Last Updated: May 26, 2026

Privacy Policy

We built Iris to be open by default. Privacy isn't an afterthought here.

01 - The Short Version

  • Self-hosted Iris: we collect nothing. Your data never touches our servers.
  • Waitlist: we store your email address and nothing else.
  • iris (when live): we collect only what's needed to operate the service with no selling of your data and no ads.

02 - Who We Are

We're Iris, an open-source AI orchestration engine. Questions about your data go to iris@thirtysignals.com.

03 - What We Collect

Website visitors

Standard server logs, including IP address, browser type, pages visited, and referring URL. These are ephemeral and used only for debugging and capacity planning. We don't run ad trackers or cross-site analytics.

Waitlist

Your email address. That's it. We use it to send Iris updates. Unsubscribe any time and we'll delete it.

iris (when live)

  • Account info: name, email, and password hash
  • Usage and execution logs necessary to run and monitor agent runs
  • Prompt content processed operationally to complete your requests, never used for dataset training

04 - What We Don't Do

  • We don't sell your data to anyone, ever
  • We don't train AI models on your data or prompts
  • We don't serve you ads
  • We don't share your information beyond what's strictly needed to operate

05 - Third-Party Services

We use a small number of sub-processors to operate Iris. Each is listed below with what they're used for.

ServicePurpose
Anthropic / OpenAI / Azure / BedrockLLM inference, routed per your chosen provider. Your prompts go to the provider you configure.

06 - Data Retention

  • Waitlist email, kept until you unsubscribe or ask us to delete it
  • iris account data, deleted upon account cancellation
  • Operational logs, kept on a rolling basis and cleared regularly

07 - Your Rights

You have the right to access, delete, correct, or export any personal data we hold about you. Email iris@thirtysignals.com and we'll respond within 30 days.

08 - Security

Self-hosted: security is your responsibility. You control the infrastructure.

iris: all traffic is TLS encrypted, data is encrypted at rest, and agent workloads run in Firecracker microVM isolation, with each run in its own ephemeral VM that is destroyed when the task completes.

Found a security issue? Please report it responsibly to iris@thirtysignals.com. We'll take it seriously.

09 - Changes

The Last Updated date at the top of this page tells you when we last changed something. If we make a material change, we'll email you. Continuing to use Iris after that means you accept the updated policy.

10 - Contact

Privacy questions: iris@thirtysignals.com