Aletheiaby Lonia AI

Privacy

Your documents stay on your device.

Aletheia is built so that almost no data ever leaves your browser. This policy explains what is processed locally, what is sent off your device only with your explicit choice, the account data we hold, and the rights you have over it.

Last updated: June 18, 2026

On-device processing

The most important fact about Aletheia's privacy posture is this: the documents and web pages you process are handled in your browser. Uploaded files never leave your device. When you scan a URL, the cors-proxy described below fetches the content on your behalf and immediately hands it back to your browser without storing it. Your content is not sent to a third party, and the only opt-in cloud path is the single image you may choose to send for AI description.

The following all happen on your device, with no network call:

  • Parsing PDFs, DOCX files, and other documents.
  • Running OCR on scanned image-only PDFs.
  • Generating on-device image descriptions with the built-in vision model.
  • Restructuring page content into a properly headed, navigable form.
  • Identifying form fields and adding labels.
  • Writing the resulting accessible version to your local library.

URL scanning

When you scan a web page or document by pasting its URL, Aletheia uses a fetch service called the cors-proxy to retrieve the content on your behalf. The proxy fetches the URL you provided, returns the content to your browser, and then forgets about the request. The proxy does not store the URL, the page content, or any identifying information beyond the technical metadata needed to enforce the protections described below.

The proxy applies the following protections to keep the service safe for everyone:

  • Connections to private or internal network addresses are blocked, so the proxy cannot be used to scan resources that are not on the public internet.
  • Rate limits cap how many scans can run from one device or account in a given period.
  • The platform-wide abuse prevention list described below also applies to scanning.
  • Only HTML pages, PDFs, Word documents, and common image formats are processed; other file types are rejected before download.
  • Responses are capped at five megabytes; larger files must be downloaded by you and uploaded through the file upload path instead.

The proxy does not write request URLs, response bodies, or any scanned content to logs. Operational metrics like total request counts are aggregate only and do not associate URLs with users.

You are responsible for the URLs you choose to scan. Use the scanning feature only on content you have the right to access, including compliance with the terms of service, copyright policies, and robots.txt directives of the site you are scanning.

AI image description data handling

Image description has three modes, and the default everywhere is on-device:

  • On-device, the default. Descriptions are generated by a vision model running in your browser. No image and no page content leaves the device. This is the only AI path on the Free, Student, and Campus tiers.
  • Enhanced AI, opt-in (Personal and Family). You can choose to send a single image to Lonia-provided cloud AI, routed through OpenRouter, for a higher-detail description. It is off until you turn it on. Your request is authenticated with your sign-in session, the image you select and a short instruction are sent to the AI provider in a single request, and the image is discarded as soon as the description is returned. We do not log, retain, or train on images you submit.
  • Bring your own key (Professional and Enterprise). You connect your own Anthropic, OpenAI, or OpenRouter key. Images you choose to describe are passed through our service to the provider you configured, under your own account and terms, and discarded immediately after the description is returned. Your key is held only for the duration of the request. On-device fallback applies when no key is set.

Account data we collect

Aletheia uses Google or Microsoft sign-in for every tier, including Free. We hold the minimum needed to run your account:

  • Email address from your OAuth provider, for sign-in and product communication.
  • Plan tier and renewal status.
  • Usage logs needed to apply your plan, such as monthly page counts and Enhanced AI counts where applicable.
  • For the Student tier, verification that your email uses a .edu domain. We do not record which institution.

Billing data

Payments are processed by Stripe. Stripe handles your card details; Aletheia does not receive or store full card numbers. We receive the limited billing status Stripe exposes, such as whether a subscription is active, and a payment card fingerprint used for the abuse prevention described below.

How your data is shared

We do not sell your data and do not share it with advertisers. Data is shared only with the service providers needed to operate Aletheia:

  • Stripe for payment processing and subscription billing.
  • Supabase for authentication and account data storage.
  • OpenRouter only when you opt in to Enhanced AI, to route the single image you chose for a description.

Data retention

Account data is retained while your account is active and for a limited period afterward as needed for legal, tax, and accounting obligations. Usage logs are retained only as long as needed to enforce plan limits and support the service. Documents are not retained by us at all, because they live in your local library on your device.

Abuse Prevention Data

To prevent abuse of our services, Lonia AI maintains a platform-wide restricted-actors list containing hashed identifiers. These identifiers are SHA-256 hashes of normalized email addresses, payment card fingerprints provided by Stripe, and optionally other identifiers used to detect repeated abuse patterns.

Restrictions apply to all Lonia AI services, including Aletheia. A restriction added in connection with one service may prevent account creation or payment on any other Lonia AI service.

This data is retained under legitimate business interest for as long as the restriction remains active. Hashed identifiers cannot be reversed to recover original values.

Restricted actors may submit a one-time appeal by writing to privacy@lonia.ai. If the restriction is lifted, you will receive confirmation at the email address you provide in your appeal, and you will be able to sign up or sign in as normal.

No analytics, no tracking, no telemetry

The marketing site and the Aletheia product do not run third-party analytics, advertising trackers, session replay tools, or telemetry packages.

Your rights under GDPR and CCPA

Because most processing is local, the data we hold about you is small. Where we do hold account data, you have the rights you would expect under the GDPR and the CCPA:

  • The right to know what data we hold about you.
  • The right to correct inaccurate account data.
  • The right to deletion. We delete the account-level data we hold; there is nothing to delete on the document side because we never had your documents.
  • The right to portability. You can export your local library at any time from the product.
  • The right to object to processing.

To exercise any of these rights, email privacy@lonia.ai. Note that records retained for abuse prevention may be kept under legitimate business interest as permitted by law, including GDPR Article 17(3)(b).

Cookies

The marketing site uses no tracking cookies. The product uses only first-party browser storage strictly necessary for it to function, such as your local library and your preferences. It does not use cookies for cross-site tracking.

Children

Aletheia is not directed at children under 13, and we do not knowingly collect personal information from children under 13. The Student tier is intended for verified higher-education students.

Changes to this policy

If we update this policy, we will update the "last updated" date above. Material changes will be communicated to anyone with an active account.

Contact and governing law

Questions, requests, or concerns about privacy can be sent to privacy@lonia.ai.

This policy is governed by the laws of the State of New Jersey, without regard to conflict of laws principles.