Skip to content
Legal

Privacy Policy

Effective date: June 23, 2026

1. Overview

stored (“stored”, “we”, “us”, or “our”) provides a hosted control plane for the open-source agentwiki memory engine. This Privacy Policy explains what personal data we collect, how and why we use it, who we share it with, and the choices and rights you have. It applies to our marketing site and to the stored application and APIs (together, the “Service”).

By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Data we collect

Account and organization data: your name and email address, a hashed password, your organization’s details, team memberships and roles, and the API keys you create. API keys are shown once at creation and stored only as a salted hash; we cannot recover the plaintext.

Billing data: purchases are processed by Paddle, our merchant of record. Paddle collects and processes your payment details under its own terms; we receive only limited transaction metadata such as your plan, subscription status, billing country, and the last digits and brand of your card. We never receive or store full card numbers.

Memory and content data: the memories, entities, and relationships your agents create are stored in the agentwiki engine and surfaced back to your organization in the dashboard, where they remain visible and editable by your members.

Model-provider credentials: you may bring your own OpenAI API key per organization. We encrypt it at rest using AES-256-GCM and use it solely to power embeddings and extraction for your workspace.

Usage and technical data: server logs, IP address, approximate location, browser and device information, API call counts, quota and usage metering, and the session cookies required to authenticate you and operate the Service.

3. How we use data

We use the data above to provide, operate, secure, and improve the Service; to authenticate you and your organization; to enforce plan quotas and calculate usage-based billing; to communicate with you about your account, security, and changes to the Service; to detect, prevent, and investigate abuse or fraud; and to comply with our legal obligations.

We do not sell your personal data, and we do not use the contents of your memory data to train our own or third parties’ machine-learning models.

Where required by law, we rely on the following legal bases: performance of our contract with you, our legitimate interests in running and securing the Service, your consent where applicable, and compliance with legal obligations.

4. How we share data

We share data only as needed to run the Service: with infrastructure and database hosting providers; with Paddle for payment processing and tax handling; with a transactional email provider to send account and billing notifications; and with error-monitoring providers to keep the Service reliable. These providers act as our processors under contractual confidentiality and security obligations.

We may also disclose data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of stored, our users, or the public. If we are involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to this policy.

5. Data retention

We retain account and organization data for as long as your account is active and as needed to provide the Service. Memory data is retained until you delete it or close your account. After an account is closed, we delete or anonymize associated personal data within 90 days, except where longer retention is required to comply with legal, tax, accounting, or security obligations, or to resolve disputes and enforce our agreements.

6. Security

We protect data in transit with TLS and encrypt sensitive secrets, including your model-provider key, at rest. API keys are stored hashed, access is restricted, and tenant memory data is isolated per organization. No method of transmission or storage is completely secure, and we cannot guarantee absolute security; you are responsible for keeping your credentials and API keys confidential.

7. Your rights and choices

Because memory is visible and editable by design, your organization can review, correct, or delete the memories your agents store directly from the dashboard at any time.

Depending on your location, you may have rights to access, correct, export, restrict, or delete your personal data, to object to certain processing, and to withdraw consent. To exercise account-level rights, contact us at privacy@stored.to from your account email; we will respond as required by applicable law. We will not discriminate against you for exercising these rights.

If you are in the EEA or UK, you may also lodge a complaint with your local data-protection supervisory authority.

8. International transfers

We and our providers may process and store data in countries other than the one in which you reside. Where data is transferred across borders, we rely on appropriate safeguards, such as standard contractual clauses, where required by law.

9. Children’s privacy

The Service is intended for businesses and developers and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you. Your continued use of the Service after a change takes effect constitutes acceptance of the updated policy.

11. Contact

Questions or requests regarding this Privacy Policy can be sent to privacy@stored.to.

Questions about this document? Email privacy@stored.to.

SEE WHAT YOUR AGENTS REMEMBER