01
A vault for the sensitive
Private records live in the vault — outside the agent’s auto-context. It’s an architectural boundary, not a checkbox.
The system knows a lot about you — which is exactly why it’s built so that this knowledge belongs to you alone.
01
Private records live in the vault — outside the agent’s auto-context. It’s an architectural boundary, not a checkbox.
02
Every record is isolated at the database level by access rules. Integration tokens are encrypted, sign-in uses MFA.
03
All your data — tables and files — downloads as a single ZIP in open formats. No requests, no waiting.
04
No ad trackers and no cookie banners — on the site or in the product. Anonymous analytics without personal data.
05
The product doesn’t monetise attention and doesn’t sell data — by design, it has no reason to.
What the mind sees
What it never sees
The vault isn’t a setting — it’s an architectural boundary: private data technically never enters the agent’s context.
Technically, without bragging
Row-level isolation in Postgres (RLS) on every table. Keys and tokens live server-side only, encrypted with AES-GCM. Access is by personal invitation. The agent works through MCP tools with explicit boundaries: every record it writes is signed and visible in the log.