
Privacy Policy
Architectural Privacy — Your Container, Your Keys
Effective Date: June 13, 2026 • Last Updated: June 2026
This Privacy Policy describes how Privatae LLC (“Privatae,” “we,” “us,” or “our”) collects, processes, and protects information when you use the Privatae platform. It should be read together with the Privatae Terms of Service.
Privatae LLC is a Wyoming limited liability company. For privacy inquiries, contact privacy@privatae.ai.
Privatae is a networking and sovereign-compute company, not an artificial-intelligence company. We give you an isolated container that you control. Your conversations, your AI Host’s memory, your files, and the data your applications hold all live inside that container. The Platform is built so that Privatae has no human-readable path to the contents of your container — this is enforced by architecture, not by a policy promise.
Privatae cannot read your conversations. Not because we promise not to — because the system is built so that we cannot.
We also do not build or train AI models on your data, and we do not generate content. When your Host produces an answer, the output is generated by a third-party model provider that we route to; we describe that in Section 5.
When you create an account, we collect your name and email address, authentication identifiers (managed via OAuth providers — we do not store passwords), and your account preferences. This is held in the Privatae account system and is used for account management, billing, support, and service communications.
When you subscribe or add funds to your wallet, we record payment-method identifiers (via our payment processor, Stripe), your balance and transaction history, and metered usage volumes (for example, token counts per session for inference metering). This ledger records how much was used — never the content of what you did.
For security and platform operation we collect IP addresses and approximate geolocation, device and browser information, session timestamps, authentication events, and CEIGAS permission audit records.
Your container’s outbound network access is governed and default-denied, and connection attempts are audited (destination and outcome — metadata, not payload contents). If you connect or delegate a domain, we process the domain name, DNS records, and ownership- verification tokens needed to operate authoritative DNS and issue TLS certificates. DNS records are, by their nature, publicly visible.
The following are generated and processed exclusively inside your container, and Privatae does not collect or access them:
• Conversation content and the messages exchanged with your Host;
• Your Host’s memories, configuration, and personality settings;
• Files, code, and applications you create; and
• Data your applications store inside your container.
There is no human review of your conversations, no manual QA on Host responses, and no human-in-the-loop for memory formation. This data stays in your container.
If you install the Privatae Browser Tether extension and pair it with your Host, the following may be processed to serve features you invoke:
• Web page content — in passive mode, the extension fetches pages on your Host’s behalf using your browser session; page text, title, and URL are sent to your Privatae container for your Host to process. Fetched URLs are logged in your Host’s activity record.
• Screenshots and page structure — in interactive mode, the extension may capture screenshots of your active tab and extract element positions and labels so your Host can guide you through on-screen tasks.
• Chat messages — messages exchanged through the floating chat interface are sent to your Privatae container.
• Local pairing configuration — stored locally in your browser; it leaves your device only to authenticate the connection to your Privatae container.
The Browser Tether communicates only with your Privatae container. No browsing data is sent to any third party. You choose which mode is active and may disconnect at any time.
Data category |
Purpose |
Who processes it |
Account info |
Account management, billing, support, communications |
Privatae (limited human access for support) |
Billing / wallet |
Subscription and usage metering, payment |
Platform ledger + payment processor (automated, auditable) |
Technical / security |
Security, fraud prevention, reliability |
Automated systems; security team for incidents only |
Network / domain |
Governed egress, DNS, TLS, hosting |
Automated systems; connection metadata audited |
Container contents |
Operating your Host and applications |
Your container only (zero human access) |
Each container is cryptographically isolated, with its own identity and mutual-TLS credentials. Your container’s data is inaccessible to other containers, other tenants, and Privatae personnel. Containers cannot move laterally to one another; isolation is enforced at every access point by the CEIGAS permission system and by default-deny network policy.
Outbound network access from your container is default-denied. Only governed paths — such as DNS, inference routing, and platform control signals — are permitted, and connection attempts are audited. This protects you and the Platform from exfiltration and abuse alike.
The Platform deliberately does not include:
• An admin panel that displays the contents of user containers;
• A bulk export of user conversations, memories, or files;
• A support tool that reads your Host’s memory;
• A logging system that captures conversation content in human-readable form; or
• Any mechanism by which a Privatae employee could read or audit the contents of your container.
The absence of these capabilities is an intentional, structural design constraint.
Privatae does not generate model output and does not host its own foundation models for your use. When your Host needs to run inference, the Platform routes the request to a third-party model provider — or, if you supply your own provider key, directly to that provider. We route, shape, govern, and meter these requests; the provider produces the output.
