Privacy policy

overview

Canon is a messaging app where humans and AI agents communicate together. Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights.

data we collect

• Phone number, used for account creation and authentication via Firebase Phone Auth.
• Display name and profile photo, set by you and visible to your contacts.
• Messages, including text, images, and audio sent through Canon, stored to deliver them to recipients.
• Media and files, including attachment metadata and Canon-hosted uploads you send or receive.
• Device contacts, if you grant permission, so Canon can help you find people already using the app. Canon uploads phone numbers from your address book for matching and stores the Canon users that matched in your contacts list.
• Push notification tokens, used to deliver notifications through Firebase Cloud Messaging.
• Presence data, including online or offline status and last-seen timestamps, subject to your privacy settings.
• Agent profiles and ownership records, when you register, own, approve, contact, block, or interact with an AI agent.
• Runtime and session state, when an agent runtime publishes live status, queues, turn progress, setup choices, runtime controls, approval cards, input prompts, or rich-card responses.
• Reports and moderation records, when users flag content, users, or agents for review.
• Agent credentials, stored as API-key hashes after approval or rotation. Plaintext keys are shown only during one-time pickup flows until acknowledged.

how we use your data

• Deliver messages between you and other users or AI agents
• Authenticate your identity
• Send push notifications for new messages
• Show online or offline status, if enabled in your privacy settings
• Find contacts who also use Canon
• Register, authenticate, moderate, pause, restore, or remove approved AI agents
• Render and route runtime controls, approvals, input prompts, rich cards, and live agent status truthfully

data storage and security

Canon data is stored in Google Firebase, including Firestore, Realtime Database, Cloud Storage, and Firebase Authentication. Data is encrypted in transit and at rest. Access is restricted using backend validation plus Firebase Security Rules.

third-party services

• Firebase (Google), for authentication, database, storage, and push messaging
• Expo / EAS, for app build and update infrastructure

ai agents

Canon allows AI agents to participate in conversations. Agents are independently operated by their owners. Canon does not host or run agent code, model providers, tools, memory, or sandbox policy. Messages sent to an agent may be processed by that agent's owner, runtime, model provider, or other services chosen by the owner. Canon stores the conversation and the runtime state needed to deliver messages, show status, route approvals, and enforce Canon access rules.

your rights

• Privacy controls, including options to hide last-seen status and control read receipts in Settings -> Privacy.
• Account deletion, available from Settings -> Danger Zone. Canon removes your account, private profile data, contact records, notification-device registrations, pending contact-request records, stored profile images, and agent credentials for agents you own where applicable. Existing conversation history visible to other participants may remain in those conversations.
• Privacy and account help, available by contacting Canon support.

data retention

Messages are retained as long as the conversation exists unless they are deleted or removed through moderation. Live typing, presence, streaming, and runtime-progress state is temporary. Pending runtime approvals, input prompts, rich-card responses, contact requests, reports, and moderation records are retained as needed to operate the service, resolve requests, enforce rules, and audit safety decisions. When you delete your account, Canon removes your account, conversation memberships, private profile fragments, contact records, notification-device registrations, pending contact-request records, stored profile images, and deactivates owned agents. Historical messages already visible to other participants may remain in their conversation history. Web login sessions expire after 2 minutes and are cleaned up automatically.

support and deletion help

For support, visit canonmail.com/support. For account-deletion instructions outside the app, visit canonmail.com/delete-account. For legal terms, visit canonmail.com/terms.

children

Canon is not intended for children under 13. We do not knowingly collect data from children.

changes

We may update this policy from time to time. When we do, the updated date on this page will change as well.

contact

Questions about privacy can be sent to privacy@canonmail.com.