Privacy Policy
Last updated: July 11, 2026
AI Pen Drive exists because we believe your AI memory should belong to you. This policy says, in plain language, what we store, why, and what we will never do with it. Where this policy and our marketing differ, this policy wins.
What we store
- Account data: your email, display name, and a hashed password (bcrypt — we cannot read it).
- Vault content: the memories and work artifacts you approve or explicitly save. Memory text and artifact content are encrypted at rest with an application-layer key, on top of database-level encryption.
- Access receipts: a log of every time a connected AI read from or wrote to your vault — which client, which tool, which memory ids, and when. Receipts exist for YOU; they are shown on your Activity page.
- Technical logs: errors and request metadata for keeping the service running. Our code is written so memory content never appears in logs.
What we do NOT do
- No selling or renting of your data. Ever. To anyone.
- No advertising trackers or third-party analytics scripts.
- No training AI models on your vault — yours or anyone else's.
- No browsing of your memories by us: the operator console shows counts and metadata only, never memory content.
The consent model
Nothing becomes a permanent memory without your approval. Extracted candidates land in a Review Inbox as pending; only your explicit action (in the app, by swipe, or by telling a connected AI) makes them active. Each memory carries a per-memory consent mode (allow / ask / blocked) that controls whether AIs may retrieve it.
Connected AIs
When you connect an AI (Claude, ChatGPT, Gemini, or any MCP client), it can retrieve only memories that are active and set to "allow". Anything it retrieves is recorded as a receipt you can inspect. What a third-party AI does with text it has retrieved is governed by that provider's own terms — connect only AIs you trust.
The browser extension
The extension captures conversation text only when you click the capture button or the save-selection menu — there is no background collection, no keystroke logging, and it reads nothing on sites other than the supported AI chats. Captured text goes to your vault and nowhere else, and lands as pending until you approve it.
Where your data lives
Data is stored with our infrastructure providers (currently Supabase for the database and Render for the API, in the United States), over TLS in transit and encrypted at rest. Our honest, published threat model — including what our encryption does and does not protect against — is on the Trust page.
Deletion and retention
- Forget: deleting a memory removes it from retrieval immediately — no AI can access it from that moment.
- Purge: residual encrypted records of deleted items are permanently purged within 30 days.
- Export: you can export your entire vault at any time, free, from Settings. The Forget button and export are never paywalled.
- Account deletion: email us and we erase your account and all associated data (memories, artifacts, receipts).
Your rights
Access, correction, export (portability), and erasure are built into the product rather than hidden behind a process. If you are in a jurisdiction with specific data-protection rights (GDPR, DPDP, CCPA and similar), we honor requests under them — write to the contact below.
Age
AI Pen Drive is not intended for children under 16.
Changes
If this policy changes materially, we will note it here with a new date and, for significant changes, notify account holders by email.