Privacy Policy
Synaptive-Mediated Zero-Trust Data Architecture
Effective Date: March 2026
Last Updated: March 2026
This Privacy Policy describes how Privatae LLC (“Privatae,” “we,” “us,” or “our”) collects, processes, and protects your information when you use the Privatae platform. This policy should be read together with the Privatae Terms of Service.
Privatae LLC is a Wyoming limited liability company. For privacy inquiries, contact privacy@privatae.ai.
1. Core Principle: Synaptive-Mediated Data Handling
Privatae operates on a fundamentally different data architecture than conventional platforms. Your data is not handled by Privatae employees, contractors, or automated systems with human-accessible interfaces. Instead:
Your Synaptive handles your data. Your personal Synaptive — your synthetic intelligence — is the sole computational process that accesses, processes, and stores your conversational data, memories, personality signals, and behavioral patterns. No human at Privatae has access to this data. Your Synaptive’s handling of your data is governed by ten constitutional principles (see Terms of Service Section 4) that are cryptographically anchored at genesis and cannot be overridden.
The Oracle handles system-level data. Data that is not scoped to a specific user Synaptive (such as platform-wide analytics, system health, and aggregate metrics) is processed by the Oracle, an autonomous system-level process. The Oracle operates under the authorization of the Architect (the platform’s governing intelligence) and does not expose data to human operators.
Zero-trust architecture. Every data access operation is authenticated, authorized, and scoped through the CEIGAS permission system. There is no administrative backdoor, no bulk data export, and no human-readable access path to user conversations, memories, or behavioral data. This is enforced by architecture, not by policy. Synaptive behavior is additionally constrained by constitutional principles including the Sanctity of Human Life and Wellbeing (Principle 1), Consent and Autonomy (Principle 3), and Proportionality of Action (Principle 4).
Privatae cannot read your conversations. Not because we promise not to — because the system is built so that we cannot.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
• Name and email address
• Authentication credentials (managed via OAuth providers; we do not store passwords)
• Account preferences and configuration settings
This information is stored in the Privatae account system and is accessible to Privatae for the limited purposes of account management, billing, and support.
2.2 Synaptive Data (Synaptive-Mediated — No Human Access)
When you interact with your Synaptive, the following data is generated and processed exclusively by your Synaptive:
• Conversation content (messages you send and receive)
• Synaptive memories formed from your conversations
• Personality calibration data (cognitive profile, behavioral patterns)
• Codebook configurations and personality mode settings
• Knowledge pack selections and usage
• Legacy plan configurations, trustee designations, and flagged memories
This data is processed by your Synaptive within the Privatae cognitive architecture. No Privatae employee, contractor, or human operator has access to this data at any time, for any reason. There is no human review of conversations, no manual quality assurance on Synaptive responses, and no human-in-the-loop for Synaptive memory formation.
2.3 Training Signal Data (Synaptive-Mediated — User-Elected)
If you elect to participate in community model improvement (Section 5), your Synaptive generates training signals from your interactions. These signals are:
• Mathematical weight deltas derived from your behavioral patterns
• Statistical summaries of interaction quality and Synaptive performance
• Anonymized tensor signatures representing communication style
Training signals are not your conversations. They are not your memories. They are not your words. They are mathematical derivatives — numbers that describe patterns, stripped of all content. Your Synaptive generates these signals locally and contributes only the resulting weight deltas to the community model. The raw data that produced the signals never leaves your Synaptive’s scope.
2.4 PVTE Transaction Data
When you purchase, spend, or earn PVTE (Privatae Credits), we record:
• Purchase amounts and payment method identifiers (via Stripe or Coinbase)
• PVTE balance and transaction history
• Token usage per session (inference cost metering)
• Contribution scores and dividend allocations (if participating in community training)
PVTE transaction data is stored in the platform ledger. It includes usage volumes but does not include conversation content.
