accepts by accessing the App Store with their Apple ID; d) For requests concerning payment data (access, rectification, deletion, portability), the User must contact Apple Privacy directly (https://www.apple.com/legal/privacy/contact/), as Apple is the Controller for that processing. The Owner of Iridai has neither the technical nor the legal authority to act on payment data held by Apple.
The only information the Owner knows about each User's subscription
is the local on-device state of the subscription
(active, in trial, in grace period, expired), computed by the App
through Apple's StoreKit 2 framework on the basis of
the cryptographic signature of the transaction (JWS
verification) transmitted by Apple itself. This information remains
exclusively on the User's device and is never
transmitted to RAVENG servers (RAVENG operates no
subscription-management backend).
6. International Transfers
The main cloud AI providers (Anthropic, OpenAI, Google) are headquartered in the United States of America. The transfer of data takes place on the basis of the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Implementing Decision 2021/914), signed by those providers;
- EU-US Data Privacy Framework (adequacy decision 2023/1795 of 10 July 2023) for providers certified under that framework;
- Explicit consent of the User at the time of configuring the provider, of which the User takes acknowledgement by entering their API key.
The User may eliminate any extra-EU transfer by using only the local MLX model and disabling external integrations.
7. Retention Period
| Category of data | Retention |
|---|---|
| Local data (photos, inspections, reports, preferences) | Until manual deletion by the User or App uninstallation |
| API credentials in Keychain | Until manual deletion or App uninstallation |
| Data transmitted to cloud AI providers | Governed by the privacy policy of the selected provider (typically: Anthropic 30 days, OpenAI 30 days / immediate in Zero Data Retention mode, Google 30 days) |
| Diagnostic logs (OSLog ring buffer) | Last 200 entries, overwritten automatically |
| AI conversation history | Last 10 turns, overwritten automatically |
8. Rights of the Data Subject
The User may exercise the rights granted by Articles 15–22 GDPR at any time:
- Right of access (Art. 15): to know which data is being processed and for what purposes
- Right to rectification (Art. 16): correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten") (Art. 17): note that local data is wiped by uninstalling the App or via the in-app "Cancel inspection" function
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20): receipt of the data in a structured, commonly used and machine-readable format
- Right to object (Art. 21), in particular to processing based on legitimate interest
- Right to withdraw consent at any time (Art. 7.3), without affecting the lawfulness of prior processing. Withdrawal in practice is achieved by uninstalling the App or disabling the relevant opt-in feature
- Right to lodge a complaint with the Supervisory Authority (Art. 77): the Italian Garante per la Protezione dei Dati Personali, Piazza Venezia 11, 00187 Roma — https://www.garanteprivacy.it (or any other competent EU supervisory authority)
To exercise their rights the User may write to privacy@raveng.it attaching a copy of an identity document. RAVENG will reply within 30 days of the request (extendable to 60 days in complex cases pursuant to Art. 12.3 GDPR).
8.1 For users in the United Kingdom
Users resident in the United Kingdom enjoy substantially equivalent rights under the UK GDPR and the Data Protection Act 2018. The competent supervisory authority is the Information Commissioner's Office (ICO, https://ico.org.uk).
8.2 For users in California (CCPA/CPRA)
Residents of the State of California are entitled to:
- The right to know what personal information is collected, sold or shared;
- The right to delete personal information (subject to legal exceptions);
- The right to correct inaccurate information;
- The right to opt-out of "sale" or "sharing" of personal information — RAVENG declares that it does not sell or share personal information for cross-context behavioural advertising;
- The right to non-discrimination for exercising these rights.
Requests may be submitted to privacy@raveng.it. RAVENG responds within 45 days (extendable to 90 days for complex requests).
9. Automated Decision-Making, Profiling, and INHERENT AI RISKS
9.1 Framing under Article 22 GDPR
The App uses artificial intelligence models (LLMs and VLMs) to generate technical compliance analyses based on photos and prompts supplied by the User. We expressly state that such analyses:
- Produce no direct legal effect on the User or on third parties;
- Do not constitute a signed technical assessment or any act having legal value;
- Do not constitute automated decision-making within the meaning of Art. 22 GDPR, since they are a decision-support tool that requires validation by the User professional in every case.
9.2 Errors, hallucinations, and inaccuracies (known risk)
The User acknowledges and accepts that the AI models used — whether cloud-hosted (Anthropic, OpenAI, Google) or local MLX — are probabilistic systems that by intrinsic technical nature may:
- Generate errors, omissions, "hallucinations" (fabricated information) of significant magnitude;
- Cite inaccurate, repealed, outdated, or invented regulatory references;
- Estimate distances, sizes, severities approximately or wholly incorrectly;
- Mis-classify compliance with a directive.
Such characteristics do not constitute a product defect but are a structural property of the AI models at the time the App is distributed. The User remains solely responsible for verifying and validating every output before relying on it in their professional work. For a complete account of the limitations of liability and indemnity obligations please refer integrally to the Terms of Use, §§ 7, 8, 9, 10.
10. Provision of Data and Consequences of Refusal
Granting the requested permissions and data is necessary to use the App's features. Refusal may limit specific features but does not prevent basic use:
| Permission | Features that depend on it |
|---|---|
| Camera | Photo capture from iPhone (fallback) |
| Microphone | Voice recognition, wake word |
| Speech recognition | Voice commands |
| Photos | Attaching photos imported from the smart glasses |
| Location | Geo-tagging of inspections |
| Bluetooth | Connection to Ray-Ban Meta smart glasses |
| Calendar / Contacts / Reminders | Optional agentic tools |
| Motion / HealthKit | Optional fitness tools |
11. Security
The Controller adopts technical and organisational measures appropriate to protecting the data (Art. 32 GDPR):
- Encryption of API credentials in the iOS Keychain with Secure Enclave protection where available;
- HTTPS / TLS 1.2+ communications towards all cloud providers;
- App digitally signed by Apple via distribution certificate (Team ID JKFG2JR5RX);
- Availability of the local MLX AI model for zero-cloud / maximum-confidentiality scenarios;
- No proprietary RAVENG server receives data from the App in the current version.
12. Amendments to this Notice
The Controller reserves the right to amend this notice in response to:
- Regulatory changes;
- Introduction of new features altering the processing;
- Changes in third-party service providers.
Amendments will be published in-app in the section Settings → About → Legal Documents, with indication of the last-updated date. For substantial amendments the Controller will request renewed explicit acceptance.
Effective date: 11 May 2026 Document version: 1.1 RAVENG by CE4U S.r.l. — Data Controller