Privacy Policy

Last updated: 2026-05-14

Nage AI Inc. ("Nage", "we", "us") operates the Nage Platform at sedim.ai and api.sedim.ai. This policy describes what data we collect, how we use it, and the controls you have.

1. What we collect

Account data

• Email address (required for signup + transactional email)
• Hashed password (we never store plaintext)
• Organization name (optional; a personal org is created if not provided)
• Tier (SURFACE / PRO / TEAM / BUSINESS / MANTLE) — billing status

Usage data

• API call metadata — endpoint, timestamps, response codes, token counts
• STEMMA attribution per /think call (which VARVEs the router used)
• Agent run traces (planner step inputs/outputs)
• Canvas run telemetry (per-node status, latency, output_text)
• Eval results (golden query response_text + auto_grade)

Content you submit

When you upload documents to create VARVEs, send agent prompts, or run /think queries, that content is stored to power the feature. We do NOT use your content to train base models that other customers see — your VARVEs and queries stay scoped to your org.

End-user identifiers (if you build on Nage)

When you call sedim.identify(externalId) from your app on behalf of one of YOUR users, we mint an opaque eu_… token. We do not see the underlying real identity — you control the mapping. Metadata fields with names like email,phone, name, address, ip are stripped at write time so you cannot accidentally store PII with us.

2. How we use it

• Operate the platform (route requests, attribute STEMMA, bill correctly)
• Send transactional email (signup welcome, password reset, deploy alerts, usage warnings)
• Surface analytics in YOUR dashboards (cost rollup, eval pass rate, etc.)
• Detect abuse + protect platform integrity (rate-limit enforcement, fraud signals)
• Comply with legal obligations (tax reporting, EU AI Act audit trail)

We do NOT sell your data, share it with advertisers, or use it to train models that other customers see.

3. Where it lives

• Primary DB: Supabase (Postgres) — EU region (Frankfurt)
• Inference workers: RunPod — EU region when available, US fallback
• Object storage: Cloudflare R2 — EU jurisdiction
• Email: Resend — US-based; we send minimal PII (email + user ID only)
• Payments: Stripe — US-based; we never see card numbers
• Error tracking: Sentry — EU region; PII off, attach_stacktrace on

4. Retention

• Account data: kept until account deletion
• API usage logs (stemma_logs): 90-day TTL
• Agent / canvas run traces: 365 days for paying tiers, 30 days for SURFACE
• EU AI Act audit log (ai_act_audit_log): append-only, retained for the lifetime of the AI system + 10 years
• Backups: daily, encrypted at rest, 30-day rolling

5. Your rights (GDPR + CCPA)

You can exercise your rights directly from the dashboard or via the API. Every request writes an append-only audit row so the compliance trail survives the action itself.

• Access: /dashboard/memory shows everything we remember (profile + topic weights + audit history).
• Rectification: update via your account, or use Conflicts view to reconcile cross-tool attribution.
• Erasure (Article 17):
  • DELETE /me/profile/topics/{topic} — selective forgetting
  • DELETE /me/profile — full profile hard-delete (audit tombstone preserved)
  • DELETE /end-users/{id} — per-end-user erasure (member-side)
  • Account-level deletion via Settings → Danger zone
• Portability (Article 20): POST /me/profile/export returns a self-contained JSON dump (profile + audit log + sessions). Also surfaced as “Download my memory” on /dashboard/memory.
• Objection / Restriction: contact us at privacy@nage.ai; we honor within 30 days.

5a. Memory architecture — what we remember

Nage uses a layered memory model. Each layer has a different update cadence and your rights are exercisable at the per-layer or per-entry level.

• Profile (COOL ~2.4 KB): aggregated style + topic preferences (varve_preference dict, topic_centroid vector, language hint). Updated online after every /think call. Read at /dashboard/memory.
• Sessions (WARM): per-conversation aggregates (turn count, hot VARVE ids, last query snippet, rolling summary). One row per session under sessions table. Manage at /dashboard/sessions.
• VARVEs + Application VARVEs (COLD): distilled knowledge layers (text-trained or weight-derived from imported models). VARVEs you create are yours; you can archive, export, or delete them anytime via /dashboard/varves.
• SEP Applications: tools that bridge state to your memory via /sep/bridge/sync. You see + revoke them at /dashboard/sep. Each Application's secret is hashed at rest; we cannot recover lost secrets — only rotate them.
• Audit log (immutable): append-only history of profile changes (profile_audit_log). Enforced by PostgreSQL RULEs that turn UPDATE and DELETE into no-ops. Survives all erasures as a compliance tombstone, but stores only field-name diffs + counts, never raw PII values.

6. Sub-processors

We use the following sub-processors. Each is bound by a Data Processing Agreement.

• Supabase — database hosting
• RunPod — GPU inference
• Cloudflare — CDN, R2 object storage, DNS
• Resend — transactional email
• Stripe — payment processing
• Sentry — error tracking
• Vercel — frontend hosting
• Railway — backend hosting

7. Security

See security. TL;DR: TLS in transit, AES-256 at rest, row-level security per-org, RBAC on sensitive operations, append-only EU AI Act audit log, vulnerability disclosure via security@nage.ai.

8. Children

Nage is not designed for users under 16. We do not knowingly collect data from children.

9. Changes

We will notify registered users by email at least 30 days before material changes take effect.

10. Contact

Privacy questions: privacy@nage.ai. Security disclosures: security@nage.ai. General: contact.

Also see: Terms of Service · Security