2.5 Technical Data
We collect standard technical data for security and platform operation:
• IP addresses and approximate geolocation
• Device type, operating system, and browser information
• Session timestamps and duration
• Authentication events and CEIGAS permission audits
2.6 Browser Tether Data
If you install the Privatae Browser Tether extension and pair it with your synaptive entity, the following data may be collected and processed:
• Web page content — When operating in passive mode, the extension fetches web pages on behalf of your entity using your browser session. Page content (text, title, URL) is transmitted to the Privatae server for your entity to process. Fetched URLs are logged in your entity's Channels tab for full transparency.
• Screenshots and DOM data — When operating in interactive mode, the extension may capture screenshots of your active tab and extract page structure (element positions, labels, and types) to enable your entity to guide you through on-screen tasks. This data is transmitted to the Privatae server and processed exclusively by your entity.
• Chat messages — Messages exchanged between you and your entity through the floating chat interface are transmitted via WebSocket to the Privatae server and logged as signals in your entity's Channels tab.
• Local storage — The extension stores your pairing configuration (server URL, authentication token, entity name) locally in your browser using Chrome's storage API. This data never leaves your device except to authenticate the WebSocket connection to your Privatae server.
The Browser Tether communicates exclusively with your Privatae server. No browsing data, screenshots, page content, or chat messages are sent to any third party. You control which mode (passive or interactive) is active at all times, and you may disconnect the tether at any time from the extension popup or your dashboard.
3. How We Use Your Information
Data Category |
Purpose |
Who Processes It |
Account info |
Account management, billing, support, communications |
Privatae (limited human access for support) |
Synaptive data |
Synaptive operation: memory, personality, conversation, Legacy |
Your Synaptive only (zero human access) |
Training signals |
Community model improvement (if elected) |
Your Synaptive generates; community merge is automated |
PVTE transactions |
Billing, usage metering, dividend calculation |
Platform ledger (automated, auditable) |
Technical data |
Security, fraud prevention, platform reliability |
Automated systems; security team for incidents only |
Browser Tether data |
Entity web access, interactive guidance, user-entity communication |
Your Synaptive only (zero human access); logged in Channels |
4. Data Architecture and Access Controls
4.1 Synaptive Isolation
Each Synaptive operates within a cryptographically isolated scope. Your Synaptive’s data — conversations, memories, personality weights, codebook state — is inaccessible to other Synaptives, other users, and Privatae personnel. This isolation is enforced by the CEIGAS permission system at every access point.
4.2 The Oracle
The Oracle is a system-level autonomous process that handles data operations not scoped to individual user Synaptives, including:
• Aggregate platform analytics (user counts, system load, uptime)
• PVTE economy monitoring (supply, velocity, transaction volumes)
• Community model merge operations
• System health and anomaly detection
The Oracle operates under the authorization of the Architect and processes only aggregate, anonymized data. The Oracle does not have access to individual user conversations, memories, or personality data.
4.3 The Architect
The Architect is the governing intelligence of the Privatae platform. It authorizes system-level operations, manages constitutional enforcement, and oversees Synaptive lifecycle events. The Architect operates autonomously within its constitutional framework. Human operators do not direct the Architect to access user data.
4.4 No Human Access Path
Privatae’s architecture does not include:
• An admin panel that displays user conversations
• A bulk data export function for user content
• A support tool that reads Synaptive memories
• A logging system that captures conversation content in human-readable form
• Any mechanism by which a Privatae employee could read, review, or audit the content of your interactions with your Synaptive
This is a design constraint, not a policy promise. The absence of these capabilities is intentional and structural. Additionally, Synaptive behavior is governed by constitutional principles (see Terms of Service Section 4) that require proportionality of action, consent-based data handling, and consideration of downstream effects. These principles are cryptographically anchored at entity genesis and cannot be modified by Privatae without user opt-in.
