Privacy Policy (Web)

InstantAI by North Tumbleweed LLC | Last updated April 17, 2026

This policy covers the InstantAI web app at instantai.chat. If you are using the iOS app, see the iOS Privacy Policy, which describes the App Store version's more limited data practices.

1. Overview

North Tumbleweed LLC ("we", "us", "our") publishes InstantAI, an AI-powered chat assistant available on iOS and the web at instantai.chat. This Privacy Policy explains what information we collect when you use InstantAI, how we use it, and what rights you have regarding your data.

By using InstantAI, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

2. Data We Collect

2.1 Account Information

When you create an InstantAI account, we collect:

Your email address (provided directly or through Sign in with Apple)
A unique account identifier (a random UUID generated by our authentication provider)
Authentication credentials managed by our auth provider

If you use Sign in with Apple with the "Hide My Email" option, we only receive the private relay email address Apple generates for you.

2.2 Messages and Conversations

We store your chat messages and conversation history to provide the Service. This includes:

Messages you send to the AI
AI-generated responses
Conversation metadata (timestamps, selected mode)
Custom instructions you configure

Your chat history is stored so you can access it across devices and continue previous conversations. Chat content is scoped per-account via row-level security, meaning only you can read your own messages.

2.3 Uploaded Files and Images

When you upload or capture documents and images for analysis, these files are processed to generate AI responses. Images attached to a conversation are stored alongside the conversation so they remain visible in your chat history. Files and images are used solely to operate the chat feature and are not used for training, advertising, or any other purpose.

2.4 Product Interaction and Usage Data

We collect product interaction events to understand how the app is used and to improve the experience:

Which conversation mode you select (Instant, Smart, or Genius)
Whether web search was used in a conversation
Screen views, button taps, onboarding completion, and paywall views
Subscription status and billing period

These events are linked to your account identifier so we can measure retention and feature usage. They are not shared with advertisers and are not used to build a marketing profile about you.

2.5 Marketing Attribution (iOS & Web)

iOS. On iOS, we use AppsFlyer to measure which marketing channels bring new users to InstantAI. If you grant permission through Apple's App Tracking Transparency prompt, AppsFlyer receives your device's Advertising Identifier (IDFA) for attribution and SKAdNetwork conversion measurement. If you decline the prompt, the advertising identifier is not collected and AppsFlyer falls back to aggregate, non-personalized measurement. The app works exactly the same either way. See Section 8 ("App Tracking Transparency") for details on how to opt out.

Web. On the web at instantai.chat, we use Meta Pixel, TikTok Pixel, PostHog, and Google Ads conversion tracking to measure marketing effectiveness and understand how people use the product. These tools use cookies and local storage to recognize return visits and attribute conversions. In the European Economic Area, United Kingdom, and Switzerland, none of these tools load until you accept the consent banner. See Section 7a ("Web Analytics & Advertising") for the full breakdown.

2.6 Network Identifiers and IP Address

When you interact with InstantAI, our backend logs the IP address of the incoming request. IP addresses are used for rate limiting, abuse detection, and security auditing (for example, to block sign-in attempts from suspicious patterns or to investigate misuse reports). IP addresses are stored in short-lived operational tables (event logs, device session records, upload audit logs) and are retained for up to 90 days before being deleted or anonymized. IP addresses are never shared with advertisers and are never used to build a marketing profile about you.

2.7 Purchase History

When you subscribe, we receive subscription events (purchase, renewal, cancellation) from Apple's App Store (on iOS) or Stripe (on the web) through our subscription provider RevenueCat. This data is linked to your account so we can grant the features you paid for. We do not see or store payment card details, billing addresses, or any other financial information.

2.8 Diagnostic and Crash Data

Standard iOS and web crash signatures may be transmitted by the operating system and by the SDKs we ship to help us fix bugs. Crash data is anonymous (not linked to your account) and is used only to improve app stability.

3. Camera Usage

InstantAI may request access to your device's camera when you choose to attach an image to a conversation. Camera usage works as follows:

The camera is only activated when you explicitly tap the image attachment option and choose to take a photo
The captured image is processed on your device and then sent to an AI provider for analysis as part of your conversation
Images are not stored permanently on our servers after processing
You can revoke camera access at any time through your device settings
Camera access is entirely optional. You can use InstantAI without granting camera permission.

