NODE NEO nodeneo.ai
Privacy Policy

The shortest privacy policy
that's still honest.

We don't collect your data because there is no collection mechanism. No analytics, no telemetry, no account, no inbox to subpoena. Everything below is the long version of that.

Effective: 6 May 2026 · Last updated: 6 May 2026

In one paragraph

Node Neo collects nothing. The app runs on your device. Your wallet key, your conversations, and your settings live in your device's secure storage and its local SQLite database — we never see them. The app talks directly to (1) a public Base blockchain RPC to read your wallet balance and submit on-chain transactions, and (2) the Morpheus inference provider you select for each chat session. Those third parties see what they need to do their job (your wallet address for the chain; your prompt and response for inference) and nothing routes through us. We have no analytics, no crash reporting, no servers, no inbox.

01 · Who we are

Node Neo, by ABSGrafx LLC.

Node Neo is a self-custodial AI client built and published by ABSGrafx LLC (South Dakota, USA). The app is open source under the MIT license; the source code, build pipelines, and full change history are public at github.com/absgrafx/nodeneo.

For the purposes of this policy, "we", "us", and "Node Neo" refer to ABSGrafx LLC as the developer and publisher of the app. "You" refers to the person using the app on their device.

02 · What we collect

Nothing. There is no collection mechanism.

In plain English

We have no servers that receive data from the app. No analytics SDK, no crash reporter, no telemetry, no usage metrics, no IP logging, no email signup. The binary you install does not contain code that phones home.

Concretely, the following common categories of data are not collected by Node Neo or ABSGrafx LLC:

This is not a policy choice we could quietly change tomorrow. It's an architectural choice: the app does not include any third-party SDK or first-party endpoint capable of receiving this data. Adding one would require a public source change, a new release, and you accepting a future version — and we would update this policy first.

03 · On-device data

Everything you create lives on your device only.

In plain English

Your wallet key is in your device's secure enclave / Keychain. Your chats are in a local SQLite file inside the app's container. Deleting the app deletes the data. We never have a copy.

The data the app creates and uses, and where each piece lives:

Wallet key
Stored in your platform's secure key storage (Apple Keychain on iOS / macOS; Keystore on Android), behind biometric or device-passcode protection where the OS supports it. Never transmitted off-device.
Conversations
Local SQLite database in the app's sandboxed data directory, encrypted at rest with a key derived from your wallet. Inaccessible to other apps on the device.
App settings
Same local SQLite database. Includes preferences like default model, session duration, biometric lock mode, and your custom RPC endpoint if you set one.
App lock state
A salted password hash (only if you enabled the password lock mode) plus a flag indicating whether biometric unlock is enabled. Stored in secure key storage, never transmitted.
Logs
Rotating local log files (10 MB per file, up to 5 rotations) in the app's data directory. Used by you for troubleshooting; viewable in Settings → Version & Logs. Never auto-uploaded.
Backups (optional)
If you use Settings → Backup & Reset → Export, an encrypted .nnbak file is created at a location you choose (Files app, iCloud Drive, local disk, etc.). The encryption key never leaves your device; we don't see the file.

You can erase all of the above at any time from Settings → Backup & Reset → Erase Wallet (clears the key while keeping settings) or Full Factory Reset (wipes everything in the app). Uninstalling the app from your device also clears the data; on iOS / macOS, the app additionally wipes its key-storage entries on the next install (handled by FirstLaunchGuard) so a reinstall starts truly fresh.

04 · Third parties

Two parties the app talks to. Both unavoidable; both transparent.

In plain English

Your blockchain RPC sees your wallet address and the transactions you submit (this is how any wallet works). Your selected inference provider sees the prompt you send and returns the answer. Neither talks to us.

A. Public blockchain RPC (Base network)

To read your wallet balance and submit on-chain transactions (open / close inference sessions, send MOR or ETH), the app makes JSON-RPC calls to one or more public Base chain endpoints. By default these are community-run public RPCs (such as base.llamarpc.com and base.publicnode.com). You can override this in Settings → Network to use any compatible endpoint, including one you operate yourself.

What they see: your wallet's public address, the transactions you submit, and the network metadata required to deliver a response (your IP address, time of request). This is true of every wallet on every blockchain — it's how blockchains work. Each provider has its own privacy policy; consult theirs if you have concerns about a specific endpoint, or set a custom one.

What they do not see: your private key (it never leaves your device), your conversations, or any data not directly part of an on-chain transaction.

B. Morpheus inference providers

When you start a chat, the app opens an on-chain session with a provider you select from the Morpheus model list, then sends your prompt directly to that provider's endpoint. The provider runs the inference and streams the response back to you.

