Privacy policy
Last updated: 2026-05-13
This policy describes what Iris (operated by Neon Blue, Inc.) collects, how we use it, and the third parties involved. If you have questions, email steve@neonblue.ai.
What we collect
- Account information — your email, name, and authentication details, via Clerk. We do not store passwords; Clerk does.
- Billing information — your billing email, card last-4, and subscription history, via Stripe. We do not store full card numbers; Stripe does.
- Slack workspace data — when you install Iris into your Slack workspace, we receive an OAuth token scoped to that workspace and the messages directed at the Iris bot (DMs and @-mentions). We do not read other channel traffic.
- Agent activity — every message the Iris bot receives is processed by an AI model and may generate a response, tool calls, and state stored in your tenant's database file. This data is retained for the duration of your subscription.
- Usage metrics — input/output token counts, tool calls, and timestamps, per tenant, for billing and rate limiting.
How we use it
- To operate the Iris agent on your behalf.
- To bill your subscription and detect failed payments.
- To enforce per-plan usage caps and prevent abuse.
- To debug issues you report. We may read your conversation history in response to a support request you initiate.
- To improve the product in aggregate. We do not use your conversations to train AI models.
Third parties
Iris relies on the following processors. Each handles a specific slice of your data under their own privacy policies.
- Clerk — authentication. (policy)
- Stripe — billing. (policy)
- Slack — the channel through which you and Iris interact. (policy)
- OpenRouter — large-language-model routing. Your prompts are forwarded with a per-tenant attribution string but no personally identifiable information. (policy)
- Neon — Postgres database hosting. (policy)
- Vercel — web hosting. (policy)
- Hetzner — server hosting (EU). (policy)
- Cloudflare — DNS + Tunnel. (policy)
Data retention
We retain account data, conversation history, and usage metrics for the lifetime of your subscription. If you delete your account, we purge tenant data within 30 days, except where retention is required for financial or legal compliance (e.g., billing records).
Your rights
You can export your data, request deletion, or correct inaccuracies by emailing steve@neonblue.ai. We respond within 30 days.
If you are in the EU/UK, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection.
Changes
We will update this page when the policy changes and email you if the change is material. The "Last updated" date at the top reflects the current version.