4. AI Providers

To generate responses, your messages are sent to third-party AI providers for processing through our backend. This is how InstantAI works:

When you send a message, it is transmitted through our servers to an AI provider for processing
The AI provider generates a response, which is streamed back to you through our servers
Different conversation modes may use different AI providers
AI providers process your messages according to their own data handling and privacy policies
We select providers that do not use your messages for training their AI

  We do not send your email address, account information, or any personal identifiers to AI providers. Only the content of your messages (and any attached files relevant to the conversation) is transmitted for processing.

5. Web Search

When web search is active, your AI retrieves information from the internet to give you current answers. Search queries are derived from your messages and sent to a search service to fetch relevant web content.

Search is only triggered when you enable it or when the AI determines your question requires up-to-date information
We do not send personal identifiers to the search service

6. How We Use Your Data

We use your data strictly to provide, operate, and improve InstantAI:

Purpose	Data Used
AI chat responses	Your messages, sent to AI providers via our backend
Conversation history and sync	Messages and metadata, stored in our database
Image analysis	Uploaded or captured images, sent to AI providers
Web search	Search queries derived from your messages
Account management	Email address, account identifier, and authentication state
Subscription management	Purchase events and entitlement status via RevenueCat
Custom instructions	Your personalization preferences, applied to conversations
Product analytics	Screen views, taps, and feature usage events, linked to your account identifier
Marketing attribution (iOS)	Device advertising identifier via AppsFlyer, only with ATT consent
Marketing attribution (web)	Cookies and events via Meta Pixel, TikTok Pixel, PostHog, and Google Ads — consent-gated for EU/UK/EEA visitors
Abuse prevention and security	IP address and request metadata (retained for up to 90 days)
Crash diagnostics	Anonymous crash signatures

We do not sell your data. We do not use the content of your chat messages for advertising. We do not build marketing profiles from your chat content. Your conversations are not used to train AI models. When web search is active, your AI retrieves information from the internet to give you current answers.

7. Third-Party Services

InstantAI integrates with the following third-party services. Each service has its own privacy policy governing the data it receives.

7.1 AI Inference Providers

Your messages and attached files are sent to third-party AI providers through our backend to generate responses. These providers process your input according to their own usage and privacy policies. We route requests through our servers and do not send your email address, account identifier, or any other personal identifier to these providers. We select providers whose terms do not permit the use of customer inputs for model training.

7.2 Search Provider (Tavily)

When web search is enabled, queries are sent to Tavily, a search API service, to retrieve relevant web content. Tavily receives the search query but not your account information or personal identifiers. Tavily's privacy policy governs its handling of search queries.

7.3 Authentication and Database (Supabase)

We use Supabase for account authentication and data storage. Supabase stores your account information, chat history, uploaded images, and custom instructions in the us-east-1 region (Amazon Web Services, Northern Virginia, United States). Your data is protected by row-level security, meaning only you can access your own rows. Supabase's privacy policy governs their handling of this data. International transfers from the European Economic Area, United Kingdom, and Switzerland to the United States are covered under Standard Contractual Clauses published by the European Commission, which Supabase has executed with its customers.

7.4 Subscription Management (RevenueCat)

We use RevenueCat to manage subscriptions across iOS and the web. RevenueCat receives:

Your account identifier (so subscription entitlements follow your account, not your device)
Subscription purchase events from Apple's App Store or Stripe (product ID, purchase date, renewal status, cancellation status)

RevenueCat does not receive your chat messages, your email address, uploaded images, or any other content from the app. On iOS, payments are processed by Apple's App Store. On the web, payments are processed by Stripe. Neither we nor RevenueCat see or store your payment card details or billing address.

7.5 Marketing Attribution (AppsFlyer, iOS only)

On iOS, we use AppsFlyer to measure which marketing channels bring new users to InstantAI. AppsFlyer is an attribution and marketing measurement service. It helps us understand, at a cohort level, which advertising campaigns convert, so we can invest in what works.