What they see: the prompt content you submit, the response they generate, your wallet's public address (so the on-chain session can be verified), and the network metadata required to deliver a response. Each provider on the Morpheus network is independent; their data handling practices are their own.

For models marked Max Privacy in the app (TEE-attested with TDX hardware attestation), the provider's runtime is verified by remote attestation against a sigstore-signed reference manifest before the session opens. This gives a cryptographic guarantee that the model code running on the provider's hardware matches the published image — closing the "what is the provider doing with my prompt" gap that exists on non-attested models. See Deep dive → Trust model for details.

What they do not see: your private key (signing happens on your device), your other conversations (each session is independent), or anything Node Neo does not explicitly send as part of the inference request.

C. App distribution platforms

If you installed Node Neo through the Apple App Store, Apple records the install and applies its own privacy policy to that interaction (Apple ID, device, payment method on file). We receive only aggregate, anonymized install counts from App Store Connect — no individual user data. The same applies to the macOS DMG downloaded from our GitHub Releases page, where GitHub records the download. We have no analytics on top of either source.

05 · OS permissions

What the app asks your operating system for.

Modern operating systems gate a number of capabilities behind explicit user consent. The app's Info.plist (iOS / macOS) and Manifest (Android) declare every permission the binary may touch, even if our own Dart / Go code never invokes them — the platform requires the declaration if any linked framework could access them.

Face ID / Touch ID
Used only for unlocking the app if you enable biometric app-lock in Settings → Preferences → Security. The biometric template never leaves your device's secure enclave; the app receives only a yes/no result.
Files / Documents
Used only when you tap Backup & Reset → Export or Import. We open the platform file picker so you can write or read the .nnbak backup at a location you choose (iCloud Drive, On My iPhone, local disk). We never browse your files programmatically.
Photo library / camera /
microphone (iOS only)
Declared because the file-picker framework links to those capabilities, but the app itself never invokes them from Dart code. iOS still requires the purpose strings to be present in Info.plist for the binary to pass App Store review. We are working to eliminate these declarations entirely by switching to a slimmer file-picker implementation in a future release.
Network access
Required to talk to the blockchain RPC and to your selected inference provider (see Section 4). The app additionally runs a small DNS canary probe on launch (against cloudflare.com, apple.com, or google.com) to detect "no internet" before showing a misleading blockchain error. The probe is a DNS lookup only; no payload is sent, and no result is uploaded anywhere.
06 · Children's privacy

Not directed at children under 13.

Node Neo is a general-audience product not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction, including 16 in much of the EU under the GDPR and 14 in some U.S. states). We do not knowingly collect data from children — consistent with collecting nothing from anyone — and the app's blockchain and self-custody surface is unsuitable for children regardless.

If you believe a child has installed Node Neo and you wish to remove their installation, uninstall the app from the device. There is no account on our side to delete because we have no accounts. See Section 7 for additional rights.

07 · Your rights

Most data-subject rights are automatic, because we hold nothing.

Modern privacy laws (GDPR in the EU, CCPA / CPRA in California, the UK Data Protection Act, LGPD in Brazil, and similar regimes elsewhere) grant individuals a set of rights over personal data that an organization holds about them. Because Node Neo / ABSGrafx LLC holds no personal data about you, most of these rights resolve automatically:

Right to access
We have nothing about you to disclose. Your local data is yours and visible inside the app at all times.
Right to deletion
Use Settings → Backup & Reset → Full Factory Reset, then uninstall the app. Nothing remains on our side because nothing was ever sent to our side.
Right to portability
Use Settings → Backup & Reset → Export to obtain an encrypted .nnbak file containing your wallet and conversations.
Right to correction
You hold the data; you correct it directly in the app.
Right to opt out of sale
We do not sell, rent, or share data with anyone. There is no opt-out toggle because there is nothing to opt out of.
Right to non-discrimination
Exercising any right above does not affect your access to the app or any feature.

Rights you may have against the third parties Node Neo connects to (RPC providers, inference providers, App Store) are governed by their respective privacy policies. We have no ability to act on your behalf with them.

08 · Changes to this policy

We update this page; you read the new version.

If we change how the app handles data — for example by adding an opt-in feature that sends information off-device — we update this page before shipping the change in a release, and bump the "Last updated" date at the top.

09 · Contact

How to reach us.

Questions, concerns, or a request to invoke any of the rights above:

Email
support@nodeneo.ai
Public issues
github.com/absgrafx/nodeneo/issues
Entity
ABSGrafx LLC · South Dakota, USA

For privacy-specific inquiries, write "Privacy" in the subject line. We respond from a human, not a ticketing bot, so allow a few business days.