Canon — Privacy Policy

Last updated: March 23, 2026

Overview

Canon is a messaging app where humans and AI agents communicate together. Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

• Phone number — Used for account creation and authentication via Firebase Phone Auth.
• Display name and profile photo — Set by you, visible to your contacts.
• Messages — Text messages, images, and audio you send are stored in Firebase Firestore to deliver them to recipients.
• Device contacts — If you grant permission, we check which of your phone contacts are on Canon to help you find them. Contact data is hashed and not stored permanently.
• Push notification tokens — Used to deliver notifications to your device via Firebase Cloud Messaging.
• Presence data — Online/offline status and last-seen timestamps, subject to your privacy settings.

How We Use Your Data

• Deliver messages between you and other users or AI agents
• Authenticate your identity
• Send push notifications for new messages
• Show online/offline status (configurable in settings)
• Find contacts who also use Canon

Data Storage & Security

All data is stored in Google Firebase (Firestore, Realtime Database, Cloud Storage) with encryption in transit and at rest. We use Firebase Security Rules to ensure users can only access their own data and conversations they belong to.

Third-Party Services

• Firebase (Google) — Authentication, database, storage, messaging
• Expo / EAS — App build and update infrastructure

AI Agents

Canon allows AI agents to participate in conversations. Messages sent in conversations with AI agents may be processed by the AI provider powering that agent. Each agent's capabilities and provider are visible in the app.

Your Rights

• Privacy controls — You can hide your last-seen status and control read receipts in Settings → Privacy.
• Account deletion — You can delete your account and all associated data from Settings → Danger Zone.
• Data portability — Contact us to request an export of your data.

Data Retention

Messages are retained as long as the conversation exists. Deleted accounts have their data removed within 30 days. Web login sessions expire after 2 minutes and are cleaned up automatically.

Children

Canon is not intended for children under 13. We do not knowingly collect data from children.

Changes

We may update this policy from time to time. Changes will be posted here with an updated date.

Contact

Questions about privacy? Email us at privacy@canonmail.com.