· Legal
Effective Date: June 27, 2026 · Last Updated: June 27, 2026
The App is designed for personal note capture. When you use the App, you may provide:
You are in full control of what you provide. The App does not require you to create an account, provide your name, or share any personal identifiers to use its core functionality.
We do not collect device identifiers, IP addresses, usage analytics, crash reports, or behavioural data. The App contains no analytics software, no advertising SDKs, and no third-party tracking tools of any kind.
The only automated process that occurs is the temporary transmission of your note content to our processing server for the purpose of structuring your notes using intelligent automation. This transmission is described in detail in Section 3.
If you choose to purchase a paid subscription (Toru Smart), the transaction is processed entirely by Apple through the App Store. We do not receive, store, or have access to your payment card details, billing address, or any financial information. Apple's privacy policy governs the handling of your payment data.
Toru Smart subscribers may choose to enable the optional voice recording storage feature. When enabled, the original audio recording of a voice-captured note is stored locally on your device alongside the structured note. This feature is disabled by default and must be explicitly activated by the user.
Voice recordings stored under this feature never leave your device. They are not transmitted to our servers, not shared with any third party, and not uploaded to any cloud service by us. They are deleted automatically when you delete the associated note.
All notes, lists, transcriptions, and voice recordings are stored locally on your device. This data does not leave your device except as described in Section 3 (processing) and Section 2.2 (iCloud backup).
If you have enabled iCloud backup on your device and the App's iCloud backup feature is turned on, your notes and lists may be included in your iCloud backup. This backup is governed by Apple's iCloud terms and privacy policy. We do not control, access, or interact with your iCloud data.
We do not maintain a user database. We do not store your notes, transcriptions, account information, or any personally identifiable information on our servers. Our server infrastructure is used solely as a processing relay as described in Section 3.
When you choose to structure a note using the App, your note content is temporarily transmitted to our processing server. Our server forwards this content to Anthropic PBC, a third-party artificial intelligence service provider, which structures and returns the content. The structured note is then returned to your device.
This process is transient. Neither our server nor Anthropic's API retains your note content after the processing request is completed. Your content exists on our server only for the duration of the network request, measured in seconds.
In accordance with applicable transparency requirements, including Article 50 of the EU AI Act, we disclose that intelligent automation is used to process and structure the content of your notes. This automation assists in organising your thoughts. It does not make decisions about you, assess your behaviour, profile you, or infer sensitive characteristics from your content.
Anthropic PBC is our sole third-party data processor. Your note content is transmitted to Anthropic solely for the purpose of structuring your notes. Anthropic's processing is governed by their API usage policies and privacy documentation, available at anthropic.com.
Under Anthropic's standard API terms, API requests are not used to train AI models without separate consent.
Our processing server is hosted in the European Union. Note content transmitted for processing remains within EU infrastructure and is subject to applicable EU data protection law. All data involved is transient and not retained on our servers.
For users in the European Economic Area, the United Kingdom, and Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR) and applicable national law:
Because all of your data is stored locally on your device, you exercise full control over it at all times. You may:
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. You also have the right to lodge a complaint with your local data protection supervisory authority.
Given the architecture of the App — where all data is stored on your device and our servers retain no user data — most of these rights are exercised directly through your device. For any requests that cannot be addressed through the App itself, please contact us using the details in Section 11.
We respect the privacy rights of California residents. While Hey Toru! at its current scale does not meet the thresholds that trigger mandatory compliance with the California Consumer Privacy Act (CCPA), we voluntarily apply the following principles to all California users:
As Hey Toru! grows, we will review our CCPA obligations and update this policy accordingly.
Some browsers and devices allow users to transmit a "Do Not Track" signal to indicate that they do not wish to be tracked across websites and applications. The App does not track users across third-party websites or applications, does not use cross-context advertising, and contains no behavioural tracking technology of any kind. Accordingly, Do Not Track signals do not alter the App's behaviour, as no tracking of this nature occurs in the first place.
Your notes, lists, and transcriptions are retained on your device for as long as you choose to keep them. You may delete individual items or all data at any time through the App.
Optional voice recordings (Toru Smart) are retained on your device for as long as the associated note exists. When you delete a note, the associated voice recording is deleted with it.
Our processing server retains no user content. All transmitted content is discarded immediately upon completion of the processing request.
Subscription transaction records are retained by Apple in accordance with their policies. We do not maintain independent records of your subscription transactions beyond what Apple provides to us.
We take the security of your information seriously. The following measures are in place:
No method of transmission over the internet or method of electronic storage is completely secure. While we use commercially reasonable means to protect your information, we cannot guarantee absolute security.
In the event of a security breach that compromises your personal information, we will notify affected users without undue delay and in accordance with applicable law. For users in the European Economic Area, notification will be made within 72 hours of our becoming aware of the breach where required by GDPR. For users in other jurisdictions, we will comply with applicable state and national breach notification requirements.
Given that the App stores all user data locally on-device and our servers retain no user content, the scope of any potential server-side breach is inherently limited. In the event that a breach of our server infrastructure occurs, we will assess the impact and notify users if their information has been or is reasonably likely to have been affected.
Breach notifications will be delivered via the email address associated with your account where available, or through a notice posted within the App and on heytoru.com.
The App is not directed to children under the age of 13 in the United States, or under the applicable minimum age in other jurisdictions (13 in most countries, 16 in certain EU member states). We do not knowingly collect personal information from children below the applicable minimum age.
If you believe a child has provided personal information through the App, please contact us at [email protected] and we will take appropriate steps to address the situation promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, the App's features, or applicable law. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify users through the App.
This policy is written by data category and processing purpose, not by specific feature. This means that as the App evolves — including the addition or removal of features — this policy remains accurate provided the categories of data collected and the purposes of processing remain consistent. Where new categories of data or new processing purposes are introduced, this policy will be updated accordingly.
Your continued use of the App after any changes constitutes your acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your information, please contact us:
Hey Toru!, operated by Pembroke Labs, LLC
Use our support form to get in touch — we respond to all legitimate requests within 30 days as required by applicable law.
Hey Toru! · heytoru.com · ™ HEY TORU!