← Back to home

Privacy Policy

Last updated: April 2026

Lodis is built by Sunrise Labs ("we", "us", "our"). We believe you should understand exactly what happens with your data, so this policy is written to be read, not just agreed to.

1. Information We Collect

What we collect depends entirely on which tier you use:

Local Tier

We collect nothing. The Local tier runs entirely on your machine. Your memories, embeddings, configuration, and credentials never leave your computer. There is no telemetry, no analytics, and no phone-home behavior. The only network calls the software makes are to your own LLM provider, if you configure one.

Cloud and Cloud+ Tiers

When you create an account, we collect:

  • Account information — Email address and authentication data, provided through Clerk (our authentication provider).
  • Memory content — The memories your AI agents store, including content, details, entity classifications, structured data, and metadata (timestamps, confidence scores, agent identifiers).
  • Embedding vectors — 384-dimensional float vectors generated from your memory content, used for semantic search.
  • Relationship graph — Connections between your memories (e.g., "works_at", "part_of").
  • Event history — An audit trail of actions taken on your memories (creation, updates, confirmations, corrections).
  • BYOK API keys (Cloud tier) — Your LLM provider API keys, if you provide them.

2. How We Use Your Information

  • To provide the Service: storing, searching, and managing your AI agent memories.
  • To authenticate you and secure your account.
  • To process LLM requests on your behalf (Cloud+ tier, or BYOK calls on Cloud tier).
  • To send you service-related communications (account security, terms updates).

We do not sell your data. We do not use your memory content to train models. We do not serve ads.

3. Data Storage and Encryption

We want to be transparent about our security model, including its limitations.

Encryption at Rest

Your memory content is encrypted at rest using AES-256-GCM with keys derived via scrypt. This means your data is encrypted when stored on disk in our database (hosted on Turso, a cloud SQLite platform).

Important: This Is Not Zero-Knowledge

During request processing, your memory content is decrypted in server memory so we can perform operations like search, entity extraction, and deduplication. This means our server has access to your plaintext data while processing your requests. We do not log or persist decrypted content outside of the request lifecycle, but you should understand that this is a trust-based model, not a zero-knowledge architecture.

If you require zero-knowledge encryption, the Local tier keeps all data on your own machine under your full control.

Embedding Vectors

Embedding vectors (384-dimensional float arrays) are stored unencrypted in the database. This is necessary for vector similarity search to function. Embeddings are mathematical representations of your content — while they do not contain readable text, they could theoretically be used to infer information about the source content.

BYOK API Keys

If you provide your own LLM API keys (Cloud tier), they are encrypted at rest in our database using a server-managed encryption key. They are decrypted in server memory only when making LLM API calls on your behalf. We do not log your API keys.

4. Third-Party Services

The Cloud tiers rely on the following third-party services:

  • Clerk — Authentication and user management. Clerk receives your email address and authentication credentials. See Clerk's Privacy Policy.
  • Turso — Cloud database hosting. Your encrypted memory data is stored on Turso infrastructure. See Turso's Privacy Policy.
  • Anthropic / OpenAI (Cloud+ tier only) — Your memory content is sent to these LLM providers for entity extraction, classification, and analysis. This means your plaintext memory content is processed by their systems, subject to their respective privacy policies and data handling practices.
  • Vercel — Hosting for the web dashboard and landing page.

On the Local tier, none of these services are involved unless you explicitly configure an LLM provider yourself.

5. Data Retention and Deletion

Memories are retained until you delete them. Lodis uses soft deletes (marking memories as deleted rather than immediately removing them), but soft-deleted data is excluded from all search results and API responses. Permanently purging soft-deleted data occurs during routine maintenance.

When you delete your account, all associated data — memories, connections, events, API keys, and account information — is permanently deleted from our systems. This action is irreversible.

6. Your Rights

You have the right to:

  • Export your data — Download all your memories as JSON at any time through the dashboard settings.
  • Delete your data — Delete individual memories, or delete your entire account and all associated data.
  • Revoke access tokens — Revoke any Personal Access Token (PAT) at any time to disconnect MCP clients.
  • Revoke API keys — Remove your BYOK API keys from our system at any time.
  • Access your data — View all memories, connections, events, and metadata through the dashboard.

7. Children's Privacy

Lodis is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Cloud tier users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

9. Contact

If you have questions about this Privacy Policy or how your data is handled, contact us at privacy@lodis.ai.