IOUMore

Privacy Policy

Privacy Policy

Effective Date: February 24, 2026  |  Last Updated: March 22, 2026

IOU, INC (“we,” “us,” or “our”) operates the IOUHome, IOULegacy, IOUForever, and IOULegacy Deployed platforms (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

Account information. When you create an account we receive your name and email address from our identity provider (Microsoft Entra External ID). We do not store passwords — authentication is handled entirely by Microsoft.

Content you upload. Photos, documents, recipes, notes, capsules, and other files you choose to store. Files are stored in Amazon Web Services (AWS) S3, encrypted at rest.

Usage data. We log basic request metadata (timestamps, pages visited, error codes) for security monitoring and debugging. We do not use third-party analytics trackers.

2. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate you and manage your account
  • To send transactional emails (welcome, capsule-sealed confirmations)
  • To power AI features you explicitly invoke — content is sent to Azure OpenAI and is not used to train models
  • To detect and prevent abuse or security incidents

3. Data Storage & Security

Your data is stored in AWS (US-East-1 region) using DynamoDB and S3, both encrypted at rest. We enforce HTTPS on all connections and apply security headers (HSTS, X-Frame-Options, X-Content-Type-Options).

4. Third-Party Services

  • Microsoft Entra External ID — Authentication (email, name)
  • Azure OpenAI — AI features, opt-in only (content you submit)
  • Azure Communication Services — Email delivery (your email address)
  • Amazon Web Services — File & data storage (all stored content)

Enterprise AI Agreement: All AI processing is performed by Azure OpenAI (Microsoft). Per our enterprise agreement, your data is NOT used to train AI models.

5. Your Data Rights

You have full control over your data. You can view all data through the app, export a complete copy at any time, and request full deletion by emailing support@ioutoday.org (removed within 30 days).

6. Health Information

The Service is not a HIPAA-covered entity. You may store personal health-related documents for your own convenience, but the platform is not certified for Protected Health Information (PHI).

7. Children’s Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email.

9. Contact Us

IOU, INC
Email: support@ioutoday.org