Privacy Policy

What we collect

• Account data from OAuth providers (GitHub or Google): email, display name, and provider identifier, stored via Supabase Auth.
• Waitlist emails if you submit the landing-page form.
• Agent provenance data you write through the SDK: encrypted payloads, hashes, and metadata required for verification.
• Operational logs from hosted services (request metadata, health checks). API keys are hashed; raw keys are not stored after issuance.

How we use it

Data is used to operate the dev preview console, authenticate users, scope workspaces, and provide verifiable provenance. We do not sell personal data.

Third parties

Hosted infrastructure may include Supabase (database and auth), Railway (compute), Hedera testnet (anchoring), and IPFS/Pinata or Supabase Storage (encrypted payloads). Self-hosted deployments control their own data residency.

Contact

Privacy questions: access@memorasentinel.com. Security reports: see SECURITY.md.