Back to Home

Privacy Policy

Last updated: March 29, 2026

1. Introduction

Loka ("we," "our," or "us") is a chat client that connects to multiple third-party AI model providers so you can try different models or supply your own API keys. We take privacy seriously and only collect the minimum data needed to run the app.

This Privacy Policy explains what we store, how it is used, and how third-party providers handle the rest. If you disagree with these practices, please do not use the Service or connect external models.

2. Information We Collect

Account Information

We ask for your name and email address so you can sign in, sync conversations, and receive essential notices. We do not request home addresses, phone numbers, GPS information, payment details, or marketing preferences.

Conversation Data

The chat interface stores your prompts, responses, file references, and per-conversation settings in our database so the experience is consistent across devices. We do not run analytics, behavioral tracking, or advertising on this data, and we never sell conversation history.

Technical Metadata

We maintain minimal operational logs, such as timestamped API errors and basic device/browser information, to keep the Service reliable and secure. These logs are not combined with personal information and are deleted on a rolling basis.

3. How We Use Your Information

Your data is used solely to operate the Service:

  • Authenticate you and keep conversation history synced between devices
  • Process your prompts and route them to selected AI providers
  • Maintain safety features such as abuse prevention and rate limiting
  • Respond to support requests and resolve bugs
  • Comply with legal obligations when applicable

We do not sell your information, run targeted advertising, or build behavioral profiles. AI models are not trained using your conversations by us; third-party providers may have their own policies.

4. How We Share Your Information

We share information only when it is necessary to provide the Service:

Core Infrastructure

Firebase hosts accounts and conversations for us. These services process your data under their own privacy and security terms, which follow widely adopted cloud standards.

AI Model Providers

When you pick a third-party model, for example Google, your prompts and the related context go straight to that provider. Their privacy policies, retention rules, and model-training practices apply to everything you share with them. If you want complete isolation, connect only providers you run yourself and avoid sending data to services you do not trust.

Legal and Safety

We may disclose information if required by law, in response to lawful requests from public authorities, or to protect the integrity of the Service.

5. Data Retention

We keep account details and conversations only as long as you maintain an account. You can delete conversations or close your account at any time, which removes associated data from active systems. Backups may persist for a short period as part of disaster-recovery processes, after which data is purged.

6. Data Security

We use Firebase security rules, encrypted network connections (HTTPS/TLS), role-based access controls, and regular permission reviews to keep stored data safe. Additionally, custom provider configurations, such as API keys, are encrypted in the database.

Despite these safeguards, no system is perfectly secure. You are responsible for keeping your devices secure and for revoking any third-party API keys connected to the Service if you suspect compromise.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the data we store about you
  • Correction: Update or fix inaccurate account details
  • Deletion: Delete conversations or close your account
  • Portability: Export conversation history in a machine-readable format
  • Objection/Restriction: Limit how your information is processed where legally required

Contact us through the email to exercise these rights. We may verify your request to protect your account, and we aim to respond within 30 days unless local laws require a different timeline.

8. Third-Party AI Providers

Each model provider accessible through Loka enforces its own privacy rules. When you enable a provider, you agree to their terms. We are not responsible for how those providers store, use, or further process your conversations. To maintain full control, you may disable built-in providers and connect only self-hosted or BYOK providers.

9. Children's Privacy

The Service is intended for individuals 13 years and older. We do not knowingly collect information from children under 13, and will delete such data if identified.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes take effect when posted on this page. Continued use of the Service after changes become effective means you accept the revised policy.

11. Contact Us

If you have questions or privacy requests, email us at support@loka.app. We will respond within a reasonable timeframe.