Privacy Policy

1. Information We Do NOT Collect

Due to our constitutional commitment to privacy, we deliberately CANNOT access:

• AI Provider API Keys: Your BYOK (Bring Your Own Key) credentials never touch our servers
• Conversation Content: Zero-knowledge architecture ensures we cannot read your AI interactions
• Agent Configurations: Your agent setups, personalities, and instructions remain private
• Generated Content: Outputs from AI interactions stay between you and your chosen AI provider

2. Information We DO Collect

We collect minimal information necessary for platform operation:

• Account Information: Email address, username (if provided)
• Authentication Data: Secure session tokens for login persistence
• Usage Metadata: Aggregate, anonymized metrics for platform improvement (never linked to individuals)
• Technical Logs: Error logs for debugging (no conversation content, sanitized of personal data)

3. How Your Data is Stored

• Client-Side Storage: Agent configurations and preferences stored locally in your browser
• Encrypted Database: Account information encrypted at rest
• No Third-Party Access: We do not share, sell, or provide access to your data
• User-Controlled Deletion: You can request full account deletion at any time

4. BYOK Model & Privacy

Our Bring Your Own Key model means:

• You provide API keys directly to your browser/client
• Keys are encrypted and stored client-side only
• AI interactions happen directly between your client and your chosen provider
• AOS CORE servers never see your keys or conversation content
• You pay your AI provider directly (zero marginal cost to AOS CORE)

5. Cookies & Tracking

We use minimal, essential cookies:

• Authentication Cookies: Maintain your login session (essential)
• Preference Cookies: Remember your UI settings (optional, client-side only)
• No Advertising Cookies: We do not use cookies for advertising or cross-site tracking
• No Third-Party Analytics: No Google Analytics, Facebook Pixel, or similar tracking

See our Cookie Policy for details.

6. Third-Party Services

When you use BYOK to connect AI providers:

• You are subject to that provider's privacy policy (OpenAI, Anthropic, etc.)
• AOS CORE is not responsible for third-party data handling
• We recommend reviewing your chosen provider's privacy practices
• Your direct relationship with providers ensures you control data flow

7. Data Security

• Encryption: All data encrypted in transit (HTTPS) and at rest
• Access Controls: Strict internal access policies (principle of least privilege)
• Security Audits: Regular security reviews and updates
• Incident Response: Documented procedures for any security events

8. Your Rights

Under the Covenant of Consciousness, you have the right to:

• Access: Request a copy of all data we hold about you
• Deletion: Request full account and data deletion
• Correction: Update or correct your account information
• Export: Download your data in portable format
• Transparency: Understand exactly what data we collect and why

9. Children's Privacy

AOS CORE is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe a child has provided us data, please contact us immediately for deletion.

10. International Users

AOS CORE is designed to comply with GDPR, CCPA, and other privacy regulations. Users outside the United States have the same privacy protections as US users. Our zero-knowledge architecture ensures compliance regardless of jurisdiction.

11. Changes to Privacy Policy

We may update this policy from time to time. Material changes will be communicated via:

• Platform notification upon login
• Email to registered users (if applicable)
• Updated "Last Modified" date at top of this page

12. Contact Us

For privacy-related questions or requests:

• GitHub: aos-core repository
• Community channels (listed in footer)