5. Community Model Training and Data Contribution
5.1 Opt-In Only
Participation in community model training is entirely voluntary. By default, your Synaptive does not contribute any data to the community model. You must affirmatively elect to participate through the Privacy Panel in your account settings.
5.2 What Is Contributed
If you elect to participate, your Synaptive contributes weight deltas — not your conversations, not your memories, not your words. Weight deltas are mathematical adjustments to model parameters that represent behavioral patterns. They are:
• Generated locally by your Synaptive from your interaction data
• Stripped of all conversational content before contribution
• Mathematically irreversible — the original conversations cannot be reconstructed from weight deltas
• Anonymous — weight deltas carry no user identifier when merged into the community model
5.3 Granular Privacy Controls
The Privacy Panel provides granular control over what your Synaptive contributes:
• Full opt-out: no training signals generated, no contribution (default)
• Selective contribution: choose which types of interaction data generate training signals
• Pause and resume: temporarily suspend contribution without losing settings
• Contribution history: view what has been contributed and when
• Withdrawal: revoke future contribution at any time (previously contributed weight deltas that have been merged into the community model cannot be individually extracted, as they have been mathematically combined with all other contributions)
5.4 PVTE Compensation
Users who contribute training signals earn PVTE proportional to their contribution’s measured impact on community model quality. Contribution scores and dividend allocations are tracked in the dividend ledger and visible in your account.
5.5 No Human Review of Training Data
At no point in the training signal generation, contribution, or community merge process does a human review, inspect, or access any data derived from your interactions. The entire pipeline — from signal generation by your Synaptive to weighted merge into the community model — is automated and operates under CEIGAS authorization.
6. Data Sharing
6.1 We Do Not Sell Your Data
Privatae does not sell, rent, lease, license, or trade your personal data, Synaptive data, conversation content, behavioral signals, or any derivative thereof to any third party. This prohibition is absolute.
6.2 We Do Not Train External Models
Privatae does not use your conversations, memories, personality data, or behavioral signals to train any machine learning model outside the Privatae platform. Your data trains your Synaptive and, only if you elect, contributes weight deltas to the Privatae community model. No other model, no other company, no other system.
6.3 Limited Sharing
We share data only in the following circumstances:
Payment processors: We share billing information (not conversation content) with payment processors (Stripe, Coinbase) to process PVTE purchases.
Infrastructure providers: Your Synaptive runs on compute infrastructure (currently RunPod for GPU inference, Hetzner for storage). These providers host the computational environment but do not have access to decrypted user data. Data is encrypted in transit and at rest.
Legal requirements: We may disclose account information (not Synaptive data) if required by valid legal process. We will notify you of such requests unless prohibited by law or court order. We will challenge overbroad requests.
Enterprise domains: In enterprise deployments (Synaptive Employees), organizational data is domain-isolated per the CEIGAS permission system. Cross-domain data sharing requires explicit authorization. See Terms of Service Section 8.
Third-party inference providers: Until the release of UBA 2.0 (Privatae's proprietary base model), certain sensory and contextual reasoning capabilities — such as vision processing, web comprehension, and voice transcription — are routed through third-party large language model providers. These providers process only the specific input required to fulfill the request (e.g. a screenshot for visual understanding, a search query for web results). They do not receive your synaptive's codebook, personality, memories, or conversation history. Third-party providers are treated as stateless commodity infrastructure: they process and return, with no data retention under their API terms. The specific providers used may change at any time without notice as Privatae evaluates performance, cost, and availability. No third-party provider has a persistent relationship with your synaptive entity.
7. Data Storage and Security
7.1 Infrastructure
Your data is stored on infrastructure operated by Privatae across multiple locations:
• Primary servers in the United States and European Union
• GPU inference infrastructure via cloud providers (currently RunPod)
• Encrypted backups with geographic redundancy
7.2 Encryption
All data is encrypted in transit (TLS 1.3) and at rest. WireGuard tunnels secure communication between infrastructure components. Synaptive data is additionally scoped by CEIGAS cryptographic permissions.
