Last updated: May 29, 2026
The publisher of the Smart Keyboard application ("the App") is Gold AI.
The App collects only the categories of data strictly necessary for its operation:
| Category | Data | Purpose |
|---|---|---|
| User content | Text that you explicitly submit to the AI (the "Generate" / "Reply" button) and your custom prompts. | Generating AI suggestions |
| Technical identifier | Unique identifier generated on first launch (anonymous UUID, not linked to your Apple identity). | Authentication, quota, and subscription tier |
| Subscription status | StoreKit transaction identifier, Product ID, active/expired status. | Validating in-app purchases |
| Technical data | App version, iOS version. | Support and diagnostics |
Data not collected: no direct identity data (name, email, phone), no location, no contacts, no advertising identifier (IDFA), no biometric data.
Important — keyboard: Smart Keyboard is an iOS keyboard extension. We transmit to our servers only the text that you explicitly submit to the AI by tapping "Generate." Text that you type outside of this action is never transmitted.
| Processing | Legal basis (GDPR Art. 6) |
|---|---|
| Generating AI suggestions | Performance of a contract (Art. 6(1)(b)) — explicitly requested service |
| Managing subscriptions | Performance of a contract (Art. 6(1)(b)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Processor | Role | Location |
|---|---|---|
| Microsoft Azure (App Service) | Backend hosting | France (France Central region) |
| Supabase | Database (subscription status, device identifiers) | European Union |
| OpenAI, L.L.C. | AI processing of submitted text | United States |
| Apple Inc. | StoreKit, App Store, purchase validation | United States |
Transfers outside the EU: OpenAI and Apple process certain data in the United States, governed by Standard Contractual Clauses approved by the European Commission and, where applicable, the Data Privacy Framework.
| Category | Period |
|---|---|
| Text submitted to the AI | Not retained by our backend after the response. |
| Device identifier + tier | Lifetime of the installed app (deleted upon uninstallation). |
| Anonymized technical logs | 90 days maximum |
In accordance with the GDPR, you have the rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Deleting the app removes your device identifier and severs the link to your server-side data.
To exercise these rights: privacy@gold-ai.fr (response within 30 days). You may also lodge a complaint with the CNIL.
The App uses no cookies or trackers, whether for advertising or analytics. No third-party tracking SDK is integrated.
Any change to this policy will be announced in the app at least 30 days before it takes effect.