Your vault is yours.

Each brain is a private vault made of three things: raw captures (verbatim chats and uploaded files), compiled wiki pages (the brain's own organised notes), and the vector embeddings that power retrieval. Files and embeddings live in the database; original uploads are mirrored to encrypted object storage.

• You, the owner, always.
• Anyone you have explicitly invited and who has accepted the consent dialog. Invites can be revoked at any time, which removes their access immediately.
• No one else. Per-user URL signatures mean even an exposed link cannot be opened by another account, and access is enforced at the database level — not just in the app.

Your data is encrypted in transit and at rest. All traffic to and from the app runs over TLS. Everything we store — the database (files, compiled pages, and vector embeddings) and the object storage holding your original uploads — is encrypted at rest. Your content is never written to disk in the clear.

Answering questions and organising your brain requires sending the relevant text to AI providers, strictly to process your own request:

• OpenAI — generates the embeddings (numeric vectors) that power search over your vault.
• Anthropic — runs the language models that read retrieved passages and write answers, and that compile your notes into wiki pages.

These providers process your data only to return a result for your request. Under their API terms, your content is not used to train their models. They may retain inputs briefly (typically up to 30 days) solely for safety and abuse monitoring, after which it is deleted; it is never used for their own purposes. They are the only third parties that ever touch your content, and only as a subprocessor of your request.

Employees do not browse user vaults. The only conditions under which an employee may read a brain's contents are:

• Support — only at your explicit request, scoped to the smallest data needed to resolve the issue.
• Security — to investigate confirmed abuse, fraud, or legal-process requests.

Every such access is recorded in an audit log: who, when, what, and why. Logs are retained for at least 12 months.

• View — every file is browsable in the brain workspace.
• Edit — talk to the brain or upload to update content. All writes are versioned.
• Delete — delete a brain, file, or your account at any time. Deletion is honored: data is soft-deleted (hidden immediately) and kept for up to 30 days, then permanently erased — files, embeddings, and storage objects.

Sharing is opt-in on both sides. The owner sends an invite with a role (viewer or editor), having to confirm in writing that the recipient's account will gain read access to the entire vault. The recipient sees a separate consent dialog and must explicitly accept before any data flows.

When you flag a bad answer (thumbs-down), we capture a snapshot of that exchange so we can diagnose bugs and fix specific use cases. Before anyone looks at that feedback, we automatically scrub personal identifiers from it. Redaction runs in two layers as the feedback is submitted: a pattern pass removes emails, phone numbers, payment-card numbers, national IDs, IP addresses, and obvious secrets/tokens; then a model pass removes free-form personal details it can catch, such as names and addresses.

Feedback is used only to troubleshoot problems and improve how the product works — not to train any model. By the time a person reviews it, the personal identifiers have already been stripped.

• We do not sell your data.
• We do not train shared models on the contents of your vaults.
• We do not show your data to advertisers or third-party trackers.

Questions, deletion requests, or audit-log requests: privacy@brain.example.