Neostriatum

Privacy Policy

Operated by [LEGAL ENTITY] · Effective [EFFECTIVE DATE] · Contact [CONTACT EMAIL]

Draft — prepared to industry standard; not yet legal advice. This policy was drafted to align with GDPR, CCPA/CPRA, the Google API Services User Data Policy (including the Limited Use requirements), and Apple privacy expectations. It should receive review by a qualified attorney before Neostriatum is offered to the public. The drafter is not a lawyer.

1. Who this policy is for and what Neostriatum is

Neostriatum is a personal “second brain.” It builds a private, searchable index of knowledge you have already created or saved — your email, notes, slides, code, voice memos, screenshots, and similar — so you can find and connect it again across all of those places at once.

This Privacy Policy explains, accurately and specifically, what data Neostriatum holds, how it is processed, who processes it on our behalf, how long it is kept, and the rights you have over it. We collect the minimum needed to run the service and we do not sell your personal information.

By using Neostriatum you agree to the processing described here. If you do not agree, please do not use the service.

2. The most important thing: what your “brain” actually stores

Neostriatum gives each user a private “brain” — a database hosted on Fly.io (PostgreSQL with the pgvector extension). For each item you connect or capture, the brain stores a reference to it, not a copy of the original:

a text excerpt (the searchable text of the item, or its title/snippet),
a link or pointer back to the source (the message URI, file path, or source identifier),
a vector embedding — a numeric representation of the text used for semantic search (math derived from the text, not the text itself), and
metadata (which surface it came from, a capture date, and surface-specific fields).

Your original files, photos, and emails stay where they already live (in Gmail, on your Mac, in Drive, in GitHub, etc.). Neostriatum keeps a searchable reference to them, not a duplicate archive of the originals. This minimizes the personal data we hold.

For some media (screenshots/photos) the index may store on-device OCR text and labels, and — for items you flag for visual search — an image embedding. Image processing happens on your device where possible; see Section 6 for where AI embedding occurs.

3. Information we collect

3.1 Information you connect or capture (your brain content)

When you connect a source or capture a thought, we process the excerpts, source links, embeddings, and metadata described above, for the surfaces you choose to connect:

Surface	How it connects	Status
Email (Gmail)	Google OAuth, read-only	live / connectable
Code (GitHub)	GitHub OAuth	live / connectable
Slides / Drive (Google)	Google OAuth, read-only	connectable
Obsidian / Markdown notes	local file read on your Mac	live
Project files	local file read on your Mac	live
Voice notes	capture	live
Quick captures / saved thoughts	in-app capture	live
Apple Notes	local source on your Mac	available — not yet wired
ChatGPT export	local export file you provide	available — not yet wired
Apple Photos / screenshots	local source on your Mac	available — not yet wired

You choose which sources to connect. Connecting nothing means the brain holds nothing but your account record.

3.2 Account information

To provide a paid account we hold a verified email address (your identity anchor) and account status/plan. The planned sign-in method is a passwordless email magic-link / one-time code — we do not store a password, and we do not use a third-party social login as the identity provider.

Status note: account sign-in and per-user accounts are in active development and may not be live yet. Where a feature is not yet live, it is marked.

3.3 Information collected automatically

To operate and secure the service we process limited technical data: server and access logs (including IP address and request metadata), error/diagnostic logs, and basic usage events. If a crash reporter is enabled in the desktop app, it captures only stack traces, app version, and OS version — brain content is scrubbed from crash reports.

3.4 Payment information

If and when paid plans launch, payments are expected to be handled by Paddle acting as Merchant of Record (the legal seller). In that model you enter payment details directly with the payment provider; Neostriatum does not receive or store your full card number. We receive transaction status and limited metadata needed to manage your subscription.

Status note (depends on the parallel build): the payment processor and live billing are not yet in production. Until billing is live this section describes the intended model.

4. How we use your information (lawful bases)

We use your information only to provide and improve the user-facing features of Neostriatum:

To provide the service — index your connected sources, run semantic search, build the cross-surface entity/project graph, and return your own results to you. (GDPR basis: performance of contract.)
To secure the service — detect and prevent abuse, fraud, and unauthorized access; maintain logs and backups. (Legitimate interests.)
To communicate with you — transactional messages (sign-in links, receipts, security and policy notices). (Contract / legitimate interests.)
To improve the service — diagnose errors and improve features using aggregated, de-identified signals. We do not analyze the contents of your private brain to build advertising or marketing profiles. (Legitimate interests.)
To comply with law — meet obligations and respond to valid legal process. (Legal obligation.)

Where we rely on consent (e.g., an optional product email, or connecting a source), you may withdraw it at any time.

We do not use your data — including any data obtained through Google or GitHub — for advertising, ad targeting, or to build interest profiles. We do not sell your personal information.

5. Google user data — Limited Use disclosure

Neostriatum requests read-only access to Google data you choose to connect (for example, Gmail messages, Google Slides, and Google Drive files) solely to index them into your private brain and make them searchable to you.

Neostriatum’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, in line with the Limited Use requirements:

User-facing features only. We use Google user data only to provide and improve the prominent, user-facing features of Neostriatum (indexing, search, and the cross-surface graph) that you can see in the product.
No advertising. We do not use or transfer Google user data to serve advertisements of any kind, including personalized, retargeted, or interest-based advertising.
No selling or transfer. We do not sell Google user data and do not transfer it to data brokers, advertising platforms, or resellers. The only processing on our behalf is by the subprocessors in Section 6, strictly to provide the service to you.
No human reading, except narrowly. We do not allow humans to read your Google user data, except: (a) with your affirmative consent; (b) where necessary for security or abuse investigation; (c) where required by law; or (d) in aggregated, de-identified form for internal operations.

