← Back to Entity OS

Privacy Policy

Last updated: April 28, 2026

What we collect

Entity OS is a purpose-aware intelligence layer. To do its job we collect three categories of data:

  • Account data — your email, name, and avatar URL (the latter two only when you sign in via Google or Microsoft).
  • Connector data — when you authorize a connector (Gmail, Calendar, etc.), we read messages, events, and metadata in the scopes you granted. We never write or send on your behalf without an explicit per-action approval.
  • Derived data — entities, relationships, goals, Decision Cards, and self-model facts the system infers from the above.

How we store it

All data is stored in MongoDB Atlas, encrypted at rest with AWS-managed keys. OAuth access + refresh tokens are additionally encrypted at the application layer with AES-256-GCM before they touch the database. Sessions are opaque cookie tokens stored as SHA-256 hashes; we cannot recover the raw token from our records.

Who we share it with

We share data with three classes of processors:

  • Anthropic — for LLM inference. Conversation content and self-model facts are sent to Anthropic's API to generate Decision Cards and chat replies. Anthropic does not train on this data (zero data retention via Vercel AI Gateway where applicable).
  • Stripe — for billing. Stripe sees your email, billing address, and card details (we never see card details).
  • Vercel + MongoDB Atlas — our hosting and database. They see encrypted data at rest plus request logs.

We do not sell, rent, or share your data with advertisers or data brokers. Ever.

Google API services user-data policy

Entity OS's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Gmail and Calendar data solely to power the user-facing intelligence features described in our product (Decision Cards, signal ingestion, agent recommendations). We do not use Google user data for advertising, train generalized AI models on it, or sell it.

Your controls

You can:

  • Export everything we have about you as NDJSON from /system/data-privacy.
  • Delete your account and every workspace-scoped record, irreversibly, from the same page.
  • Revoke any connector at any time — disconnecting a connector stops ingestion and we keep only the derived records you've already confirmed.

Retention

While your account is active, we keep all data indefinitely so the meta-agent can learn over time. When you delete your account, we hard-delete every workspace-scoped collection and your account record within minutes; backups are purged on the next 30-day rotation.

Cookies

Entity OS uses one strictly-necessary cookie: eos_session, an HTTP-only, Secure, SameSite=Lax token used to authenticate you across requests. We do not use analytics or advertising cookies.

Contact

Questions, concerns, or data subject requests: email privacy@liquiddocs.ai.