Privacy Policy

MindGlue ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI memory layer platform, APIs, SDKs, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you register, we collect your name, email address, company name (optional), and a hashed version of your password. We never store passwords in plain text.

Usage & API Data

We collect API request logs (endpoints called, timestamps, response codes), usage metrics (memory counts, recall counts, storage usage), and rate-limiting data to operate and improve the Service.

Content & Memories

When you store memories via the API or connected data sources, we process and store the content you provide, including text, metadata, entities, and embeddings generated from your content. Memories are scoped to your namespace and never shared across accounts.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive financial information on our servers. We receive only transaction confirmations and subscription status from Stripe.

2. How We Use Your Data

• •Service delivery — Processing, storing, and retrieving your memories via our intelligence pipeline (classification, entity extraction, embedding, deduplication).
• •Billing & account management — Managing your subscription, enforcing plan limits, and processing payments through Stripe.
• •Support & communication — Responding to your inquiries, sending transactional emails (verification, password reset, payment notifications).
• •Service improvement — Analyzing aggregate, anonymized usage patterns to improve performance, reliability, and features.

3. Data Storage & Security

Your data is stored on managed infrastructure hosted in the United States:

• •Database — PostgreSQL with pgvector on Neon (managed, encrypted at rest, us-east-1).
• •Cache — Redis on Railway (in-memory, short-lived caching only).
• •Transport — All data transmitted over TLS (HTTPS). API keys are SHA-256 hashed before storage.
• •Optional encryption — Field-level Fernet encryption available for memory content at rest (configurable per deployment).

We implement namespace isolation to ensure strict multi-tenant separation. Your data is never accessible by other accounts.

4. Third-Party Services

We use the following third-party services to operate MindGlue:

• •Stripe — Payment processing and subscription management.
• •OpenAI / Anthropic — LLM providers for memory classification, entity extraction, and embedding generation. Content is sent to these providers for processing but is not stored by them for training purposes (per their enterprise data policies).
• •Resend — Transactional email delivery (verification, password reset, payment notifications).
• •Neon / Railway — Managed database and application hosting infrastructure.

5. Data Source Connectors

MindGlue offers optional connectors to external services (Salesforce, Notion, Slack, Google Drive, Zendesk, GitHub, Jira, Confluence, PostgreSQL). When you connect a data source:

• •You explicitly authorize the connection via OAuth2 or API credentials.
• •You choose which resources (channels, databases, repositories, etc.) to sync.
• •Synced content flows through our intelligence pipeline and is stored as memories in your namespace.
• •OAuth tokens are stored encrypted and used only for authorized sync operations.
• •You can disconnect any connector at any time, which stops future syncs. Previously synced memories remain unless you delete them.

6. Data Retention

• •TTL (Time-to-Live) — You can set expiration times on individual memories. Expired memories are automatically removed.
• •Importance decay — Memories that are never recalled gradually decrease in importance and may be garbage-collected.
• •GDPR-compliant deletion — Use the DELETE /memory endpoint or the Privacy section of your dashboard to delete memories by entity, ID, or date range.
• •Account deletion — Contact us at support@mindglue.ai to request full account and data deletion.

7. Your Rights

You have the right to:

• •Access — Export all your data via the GET /memory/export API or the dashboard Privacy section.
• •Rectification — Update your account information via the dashboard or API.
• •Erasure — Delete specific memories or request full account deletion.
• •Portability — Export your data in JSON format for use with other services.
• •Restriction — You can pause connectors or revoke API keys to restrict data processing.

For EU/EEA residents, these rights are provided under the General Data Protection Regulation (GDPR). To exercise any of these rights, contact us at legal@mindglue.ai.

8. Cookies & Local Storage

MindGlue uses browser localStorage to store your JWT authentication token and dashboard preferences. We do not use third-party tracking cookies, advertising pixels, or analytics scripts. No data is shared with advertising networks.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 30 days before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision.