Legal
Privacy Policy
Last updated: 2 July 2026 · Mimesis is in early beta.
Mimesis exists so your AI's memory of you belongs to you. This policy explains what we collect, how we use it, and the control you keep. In short: your memory is yours, retrieval runs locally, and we never sell your data or use the contents of your memories to train outside models.
What we collect
- Account details — your username and email, and a one-way hash of your password (never the password itself).
- Your content — the memories, profile facts, and agent personas you add or approve. This is stored in your own per-user store.
- Usage records — an audit log of actions on your account (what was added, approved, or deleted) so changes stay traceable.
- Billing — if you subscribe, Stripe processes your payment. We store your plan and Stripe identifiers, not your card details.
- Basic technical data — things like your IP address for rate-limiting and abuse prevention.
How we use it
To run the Service: store your memory, compile the context you ask for, keep your account secure, and handle billing and support. Retrieval runs locally and deterministically — your memories are not shipped to an external model or embedding service to compile your context.
What we don't do
- We don't sell your data or share it with advertisers.
- We don't use the contents of your memories to train external AI models.
- We don't read your memory contents to operate the Service beyond what's needed to store and return them to you. (Aggregate, non-content metrics — like counts and storage size — help us run the service.)
Cookies and local storage
We use your browser's local storage to hold your session token so you stay signed in. We don't use third-party advertising or tracking cookies.
Who we share with
Only the providers needed to run Mimesis: Stripe for payments, and the hosting/infrastructure that runs the Service. We may disclose information if legally required. Otherwise, your data stays with us.
Security
Passwords are stored only as salted hashes. Each owner's memory lives in a separate store, with no shared pool and no cross-tenant access. Obvious secrets (API keys, passwords) are refused before they can be saved. No system is perfect, but data ownership and isolation are core to the design.
Your rights and control
You can read everything in your memory, edit or delete any part of it, and export all of it as clean files at any time. Deletes are honored and remain auditable rather than silently resurrected. Delete your account and your data goes with it.
Data retention
We keep your data while your account is active. When you delete content or your account, it is removed from active use; limited audit records may persist to keep changes traceable and to meet legal or security needs.
Children
Mimesis isn't intended for children under 13 (or the minimum age in your country). Please don't use it if you're under that age.
Changes
We'll update this policy as the Service grows and note the date above. Material changes will be communicated where appropriate.
Contact
Questions about your privacy? Reach us through the contact page once you're signed in.