Aion Aion

Aion Privacy Policy

Last updated: 2026-04-18 · Version 1.0.1

1. What Aion is

Aion is a memory-first AI companion for Android, built by Axiom Labs. It is designed around on-device privacy.

  • Aion's main reply path uses the user's own AI provider key (BYOK — Bring Your Own Key).
  • Aion stores its memory, beliefs, chat history, and profile data on the device only.
  • There is no Aion-operated chat server or collector in the shipped app path.
  • Aion can also use an optional on-device local runtime for users who want a fully offline setup.

2. Contact

For privacy questions, contact [email protected].

3. What Aion stores on your device

  • Chat messages and conversation history
  • Structured memory — inferred beliefs, corrections, contradictions, timeline events, domain assignments
  • Episodic conversation summaries
  • Profile settings and personalisation
  • Reminders and scheduled tasks
  • Journal entries
  • Attachment references and document-derived memory
  • Voice engine preferences and downloaded voice model files
  • Local runtime and model settings
  • Crash reports stored locally after an app crash
  • Profile exports or other files you explicitly generate and share

Sensitive credentials are also stored locally:

  • Cloud API keys — encrypted with AES-256-GCM using a key protected by AndroidKeyStore

4. What can leave your device

Some Aion features send data off-device only when you explicitly use those features.

BYOK cloud mode

If you use Aion with your own cloud AI provider key, the app sends data directly from your device to that provider — OpenAI, Anthropic, or Google. That can include your current message, selected recent turns, the subset of memory and timeline context relevant to the current request, profile context, and selected attachments or documents when cloud analysis is used. Only the current request's context is sent — not the rest of your memory.

Gmail

Gmail integration is not active in the current release. It is planned for a future update. When available, Aion will talk directly from the app to Google's Gmail APIs using your OAuth-granted token. No Gmail data will be routed through an Aion server. Read-only scope.

Calendar

Aion reads and writes calendar data through Android's calendar provider on your device. Calendar data is not sent to an Aion server.

Voice input

Aion uses Android speech-recognition services for voice input. Depending on your device and speech service, recognition may be handled locally or by the device's speech provider.

Voice output (TTS)

System TTS uses Android's built-in engine. Piper Fast and Kokoro HD run locally on-device after a one-time model download from public open-source model distributions. No TTS audio is sent anywhere.

User-initiated sharing

If you export or share a profile export, bug report, or similar file, that file leaves your device only because you explicitly chose to share it.

App analytics and crash reporting

Aion uses Google Firebase for two operational purposes: crash reporting (Firebase Crashlytics) and anonymous usage analytics (Google Analytics for Firebase). This data is used only to keep Aion stable and to understand which features users find valuable.

What is sent:

  • Crash stack traces, ANR reports, device model, OS version, app version
  • Named app events (e.g. memory_tab_opened, voice_chat_started, first_chat_sent) — never with content attached
  • Session length, screens viewed, feature taps
  • Country (derived from IP by Firebase, not stored with your account)
  • Anonymous Firebase installation ID and Android advertising ID

What is never sent:

  • Your chat messages, prompts, or assistant replies
  • Your memory — beliefs, facts, journal entries, reminders, timeline events
  • Profile names, identity fields, or anything you typed into Aion
  • Your cloud API keys
  • Calendar events, photos, files, or audio
  • Any text or media you share with your BYOK provider

You can disable both crash reporting and usage analytics at any time in Settings → Privacy → Diagnostics. In the EU, both are off by default until you accept in the first-launch consent dialog.

5. What Aion does not do

  • Aion does not require an Aion account for core use
  • Aion does not proxy your chat traffic through an Aion-operated backend
  • Aion does not proxy calendar access through an Aion server
  • Aion does not send your chat content, memory, beliefs, journal entries, or anything you typed into Aion to any third party or to Axiom Labs
  • Aion does not sell your data
  • Anonymous app analytics and crash reports are sent to Google Firebase to keep Aion stable and improve the product — see "App analytics and crash reporting" in section 4. You can opt out.

6. Permissions Aion requests

  • INTERNET — direct requests to your chosen cloud AI provider and for YouTube / web search tools
  • POST_NOTIFICATIONS — reminders, timers, briefings, proactive insights, and weekly digest
  • RECORD_AUDIO — voice input and voice-chat mode
  • READ_CALENDAR — read calendar events when you ask about your schedule
  • WRITE_CALENDAR — create, move, or cancel calendar events through Aion
  • CAMERA — take photos for image attachments in chat (requested only when you tap the camera button)
  • FOREGROUND_SERVICE / FOREGROUND_SERVICE_SHORT_SERVICE / FOREGROUND_SERVICE_DATA_SYNC — short background tasks such as reminder scheduling, memory maintenance, and proactive insight checks
  • RECEIVE_BOOT_COMPLETED — restore scheduled reminders and briefings after a device restart
  • SCHEDULE_EXACT_ALARM — fire reminders and daily briefings at the exact time you set them
  • REQUEST_IGNORE_BATTERY_OPTIMIZATIONS — ask Android to allow scheduled reminders and briefings to fire reliably when the device is in Doze mode; you must approve this prompt

7. Memory, inference, and provenance

Aion derives memory from things you say directly, repeated patterns across conversation history, and imported documents or attachments that appear to relate to you. Every belief records when it was learned, when last confirmed, and its source turn. The Memory tab lets you view, edit, pin, or delete any belief.

8. Data deletion and control

  • Clear a saved cloud API key (Settings → AI Setup)
  • Forget individual memory items (Memory tab → long-press a belief → Delete)
  • Wipe active profile memory (Settings → Privacy → Reset active profile — chats, beliefs, contradictions, reminders, and journals for the active profile only)
  • Archive or delete a profile
  • Export a profile as a passphrase-encrypted file (you hold the passphrase)
  • Uninstall the app to remove all Aion data from the device

9. Security practices

  • Android backup disabled for the app (allowBackup=false) — adb backup cannot lift app data off the device
  • Release builds have debuggable=false
  • Release logging uses a sanitised path — no personal content is written to logs
  • R8 / ProGuard code shrinking and obfuscation is enabled on release builds
  • Encrypted storage for cloud API keys (AES-256-GCM, AndroidKeyStore-protected)
  • Encrypted profile export using PBKDF2-SHA256 (210,000 iterations) + AES-256-GCM, with a fresh random salt and IV per export
  • Sensitive screens (Memory, Settings) block OS screenshots in release builds (FLAG_SECURE)
  • Debug / tester export tools are disabled in public builds

Important notes:

  • Users should not share an encrypted export file and its passphrase together
  • Your chosen AI provider has its own privacy policy — review it before connecting a key

10. Retention

Aion keeps locally stored data until you delete it, wipe a profile, delete a profile, clear app data, or uninstall the app, subject to normal Android app-data removal behaviour.

11. Children

Aion is not a child-directed product. Do not use Aion with children unless you are prepared to meet the additional policy and compliance requirements that apply to children and student data.

12. Policy changes

If Aion later adds hosted cloud features, sync, accounts, or billing, this policy must be updated before those features ship. The most recent version is always available at aion-ai.app/privacy.