Privacy Policy

Last updated: May 1, 2025 · ÆGIS Memory Intelligence Platform

This privacy policy explains how ÆGIS ("we", "our", "the platform") collects, uses, and protects your data when you use our memory intelligence service at aegisintel.up.railway.app.

    Short version: We store your conversations so you can search and query them. We send text excerpts to AI providers to generate answers. We never sell your data. You can delete everything at any time.
  

1. What we collect

When you use ÆGIS, we collect and store:

Conversation content — text from AI conversations and social media chats you import via the browser extension or file upload
Metadata — titles, timestamps, source platform, folder assignments
Account data — username, hashed password, email (if provided), subscription status
API keys — your ÆGIS API key for extension authentication (stored securely, never logged)
Usage data — word counts for billing purposes

We do not collect: browsing history, screen recordings, keystrokes, or any data outside of what you explicitly import.

2. How we use your data

Storage and retrieval — your conversations are stored in a PostgreSQL database hosted on Railway (EU region) so you can access them
Semantic search — we generate vector embeddings of your conversations to enable similarity search. These embeddings are stored alongside your content
AI queries — when you use Ask Memory or Dream Builder, excerpts of your conversations are sent to AI providers to generate answers (see Section 3)
Billing — word counts are tracked to enforce plan limits

3. AI providers — third party data processors

ÆGIS uses multiple AI providers to generate answers to your questions. When you ask a question, relevant excerpts from your saved conversations (up to ~4,000 words) are sent to one or more of these providers:

Anthropic (Claude)

Used for: Fast, Smart, Ultra modes
Data location: United States
Retention: Not used for training
Privacy policy →

OpenAI (GPT)

Used for: Fallback, embeddings
Data location: United States
Retention: 30 days (API)
Privacy policy →

Groq (Llama)

Used for: Free fallback (Llama 3.3)
Data location: United States
Retention: Not used for training
Privacy policy →

xAI (Grok)

Used for: Optional fallback
Data location: United States
Retention: Per xAI terms
Privacy policy →

DeepSeek

Used for: Primary fast model
Data location: China ⚠
Retention: Per DeepSeek terms
Privacy policy →

⚠ DeepSeek note: DeepSeek is operated by a Chinese company. If you are in the EU and have concerns about data being processed outside the EEA, you can disable DeepSeek by removing the DEEPSEEK_API_KEY from your configuration, or contact us to use only EU/US providers.

We only send the minimum necessary context to answer your question. We do not send your full conversation history — only excerpts most relevant to your query (typically 3–5 conversations, ~800 words each).

4. Data storage and security

Hosting: Railway (Frankfurt, EU region by default)
Database: PostgreSQL with encrypted connections
Passwords: Hashed using bcrypt, never stored in plaintext
API keys: Stored in Railway environment variables, not in code or database
Backups: Railway automated daily backups
Access: Only you can access your conversations via authenticated session or API key

5. Your rights (GDPR)

If you are in the European Economic Area, you have the following rights:

Access — request a copy of all data we hold about you
Deletion — delete your account and all associated data at any time via Settings → Delete Account. Full deletion within 30 days.
Export — export all your conversations as ZIP/JSON at any time via Dashboard → Export
Portability — your data is exported in open formats (JSON, Markdown)
Correction — update your account information via Settings
Objection — you can opt out of AI processing by not using Ask Memory or Dream Builder features

    Legal basis for processing (GDPR Article 6): We process your data on the basis of contract performance (Article 6(1)(b)) — processing is necessary to provide the service you signed up for. For AI provider data transfers, we rely on Standard Contractual Clauses (SCCs) where applicable.
  

6. Data retention

Conversations: Retained until you delete them or close your account
Account data: Retained until account deletion
Server logs: 7 days (Railway default)
Inactive accounts: We may delete accounts inactive for more than 24 months with 30 days notice

7. Cookies and tracking

ÆGIS uses a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics. No data is shared with advertisers.

8. Children

ÆGIS is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it immediately.

9. Changes to this policy

We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. Continued use of ÆGIS after the effective date constitutes acceptance.

10. Contact

For privacy inquiries, data requests, or to exercise your GDPR rights:

Email: privacy@aegisintel.app
Platform: aegisintel.up.railway.app

We aim to respond to all privacy requests within 72 hours.