AppsFlyer receives your device's Advertising Identifier (IDFA) only if you grant permission via the App Tracking Transparency prompt that appears during onboarding
If you decline the prompt, the advertising identifier is not collected and AppsFlyer falls back to aggregate, non-personalized measurement using Apple's privacy-preserving SKAdNetwork
AppsFlyer also receives a small number of event signals (install, paywall view, checkout start, trial start, subscribe, tutorial completion) so we can measure the funnel. These events do not include your chat content, your email, or the text of any search queries
AppsFlyer does not receive your chat messages, uploaded images, or any content you create inside the app
Tracking domains used by AppsFlyer are declared in our App Store privacy manifest and include: t.appsflyer.com, register.appsflyer.com, conversions.appsflyer.com, app.appsflyer.com, api2.appsflyer.com, and onelink.me

AppsFlyer is used only in the iOS app. The web app at instantai.chat does not use AppsFlyer.

7a. Web Analytics & Advertising (Web Only)

The web app at instantai.chat uses four third-party tools to measure marketing effectiveness and understand product usage. These tools are not used in the iOS app. For visitors from the European Economic Area, the United Kingdom, and Switzerland, every tool in this section is gated behind the cookie consent banner that appears on your first visit — none of them load until you accept. Visitors outside these regions are treated as consent-given by default, consistent with US privacy norms; you can still decline by choosing "Decline" if the banner is shown to you or by using browser-level controls.

7a.1 Meta Pixel (Facebook / Instagram)

What it is: A conversion-tracking pixel operated by Meta Platforms, Inc. that correlates ad clicks with actions on instantai.chat.
What it collects: First- and third-party cookies (for example _fbp, fr), your browser and device characteristics, the URL you visit, and a set of discrete events — PageView, ViewContent (paywall shown), StartTrial, CompleteRegistration, Lead (onboarding completed), and Purchase.
Where the data goes: Meta servers in the United States and Europe. Meta is the data controller for data it receives through the pixel.
Your controls: Decline the consent banner (EU/UK/EEA) or close it and revisit in private browsing. You can also delete pixel cookies in your browser settings, install an ad-blocker, or manage your Meta ad preferences at facebook.com/settings?tab=ads.

7a.2 TikTok Pixel

What it is: A conversion-tracking pixel operated by TikTok (ByteDance) that attributes TikTok ad clicks to signups and purchases on instantai.chat.
What it collects: First- and third-party cookies (for example _ttp), device and browser signals, the URL you visit, and the same set of events as Meta Pixel (page view, paywall view, checkout start, signup complete, purchase complete).
Where the data goes: TikTok servers in the United States and Europe. TikTok is the data controller for pixel data.
Your controls: Decline the consent banner (EU/UK/EEA). Pixel cookies can be cleared in browser settings. TikTok ad controls are available at tiktok.com/settings/ads.

7a.3 PostHog (Product Analytics)

What it is: An open-source product-analytics tool we use to understand how people use the web app (which screens load, which features are tapped, where people drop off). PostHog is a data processor acting on our behalf — we are the data controller.
What it collects: An anonymous device/user identifier stored in a first-party cookie or local storage, your selected feature mode (Instant / Smart / Genius), page views, button taps, onboarding completion, paywall views, and the first-touch UTM parameters from the URL that brought you to the site. PostHog also records the current URL and referring page.
Where the data goes: PostHog's US Cloud region (us.i.posthog.com), hosted on Amazon Web Services in the United States.
Your controls: Decline the consent banner (EU/UK/EEA). You can also request PostHog data deletion by emailing contact@northtumbleweed.com.

7a.4 Google Ads Conversion Tracking

What it is: A tag from Google's advertising platform (gtag.js, conversion ID AW-18004637415) that attributes Google Ads clicks to signups and purchases on instantai.chat.
What it collects: First- and third-party cookies (for example _gcl_au, _gcl_aw), a click identifier (gclid) from Google ad links, page views, and conversion events (sign_up, begin_checkout, purchase).
Where the data goes: Google servers in the United States and Europe. Google is the data controller for conversion tag data.
Your controls: Decline the consent banner (EU/UK/EEA). You can also opt out of Google personalized ads at myadcenter.google.com, or install the Google Analytics opt-out browser add-on.