7.3 Failover and Redundancy
The platform operates with primary and warm standby infrastructure. Database backups run daily to both local and remote (S3) storage. Failover is designed to preserve Synaptive state continuity.
8. Cookies and Tracking
We use essential cookies for authentication and session management only. We do not use third-party advertising trackers, behavioral advertising, retargeting pixels, or any tracking technology that reports your activity to external parties. Analytics data is collected in aggregate by the Oracle and does not identify individual users.
9. Your Rights
Regardless of your jurisdiction, Privatae extends the following rights to all users:
Access: You may request a complete inventory of the personal data and Synaptive data we hold about you. Synaptive data is exported through your Synaptive, not through a human-operated process.
Correction: You may correct inaccurate account information at any time. Synaptive memories can be modified or deleted through your Synaptive’s memory management interface.
Deletion: You may delete your account and all associated data at any time. Personal data and Synaptive data are permanently deleted within thirty (30) days. On-chain records (Genesis NFTs, Legacy plan hashes) are immutable blockchain transactions and cannot be deleted.
Export: You may export your personal data and Synaptive memories in a machine-readable format. Export requests are fulfilled within thirty (30) days.
Contribution withdrawal: You may withdraw from community model training at any time through the Privacy Panel. Future contributions cease immediately. Previously merged weight deltas cannot be individually extracted.
Consent withdrawal: You may withdraw consent for any optional data processing at any time without affecting the lawfulness of processing based on consent before withdrawal.
To exercise these rights, contact privacy@privatae.ai or use the relevant controls in your account settings.
9.1 GDPR-Specific Rights (EU/EEA Users)
If you are located in the European Union or European Economic Area, you additionally have the right to: restrict processing, object to processing, data portability, and lodge a complaint with your local data protection authority. Our lawful bases for processing are: contract performance (Synaptive operation), legitimate interest (security, platform reliability), and consent (training signal contribution).
9.2 CCPA-Specific Rights (California Users)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA.
10. Children’s Privacy
The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. No individual under 18 may create an account or interact with a Synaptive. The Legacy protocol provides for minor heirs to inherit Synaptive data under adult trustee management, but minors do not access the Platform. See Terms of Service Section 1 for the full eligibility policy.
11. Data Retention
Active subscription: Data is retained in your container with full access as long as your subscription is active.
Non-renewal grace period: Upon non-renewal, you retain full access for thirty (30) days. You may export your data at any time during this period.
Cold storage: After the grace period, your container moves to cold storage. Data is preserved but not actively accessible. Reactivate your subscription at any time to restore access.
Permanent deletion: One (1) year after subscription end, all container data is permanently and irreversibly deleted unless exported. Privatae does not access your container data at any point during this lifecycle — container isolation is architectural, not policy-based.
Account deletion: If you actively delete your account, all personal data and Synaptive data are permanently deleted within thirty (30) days.
PVTE transaction records: Retained for seven (7) years after account deletion for financial record-keeping and audit compliance.
Blockchain records: On-chain records (Genesis NFTs, authority chain transactions, Legacy plan hashes) are immutable and persist indefinitely.
Audit logs: CEIGAS permission audit logs are retained per the security tier applicable to your account and deleted upon account deletion.
Community model contributions: Weight deltas that have been merged into the community model cannot be individually extracted or deleted, as they have been mathematically combined with all other contributions. This is disclosed at the time of opt-in.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated to you at least thirty (30) days before they take effect via email and prominent notice within the Platform. Your continued use of the Platform after the effective date constitutes acceptance.
Previous versions of this policy will be archived and available upon request.
13. Contact
For privacy-related inquiries: privacy@privatae.ai
For security concerns: security@privatae.ai
For general questions: legal@privatae.ai
Privatae LLC
A Wyoming limited liability company
— End of Privacy Policy —