Privacy Policy

What We Collect

Retayn stores encrypted data only. We never see your plaintext content. Specifically:

• Encrypted memory segments — AES-256-GCM encrypted on your device before transmission. We store ciphertext blobs we cannot decrypt.
• Blinded search terms — HMAC-SHA256 hashed on your device. We see hashes, not words.
• Embedding vectors — computed on your device from your content. We store the vectors for similarity search.
• Account info — email (from OAuth provider), API key hash, usage counts, plan tier.

What We Cannot See

Your encryption keys are derived from your passphrase on your device. We never receive your passphrase or derived keys. We cannot decrypt your stored content, read your search queries in plaintext, or recover your data if you lose your passphrase.

Third-Party Services

• Cloudflare — infrastructure (Workers, R2, Vectorize). Subject to Cloudflare's privacy policy.
• Stripe — payment processing. Subject to Stripe's privacy policy.
• GitHub/Google — OAuth authentication only. We receive your email and display name.

Data Retention

Free accounts: 30-day retention. Pro/Ultra: indefinite. You can delete all data at any time via the API (POST /v1/wipe) or by contacting us.

Data Deletion (GDPR/CCPA)

Request account deletion by calling POST /v1/wipe with your API key, or email contact@retayn.ai. We will delete all stored data within 30 days.

Contact

Questions? Email contact@retayn.ai.