Privacy Policy

Last Updated: January 12, 2025

1. Information We Collect

Alembic collects the following types of information:

• Account Information: Email, name, organization (optional)
• Usage Data: Queries submitted, fortresses built, session timestamps
• Technical Data: IP addresses, browser type, device information
• Financial Data: We do NOT collect wallet private keys, passwords, or custody information

2. How We Use Your Information

We use collected information to:

• Provide and improve AI reasoning services
• Generate reasoning ledgers and audit trails
• Analyze usage patterns to enhance user experience
• Communicate service updates and security alerts
• Comply with legal obligations

3. Data Security

Alembic implements industry-standard security measures:

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• SOC 2 Type II audit in progress (expected Q2 2025)
• Regular security audits and penetration testing

4. Data Retention

We retain user data for as long as your account is active, plus 90 days after account closure for audit purposes. Reasoning ledgers with cryptographic hashes are retained for 7 years for verifiability.

5. Your Rights (GDPR Compliance)

If you are an EU resident, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Portability: Export your data in machine-readable format
• Objection: Object to certain processing activities

6. Third-Party Services

Alembic integrates with third-party services:

• Google Gemini API: For AI reasoning (subject to Google's privacy policy)
• ChromaDB: For knowledge storage (self-hosted, no external sharing)
• Analytics: We do NOT use third-party tracking or advertising platforms

7. Cookies and Tracking

Alembic uses essential cookies only for session management. We do not use advertising or third-party tracking cookies.

8. Children's Privacy

Alembic services are not intended for users under 18 years of age. We do not knowingly collect information from minors.

9. International Data Transfers

Data may be processed in the United States or other jurisdictions where Alembic operates infrastructure. We ensure appropriate safeguards are in place for cross-border transfers.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email. Continued use after changes constitutes acceptance.

Contact

For privacy inquiries: privacy@alembic.xyz

Data Protection Officer: dpo@alembic.xyz