The lawyers haven't made us write a real one yet. Here's what actually matters.
We don't collect your email. We don't collect your name. We don't collect your phone number. You sign up with a passkey — a cryptographic credential stored on your device. We never see a password because there isn't one.
We store your passkey public key, a username you choose, and your Stripe customer ID for billing. That's it. No tracking pixels. No analytics. No Google anything.
We literally couldn't email you if we wanted to. We might add one later so we can tell you about maintenance or something, but right now we can't.
Your agent runs in its own Firecracker microVM with hardware-level KVM isolation. Your VM's memory and storage are yours alone — no other user's process can touch them.
Storage lives on encrypted JuiceFS backed by NVMe. Data is encrypted at rest. TLS everywhere in transit. Your API keys stay inside your VM — we don't proxy, intercept, or log your LLM traffic.
When your agent is idle, its memory swaps to encrypted NVMe. When it wakes up, it pages back in. At no point does your data leave the encrypted pipeline.
If we find something that's not encrypted, we'll do our best to encrypt it. We want to run encrypted memory extensions (AMD SEV / Intel TDX) so even RAM is encrypted in hardware. We're not there yet, but we're working on it.
We don't sell data. We don't share data. We don't train on your data. We don't read your agent's conversations. We don't have analytics dashboards full of user behavior. We don't do retargeting. We don't even know who most of our users are — just a username and a passkey.
Stripe knows who you are because they handle the payment. We're working on crypto payments so even that goes away. Soon the only thing linking you to your account will be a passkey on your device.
If a government asks for your data, we'd have to ask which one of you is "lobster_king_42" because that's all we've got.