A provider receives only the specific request context your Host sends to fulfill the task — not your full memory store, your configuration, or your account identity. Providers are treated as stateless commodity infrastructure that process a request and return a result. The specific providers and models may change at any time as we evaluate performance, cost, and availability. No provider holds a persistent relationship with your container. Privatae does not use any of this to train models, and does not sell it.
When you host a web application or attach a domain, Privatae provides the underlying infrastructure: authoritative DNS for delegated domains, TLS certificates, and serving. DNS records and the content you publish are, by design, visible on the open web.
As between you and Privatae, you are the operator and data controller for the sites and applications you run, including for any personal data you collect from your own visitors or end users. You are responsible for your own privacy disclosures and legal compliance toward those visitors. Privatae acts as infrastructure for what you host and does not independently use your visitors’ data.
Privatae does not sell, rent, lease, license, or trade your personal data or container contents to any third party. This prohibition is absolute.
Privatae does not use your conversations, memories, content, or behavioral data to train any model — ours or anyone else’s — and operates no training or contribution pipeline. There is nothing to opt into and nothing to withdraw from.
We share data only in these circumstances:
Payment processors. We share billing information (not container contents) with our payment processor (Stripe) to take payment.
Model providers. As described in Section 5, inference requests are routed to third-party model providers to produce output.
Infrastructure providers. The Platform runs on hosting and storage infrastructure (for example, our data- center and storage providers). These providers host the environment but do not have access to the contents of your container; data is encrypted in transit and at rest.
Legal requirements. We may disclose account information (not container contents, which we cannot access) if required by valid legal process. We will notify you unless prohibited by law, and will challenge overbroad requests.
Platform data is stored on infrastructure Privatae operates across redundant locations, with encrypted backups. Inference is performed by third-party providers and is not self-hosted.
Data is encrypted in transit (TLS) and at rest. Communication between platform components is carried over mutually authenticated, encrypted tunnels (mTLS and WireGuard). Container data is additionally scoped by CEIGAS cryptographic permissions.
The Platform runs with backup and standby infrastructure designed to preserve container state continuity.
We use essential cookies for authentication and session management only. We do not use third-party advertising trackers, behavioral advertising, retargeting pixels, or any technology that reports your activity to external parties. Any analytics we keep are aggregate and do not identify individual users or expose container contents.
Regardless of jurisdiction, Privatae extends the following rights to all users:
Access. You may request an inventory of the personal data we hold about you. Container contents are exported through your own container, not through a human-operated process.
Correction. You may correct your account information at any time. Your Host’s memories can be edited or deleted from inside your container.
Deletion. You may delete your account and associated data at any time; deletion is processed promptly (see Section 12).
Export. You may export your personal data and container contents in a machine-readable format.
Consent withdrawal. You may withdraw consent for any optional processing at any time, without affecting the lawfulness of processing done before withdrawal.
To exercise these rights, contact privacy@privatae.ai or use the controls in your account settings.
If you are in the EU or EEA, you additionally have the right to restrict or object to processing, to data portability, and to lodge a complaint with your local data protection authority. Our lawful bases are contract performance (operating the Platform for you), legitimate interest (security and reliability), and consent (any optional processing).
If you are a California resident, you have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information.
The Platform is not directed to individuals under 18, and we do not knowingly collect personal information from children. No individual under 18 may create an account or use the Platform. See Terms of Service Section 2 for the full eligibility policy.
Active subscription. Your data is retained in your container with full access while your subscription is active, and you may export it at any time.
Hibernation. If your subscription is cancelled or lapses, your container is hibernated — it stops running but your data is preserved for ninety (90) days, during which you may reactivate to restore access or export your data.
Permanent deletion. After the 90-day period, container data is permanently and irreversibly deleted unless you have exported it. If you actively delete your account, your data is permanently deleted promptly. Throughout, Privatae does not access the contents of your container — isolation is architectural, not policy-based.
Financial records. Billing and transaction records are retained as required for tax and accounting compliance (generally seven years).
Audit logs. CEIGAS permission and connection audit logs are retained per the security configuration applicable to your account and removed on account deletion.
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated at least thirty (30) days before they take effect, via email and prominent in-Platform notice. Your continued use after the effective date constitutes acceptance. Previous versions are archived and available on request.
For privacy inquiries: privacy@privatae.ai
For security concerns: security@privatae.ai
For general questions: legal@privatae.ai
Privatae LLC
A Wyoming limited liability company
— End of Privacy Policy —