We do not use Google user data to determine creditworthiness or for lending purposes. If we use Gmail or other restricted scopes, we will complete and maintain the security assessments Google requires.

You can revoke Neostriatum’s access to your Google account at any time at myaccount.google.com/permissions, and you can disconnect any source from within Neostriatum.

6. Who processes your data on our behalf (subprocessors)

We do not sell your data. We use a small set of providers (“processors” under GDPR) contractually bound to process data only to provide the service to us:

Subprocessor	Purpose	Data involved
Fly.io	Application + database hosting (PostgreSQL/pgvector); storage encrypted at rest	Brain content, account records, logs
Voyage AI	Generates the vector embeddings that power semantic search	The text (and flagged images) being indexed
Paddle (planned)	Payment processing as Merchant of Record	Payment details (entered with Paddle) + subscription status
Email delivery (as applicable)	Sends sign-in links and transactional email	Email address + message content
Crash/error reporting (if enabled)	Diagnose app crashes	Stack traces + app/OS version; brain content scrubbed

We will maintain a current subprocessor list. Some providers are US-based; see Section 10.

7. Connecting and disconnecting third-party accounts

When you connect a source via OAuth (Google or GitHub), we receive an access grant token that lets Neostriatum read the data you authorized. OAuth tokens are encrypted at rest using AES-256-GCM, and the keys are stored as hosting-provider secrets, not in source code.

On your Mac, the desktop app stores its connection token for your brain in a local application-support configuration file on your device (and an offline “outbox” holds captures not yet synced). The app does not read or enumerate your macOS Keychain.

Status note: a future version of the desktop app is planned to move the app’s own token into the macOS Keychain (encrypted, app-scoped). Until that ships, the app token is stored in a local config file as described. This note will be removed when Keychain storage is live.

You may disconnect any source at any time, which revokes Neostriatum’s stored token for that source.

8. How long we keep your data (retention)

Data	Retention
Brain content (excerpts, links, embeddings, metadata)	While your account is active, or until you delete the item or account
Account record (email, plan, status)	Account duration + up to 30 days; a minimal deletion tombstone may be retained for compliance
OAuth / session tokens	Life of the connection/session; revoked on disconnect/sign-out
Server / access / error logs	Up to 90 days
Security / audit logs	Up to 1 year
Database backups	Rolling 7-day window
Aggregated, de-identified analytics	Up to 2 years

When you delete your account, we delete or de-identify your personal data within 30 days, except where law requires retention or a legal hold applies. Backups age out within the rolling window.

9. Your rights and choices

We honor data-subject rights regardless of where you live, with additional statutory rights under GDPR (EEA/UK/Switzerland) and CCPA/CPRA (California):

Access / Know — a copy of, and information about, the data we hold.
Portability / Export — your data in a portable, machine-readable format.
Rectification / Correction — correct inaccurate data.
Erasure / Deletion — delete your data, subject to legal-retention exceptions in Section 8.
Restriction / Objection — restrict or object to certain processing.
Withdraw consent — e.g., disconnect a source, or opt out of optional emails.
Non-discrimination — we will not discriminate for exercising these rights.
Complain — EEA/UK users may complain to their local data protection authority.

CCPA/CPRA — California

You have the right to know, delete, correct, opt out of sale/“sharing,” and non-discrimination. Neostriatum does not sell or “share” (for cross-context behavioral advertising) your personal information, so there is nothing to opt out of selling; we honor a “Do Not Sell or Share My Personal Information” request as a confirmation that we do not. Sensitive personal information is used only to provide the service and is not sold or shared.

How to exercise your rights

Email [CONTACT EMAIL] (or use in-app controls where available). We verify your request and respond within the timelines required by law (generally 30 days under GDPR; 45 days under CCPA, extendable as permitted), and tell you if any data is retained under a legal exception and why.

Status note (depends on the parallel build): in-app self-service export and self-service account deletion are being built. Until those are live, exercise your rights by emailing [CONTACT EMAIL] and we will fulfill the request manually. This note will be removed when the self-service endpoints are live.

10. International data transfers

Neostriatum is operated from, and processes data in, the United States, and some subprocessors are US-based. If you access from outside the US, your information will be transferred to and processed in the US. For EEA/UK/Swiss personal data we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), or another approved mechanism.

11. Security

Encryption in transit — TLS 1.2+ for all connections; HTTPS enforced.
Encryption at rest — database storage encrypted at rest (AES-256 at the storage layer); OAuth grant tokens additionally encrypted at the application layer with AES-256-GCM.
Access controls — least-privilege; secrets in the hosting provider’s secret store, never in source code.
Authentication — passwordless email sign-in (planned), bearer-token API access; planned per-device, revocable tokens.
Monitoring + secure development — code review for security-sensitive changes, dependency vulnerability scanning, access logging.

No system is perfectly secure. If you believe your account is compromised, contact us immediately at [CONTACT EMAIL].

12. Children’s privacy

Neostriatum is a professional tool for adults and is not directed to children under 16. We do not knowingly collect personal information from children; if we learn we have, we will delete it promptly.

13. Cookies and similar technologies

Any web surfaces use cookies only for essential purposes — maintaining your session and basic preferences. We do not use advertising or cross-site tracking cookies. You can refuse non-essential cookies in your browser; some features may not work without an essential session cookie.

14. Changes to this policy

We may update this policy. For material changes we will update the “Last Updated” date, post a notice in the product, and — where we hold your email — notify you in advance. Continued use after a change indicates acceptance; if you disagree you may stop using the service and request deletion under Section 9.

15. Contact

Neostriatum ([LEGAL ENTITY])
Email: [CONTACT EMAIL]
Website: neostriatum.ai
[ENTITY ADDRESS] (optional)