Privacy Policy

Last Updated: February 26, 2026

1. Our Privacy Philosophy

We believe data privacy is a human right, not a feature you have to pay extra for. Our system is designed so that we cannot see your data even if we wanted to.

• Local-First by Default: Your agent runs on your machine. Your credentials stay encrypted locally.
• No Automatic Cloud Sync: Your data doesn’t leave your computer unless you explicitly enable it.
• No Behavioral Profiling: We don’t track what apps you use, what time you use them, or build models of your behavior.
• No Data Monetization: We never sell your data. We never build advertising profiles. We don’t have an ads business.
• Encryption by Default: When data moves (optional cloud sync), it’s encrypted end-to-end.

2. What Data We Collect (Local Only)

On Your Computer

• OAuth3 Tokens: Stored encrypted in ~/.solace/vault/ with AES-256-GCM
• Evidence Logs: Stored locally in ~/.solace/evidence/. Never uploaded without your consent.
• Snapshots: Prime Mermaid snapshots stored locally
• App Configs: Your app settings, recipes, and customizations
• Usage Logs: Stored locally only. Not sent to us.

What We Never See

• Your email contents
• Your Slack messages
• Your calendar data
• Your LinkedIn activity
• Your file system contents
• Your API keys (encrypted locally)

3. Optional Cloud Features

If you enable cloud sync (Dragon Warriors tier), you can choose to upload your evidence bundles for:

• Searchable history across devices
• Team sharing + role-based access
• Retention policies (30/90/180/365 days)
• Compliance export + audit case files

Cloud Data Protection

• Encryption: End-to-end (we never hold unencrypted keys)
• Minimal Data: Only evidence bundles, not application data
• Your Control: You set retention policies, you authorize access, you can delete anytime
• No Resale: We never share or sell cloud evidence data
• Audit Log: Every access to your data is logged. You see the audit log.

4. Third-Party Integrations

When Solace connects to Gmail, Slack, LinkedIn, etc., those services handle your credentials according to their privacy policies.

• OAuth3 Scopes: We request only the minimum scopes needed
• Token Storage: Tokens stay encrypted on your computer
• No Caching: We don’t cache email/message content on our servers
• Your Credentials: You control what Solace can access via scopes

5. Data Deletion

You can delete your data at any time:

• Local Data: Delete ~/.solace/ folder to remove all local data
• Cloud Data: Use dashboard to delete cloud evidence (instant)
• Account: Delete your Solace account (all associated data removed)
• GDPR Rights: You have the right to data portability and deletion under GDPR

6. GDPR & International Privacy Laws

GDPR (EU): Solace complies with GDPR by design. We minimize data collection and storage. You can export or delete your data anytime.

CCPA (California): We don’t sell personal information. You can request deletion and get a list of what we know about you.

Other Jurisdictions: We comply with applicable privacy laws and will update this policy as regulations evolve.

7. Cookies & Tracking

Browser Version: Essential cookies only (session management, authentication). No tracking cookies. No pixel tracking. No cross-site tracking.

CLI Version: No cookies. No tracking.

8. Changes to This Policy

We may update this privacy policy as Solace evolves. Material changes will be communicated to you, and we will ask for your consent if privacy is reduced.

9. Contact Us

Questions about privacy? Email: privacy@solaceagi.com

Data Protection Officer: Available upon request for enterprises.