Last updated: July 11, 2026
This Privacy Policy explains how avriz.io (“avriz.io”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal information in connection with the Avriz service — a voice-native, AI-assisted cloud development environment available at avriz.io (the “Service”). We are committed to handling your information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario law.
To generate responses, your prompts, selected code, and (where you use voice) audio are transmitted to the AI and voice providers listed below. In hands-free mode, live transcription is performed by your device’s built-in speech recognition (processed on-device or by your device vendor, per your device settings) — that audio does not pass through us; tap-to-talk recordings are transcribed by the voice provider listed below. These providers process that content to return a result to you. We do not use your content to train our own models, and we select providers on the basis that they do not train their foundation models on your API traffic. Provider handling is governed by each provider’s own terms.
On managed plans set to Auto, an automated system decides which AI model serves each request, based on the request’s difficulty — so simple requests go to fast, inexpensive models and hard ones to more capable models. This routing system improves itself using reinforcement learning: it learns from the content-free routing & quality signals described in Section 1 (the structural shape of requests and how well each routing choice worked), pooled in aggregate across customers. What it learns from and stores are those derived signals and outcomes only — never the text of your prompts, code, or conversations, which are not retained by, contained in, or recoverable from the routing system.
Routing affects only which model answers, and you are billed for the model that actually serves each request. It does not read or evaluate you or your work in any way that produces legal or similarly significant effects. If you prefer no automated selection at all, you can pin a specific model in your box’s Settings at any time — pinned requests bypass the routing system entirely and contribute nothing to it. Requests made with your own API keys (bring-your-own-key) never pass through the routing system.
We do not sell your personal information. We share it only with the service providers (“sub-processors”) we rely on to run the Service, and only as needed to provide it:
| Provider | Purpose |
|---|---|
| Amazon Web Services | Cloud hosting, compute (your box), storage, and email delivery |
| Stripe | Payment processing and subscription billing |
| Anthropic | Claude AI models (agent responses) |
| Sakana AI | Fugu AI models (agent responses) |
| Gemini AI models; Google sign-in (if used) | |
| ElevenLabs | Speech-to-text and text-to-speech (voice) |
| GitHub | Sign-in and repository access (if used) |
We may also disclose information where required by law, to enforce our agreements, or to protect the rights, safety, and property of avriz.io, our users, or the public.
The Service is hosted on Amazon Web Services in the United States, and certain providers above may process data in the United States or other countries. As a result, your information may be stored and processed outside Canada and may be subject to the laws of those jurisdictions, including lawful access by their authorities. By using the Service you consent to this cross-border transfer and processing.
We keep your account and personal information for as long as your account is active and as needed to provide the Service. Content on your box (code, files, memory, conversation history) is retained while the box exists and is deleted when the box is terminated. We may retain limited records (e.g., billing and security logs) as required for legal, accounting, or fraud-prevention purposes. You may request deletion of your account and associated personal information as described below.
We use technical and organizational safeguards including encryption in transit (TLS), per-subscriber box isolation, hashed passwords, restricted internal access, and network controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your password and any API keys confidential.
Under PIPEDA and applicable Ontario law, you may:
To exercise these rights, contact us through our contact form. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.
The Service is not directed to individuals under 18, and we do not knowingly collect personal information from them. If you believe a minor has provided us information, contact us and we will delete it.
We may update this Policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, by additional notice. Your continued use of the Service after an update constitutes acceptance of the revised Policy.
Questions or requests regarding this Policy or your personal information: please use our contact form.