violet

Violet privacy policy

Effective date: not yet in effect (pre-launch draft)

Draft This is a draft. It requires review by qualified legal counsel before publication, is not legal advice, and has not been published or taken effect. It is written to match the actual shipped architecture as of 2026-07-03; if the product changes, this draft changes with it before it is ever published. Bracketed items are unresolved owner and counsel decisions, left visible on purpose.

The short version

Violet is local-first. Your conversations, memories, and journal live on your device. If you turn on cloud sync, your content is encrypted on your device before it leaves, with a key derived from your passphrase that never leaves your device. Our server stores locked envelopes it cannot open. We can see that you have an account and how much you use the service; we cannot read what you and Violet talk about.

1. What Violet is

Violet is a personal AI partner. The product runs local-first: the core application stores your data on your own device. An optional cloud service (operated by us on Cloudflare's platform) provides accounts, cross-device sync, and managed AI inference.

2. Data that stays on your device

3. How cloud sync works (end-to-end encryption)

When cloud sync is on:

Consequence you should understand: if you lose your passphrase, we cannot recover your synced content. We cannot read it, so we cannot restore it in the clear.

4. What we CAN see

We are honest about the other side of the ledger. When you use the cloud service, we process and can see:

5. Managed AI inference

If you use managed inference (Violet's cloud reasoning), the messages you choose to send to the model are forwarded to our model provider to generate a reply, and the reply is streamed back to you. This is inherent to how large models work; a model cannot answer a message it cannot read. What we commit to:

Power users can instead run Violet against their own local model or their own key, in which case inference content does not flow through our cloud at all.

6. What we do NOT do

7. Retention

8. Deletion

9. Where data lives

The cloud service runs on Cloudflare (Workers, D1, KV, R2), a global edge network. [OWNER with counsel: add data-location and international-transfer language, e.g. GDPR transfer mechanisms, before publication.]

10. Legal bases and your rights

[OWNER with counsel: complete for the launch jurisdictions. Expected contents: GDPR legal bases (contract for the service, legitimate interest for security, consent for the waitlist), CCPA/CPRA disclosures and the right to know/delete/correct, and the contact mechanism for exercising rights. The architecture above makes most access requests simple: for content, we hold only ciphertext we cannot open.]

11. Children

Violet is not directed at children. [OWNER with counsel: set the minimum age per jurisdiction, e.g. 16 in the EEA and 13 in the US, and align the terms.]

12. Changes

If we change this policy, we will post the new version with a new effective date and, for material changes, notify account holders by email before the change takes effect. We will never change the core promise silently: content is encrypted on your device and we cannot read it.

13. Contact

[OWNER: privacy contact email, and the legal entity name and address, before publication.]