Pyre — Privacy Policy
Effective date: June 2, 2026 Last updated: June 2, 2026
Pyre is a roleplay frontend that runs entirely on your device. It is made by Ember Team ("we", "us"). This Privacy Policy explains what data Pyre handles — and what it doesn't.
The short version: we have no server that sees your data. Pyre is BYOK ("bring your own key") — the app talks directly to whatever AI provider you configure. Your characters, chats, presets, lorebooks, and personas live on your own device.
1. Data we do not collect
We run no backend that receives, stores, or processes:
- the content of your chats;
- your character cards, lorebooks, presets, or personas;
- your API keys;
- your message history;
- any identifier we could tie back to you;
- analytics, telemetry, advertising IDs, or crash reports.
Pyre has no account system. There is nothing to log into, and nothing for us to leak.
2. Data Pyre stores on your device
Created and stored locally, in the app's private storage. It never leaves your device unless you explicitly export it (§5), sync it to your own devices (§3), or send it to an AI provider you configured (§3).
| Data | Where it lives |
|---|---|
| Characters, chats, personas, lorebooks, presets, UI settings | App-private storage on your device |
| API keys for AI providers | Your OS secure store (Android Keystore · Windows Credential Manager · Linux Secret Service) |
| Cookies set by sites you open in embedded Discover | The embedded browser's isolated cookie jar |
Uninstalling Pyre deletes everything. On Android, auto-backup is disabled, so this data is never silently copied to Google Drive.
3. Data that leaves your device — only when you act
To your AI provider. When you send a message, your prompt — including text from the characters, lorebooks, and presets you chose — is sent to the provider you configured (for example OpenRouter, OpenAI, or a self-hosted server) over HTTPS, with your API key. That provider has its own privacy policy and retention rules. Pyre opens a direct device-to-provider connection; we have no visibility into it.
Across your own devices (optional sync). If you turn on Pyre's local-network sync, your library syncs directly between your devices over your own network — never through a Pyre server, because there isn't one. If you additionally opt in to syncing API keys, each key is end-to-end encrypted with a secret derived from the device pairing, so it never crosses the network in plaintext and only your paired devices can read it. Sync is off by default.
To community card hosts (Discover). The Discover tab opens an allowlist of trusted card hubs (such as BotBooru) so you can browse and import. On embedded platforms, that site runs in Pyre's isolated browser; on external-browser platforms, it runs in your normal browser. Those sites have their own privacy policies; Pyre is not affiliated with them. Embedded Discover is restricted to the allowlist and can only trigger imports from those hosts. "Import by URL" performs a single HTTPS request to the address you typed.
4. Donations
Supporting Pyre is optional. If you choose to donate via Ko-fi, the payment is handled entirely by Ko-fi and its processors (Stripe / PayPal). Ember Team never sees your card or payment details. Ko-fi's own privacy policy governs that transaction.
5. Export and deletion
- Export. More → Backup & Restore. The exported file includes everything on the device except your API keys, unless you explicitly toggle "Include API keys" (with a confirmation) first. Keys are stripped by default so the file is safe to share.
- Wipe. More → Storage. Erases the local data and every API key in your OS secure store.
- Uninstall. Removes everything in the app's storage.
There is nothing for us to delete on your behalf, because we never had it.
6. For adults
Pyre is intended for users 18 and older. It does not host or generate content itself; the AI providers and character cards you bring may produce adult themes. You are responsible for what you import and what you ask the AI.
7. Security
API keys live in your operating system's dedicated secure store. The local data file sits inside the app's private storage and is excluded from cloud backups. Network requests use HTTPS. Optional sync between your own devices is encrypted as described in §3.
We are not perfect. If you find a security issue, please contact us (§9) before disclosing it publicly.
8. Changes
We may update this policy. The "Last updated" date reflects the most recent change. Because Pyre is open source, the full history of this document is public in our repository.
9. Contact
- GitHub: open an issue or discussion on the Pyre repository.
- Or use the community links on pyrechat.app.