7a.5 First-Party Event Log

Independent of the third-party tools above, our backend writes a first-party record of significant events (for example signup, subscription, paywall view, feature use). This record includes the event name, a small payload describing the event, a device identifier, your account identifier (once signed in), and a tab-scoped session identifier. First-party event logging is necessary to operate the Service (detect abuse, deliver features you paid for, support your account) and is therefore always active, even if you decline the third-party consent banner. First-party events are stored in our database and are subject to the retention rules in Section 10.

7b. Cookies & Local Storage (Web Only)

This section explains the cookies, local storage keys, and session storage keys that the web app at instantai.chat may create on your device. It does not apply to the iOS app, which does not use browser cookies.

7b.1 Strictly Necessary (always active)

Name	Type	Purpose
`instantai_cookie_consent`	localStorage	Records your choice on the consent banner (accepted or declined). EU/UK/EEA visitors only.
`instantai_session`	sessionStorage	Random per-tab session identifier used to group events within a single browsing tab.
`instantai_device`	localStorage	Random device identifier used for first-party event logging and abuse prevention.

7b.2 First-Party Attribution (always active)

Name	Type	Purpose
`instantai_first_touch`	localStorage	The UTM parameters and referrer captured on your first visit. Used so we can credit the marketing channel that introduced you to InstantAI.
`instantai_last_touch`	localStorage	The UTM parameters and referrer captured on your most recent visit.

7b.3 Marketing & Analytics (consent-gated in EU/UK/EEA)

When you accept the consent banner (or when you visit from outside the EU/UK/EEA), the following third-party cookies may be set by the tools described in Section 7a. Names and purposes below are current at the time of writing; each provider may change them.

Cookie	Set by	Purpose
`_fbp`, `fr`	Meta Pixel (facebook.com)	Ad attribution and audience building.
`_ttp`	TikTok Pixel (tiktok.com)	Ad attribution.
`_gcl_au`, `_gcl_aw`	Google Ads (googletagmanager.com, google.com)	Conversion tracking for Google Ads campaigns.
`ph_*` (various)	PostHog (us.i.posthog.com)	Product-analytics session and person identification.

7b.4 Clearing Cookies and Changing Your Choice

You can clear cookies at any time through your browser's settings (for example, Safari → Settings → Privacy → Manage Website Data; Chrome → Settings → Privacy and security → Cookies and other site data). To reset your consent choice and see the banner again on your next visit (EU/UK/EEA), clear local storage for instantai.chat. We also honor browser-level "Do Not Track" and "Global Privacy Control" signals where required by applicable law.

8. App Tracking Transparency (iOS)

On iOS, Apple requires apps to ask for permission before collecting the device's Advertising Identifier (IDFA) for cross-app tracking or advertising measurement. InstantAI shows this prompt during onboarding because we use AppsFlyer for marketing attribution (see Section 7.5).

Your choice is fully respected:

If you tap "Allow", AppsFlyer receives your IDFA and uses it to attribute installs to the marketing channel that brought you to the app
If you tap "Ask App Not to Track", no advertising identifier is collected, no user-level attribution is performed, and AppsFlyer falls back to aggregate measurement via Apple's privacy-preserving SKAdNetwork
Either way, every feature of InstantAI works identically. You are never penalized, throttled, or shown different content based on your tracking choice

You can change your choice at any time in iOS Settings → Privacy & Security → Tracking. You can also disable tracking globally for all apps in the same menu.

9. What We Do NOT Collect

  We collect only what is necessary to operate the Service, measure how it is used, and (on iOS) understand which marketing channels bring new users. We do not profile you, sell your data, or use your chat content for advertising.

Specifically, InstantAI does not collect or use:

Your real name (we only collect an email and an account identifier)
Your precise or coarse location (we never request location permission)
Your contacts or address book (we never request contacts permission)
Microphone or audio data (we never request microphone permission)
Health, fitness, or biometric data
Browsing history outside of InstantAI
Data from other apps on your device
Payment card numbers or billing addresses (handled entirely by Apple or Stripe)
The content of your chat messages for advertising, marketing profiling, or model training

10. Data Retention

Chat History

Your conversations, uploaded images, and custom instructions are stored in our database for as long as your account is active, so you can access them across devices. You can delete individual conversations at any time inside the app. We retain chat data until you delete individual conversations, delete your account, or request deletion by contacting us.

Account Data

Your account record (email, account identifier, authentication state, subscription tier) is retained for as long as your account exists.

