Privacy policy
We collect what we need to run MagnusAI, and not a byte more. Plain English summary up top, formal sections below.
Plain English
- We do not sell your data. Ever.
- The central brain learns patterns, not user data. Payloads are scoped to {accountId, kind, ref_ids} — no PII (no email, phone, raw audio, raw chat content).
- Audit log is local + cloud, queryable by you only.
- Tap kill-my-data and we hard-purge your account within 7 days.
- Cred + subscriptions are processed by Stripe (PCI-compliant).
1. Data we collect
- Identity: MagnusID sub, email, optional display name, optional date of birth (V1-F2).
- Conversations: chat history scoped to your account.
- Tool invocations: app_id, capability_name, sanitized inputs / outputs, latency, cost.
- Consent grants: per-permission granted / cap / window.
- Voiceprint: a hashed embedding (not raw audio). Stored only if you enroll for voice-auth (V1-F6).
- Audit log: every action MagnusAI takes on your behalf (V1-F5).
2. How we use it
To execute the actions you ask MagnusAI to take, to enforce your consent grants, to log your audit trail, and to bill you for paid tiers. That's the entire list.
3. Sharing
We do not sell or share your data with marketers. We share with Stripe (billing), connected providers you authorize (Google, Apple, etc.), and law enforcement only on valid legal process.
4. Brain emission policy (Lane C operator directive)
MagnusAI emits operational events to the central brain. These payloads are scoped to {accountId, kind, ref_ids} ONLY — never PII, never raw chat, never raw audio. The brain learns ecosystem patterns, not your data.
5. Retention
Audit log: indefinite while account is active. Conversations: indefinite while active. Voiceprint: until you re-enroll or delete. All of this is purged within 7 days of kill-my-data.
6. Your rights
GDPR / CCPA / VCDPA: access, correct, delete. Self-serve via /app.
7. Contact
privacy@magnusai.com (placeholder pending production wire).
Last updated: April 2026. Draft v1 — pending legal review.