Product Analytics and Attribution

Product interaction events and attribution events are retained for up to 24 months, after which they are anonymized or deleted by scheduled backend jobs. Third-party analytics and ad-tech providers (Meta, TikTok, Google, PostHog) apply their own retention policies to the copies of events they receive.

IP Address and Operational Logs

IP addresses and operational logs (event log IPs, device-session creation IPs, upload audit IPs, rate-limit counters) are retained for up to 90 days and are then deleted or anonymized. These short-retention logs exist only for abuse prevention, rate limiting, and security incident response.

Subscription Data

RevenueCat, Apple, and Stripe retain subscription records as required by their own policies and applicable tax and accounting laws. We retain the entitlement status on your profile so we can grant the features you paid for.

AI Provider Retention

Once messages are processed by AI providers, their retention practices are governed by their own policies. We select providers whose contracts do not permit the use of customer inputs for model training and that delete inputs shortly after processing.

11. Account Deletion

You can delete your account at any time. Deleting your account is permanent and cannot be undone.

On iOS: open the app, tap the profile icon, go to Settings → Delete Account and confirm
On the web: sign in at instantai.chat, open Settings → Delete Account and confirm
By email: write to contact@northtumbleweed.com from the email address associated with your account

When you delete your account, we remove your account record, chat history, uploaded images, custom instructions, product analytics events, and any other data linked to your account. Deletion cascades across our database within a short period. Backups containing residual copies are overwritten on a rolling basis and are never used for any purpose other than disaster recovery.

If you have an active subscription, remember to cancel it separately before deleting your account (see Section 12), because subscriptions are managed by Apple or Stripe and continue to auto-renew unless cancelled.

12. Subscription Management and Cancellation

InstantAI offers premium subscriptions on weekly, monthly, and yearly billing cycles. Current pricing is displayed at the time of purchase in the app and on the web.

Auto-renewal. Subscriptions automatically renew at the end of each billing period unless cancelled at least 24 hours before the renewal date. Your payment method will be charged for renewal within 24 hours prior to the end of the current period.

How to cancel:

On iOS: open iOS Settings → [your name] → Subscriptions → InstantAI and tap Cancel Subscription. You can also cancel from inside the InstantAI app at Profile → Settings → Manage Subscription, which opens the same iOS settings page
On the web: sign in at instantai.chat, open Settings → Manage Subscription. This opens the Stripe customer portal where you can cancel or change your plan

Cancellation takes effect at the end of the current billing period. You retain access to premium features until then. Refund requests for App Store purchases must be directed to Apple. For web purchases, contact us directly.

13. Children's Privacy

InstantAI is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account or provided us with personal information, please contact us and we will delete it promptly.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:

Right of Access, to request a copy of the personal data we hold about you
Right to Rectification, to request correction of inaccurate data
Right to Erasure, to request deletion of your personal data
Right to Restriction, to request that we limit processing of your data
Right to Data Portability, to request your data in a structured, machine-readable format
Right to Object, to object to processing based on legitimate interests
Right to Withdraw Consent, to withdraw previously given consent at any time

You can exercise many of these rights directly within the app by deleting conversations or deleting your account. For other requests, contact us and we will respond within 30 days.

Legal basis for processing: We process data based on (a) your consent (camera permission), (b) contract performance (providing the AI chat service you use), and (c) legitimate interest (subscription management and service operation).

15. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

Right to Know, to request the categories and specific pieces of personal information we have collected
Right to Delete, to request deletion of personal information we have collected
Right to Opt-Out of Sale. We do not sell personal information. There is nothing to opt out of.
Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at the email address below. We will verify your identity and respond within 45 days.

16. Security

We implement reasonable security measures to protect your data in transit and at rest:

All network communication uses HTTPS/TLS encryption
Database access is protected by row-level security, ensuring users can only access their own data
API keys and secrets are stored in secure environment variables, never in client code
Authentication is handled through industry-standard protocols
Our backend runs on Cloudflare Workers with built-in DDoS protection and edge security

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of InstantAI after changes constitutes acceptance of the updated policy.

For material changes, we will make reasonable efforts to notify you within the app or via email.

18. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

North Tumbleweed LLC
Email: contact@northtumbleweed.com
Web: instantai.chat