How we collect, use, and protect your data.
BETA PERIOD PRIVACY POLICY
This is a temporary privacy policy for the Enovari beta period. A comprehensive, attorney-reviewed privacy policy will replace this document before general availability. During the beta period, please do not store sensitive, confidential, or regulated information (such as passwords, financial account numbers, health records, social security numbers, or trade secrets) in Enovari. We are actively building out our security and compliance infrastructure.
Last updated: March 30, 2026 — Effective during beta.
Enovari is a product of Silicon Harbor Technologies, LLC, a South Carolina limited liability company based in Charleston, SC. When this policy says "we," "us," or "our," it means Silicon Harbor Technologies, LLC.
Account information: When you sign up, we collect your name, email address, organization name (optional), and a hashed version of your password. We never store your password in plaintext.
Memory data: Enovari is an AI memory system. The memories, notes, personas, and other content you create through the service are stored in per-user isolated databases. Each user's data is stored separately — we do not commingle user data.
Persona data: If you create AI personas, the persona definitions, behavioral profiles, and associated private memory (mind.db) are stored in your isolated account scope.
Usage data: We record which API tools are called, timestamps, error rates, and response sizes for service monitoring. We also log security events (login attempts, token usage) for abuse prevention.
Payment data: Payment processing is handled entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see or store your credit card number, bank account, or other payment credentials.
Technical data: Our servers may log IP addresses, browser user-agent strings, and request metadata for security and debugging. We do not use tracking cookies or third-party analytics during the beta period.
We use your information to:
• Provide and operate the Enovari service, including memory storage, retrieval, and AI persona features.
• Authenticate your identity and secure your account.
• Process billing through Stripe.
• Monitor service health and prevent abuse.
• Communicate with you about your account, service changes, and security notices.
• Improve the service based on aggregate, anonymized usage patterns.
We do not sell your personal information. We do not use your stored memories, personas, or content to train AI models. Your data is yours.
Enovari's architecture uses per-user data isolation. Your memories are stored in a dedicated database (tapestry.db) separate from every other user. Persona private memories are stored in separate mind.db files scoped to your account. This is not a shared database with row-level filtering — it is physical file-level separation.
Data is encrypted in transit (TLS 1.2+). Passwords are hashed with bcrypt. API keys are stored as SHA-256 hashes. During the beta period, we are actively hardening at-rest encryption and security monitoring. This is why you should not store sensitive information during the beta.
Enovari connects to AI platforms (such as Claude, ChatGPT, Cursor, and others) via the Model Context Protocol (MCP) and OAuth 2.1. When you connect an AI client:
• The AI platform registers as an OAuth client and receives an access token scoped to your account.
• The AI client can read and write memories through the MCP tools you authorize.
• Refresh tokens persist for up to 30 days unless revoked.
• The AI platform receives tool output containing your memory data — this is inherent to how MCP works.
You can revoke OAuth access at any time from your dashboard. We recommend reviewing what data your connected AI clients can access.
We use the following third-party services that may process your data:
• Stripe — payment processing (card data, billing address)
• Resend — transactional email (email address, name)
• Cloud hosting provider — server infrastructure (all data in transit and at rest)
We do not share your memory content, persona data, or stored information with any third party except as required to operate the service (e.g., Stripe for billing) or as required by law.
Regardless of where you live, you have the right to:
• Access your data — request a copy of all information we hold about you.
• Correct your data — update inaccurate information.
• Delete your data — request deletion of your account and all associated data. We will delete your data within 30 days of a verified request.
• Export your data — download your memories in machine-readable format (SQLite, JSON).
• Non-discrimination — exercising your privacy rights will not affect your service level or pricing.
If you are a resident of California, Colorado, Connecticut, Virginia, or another state with comprehensive privacy legislation, you may have additional rights under your state's law, including the right to opt out of data sales (we do not sell data) and the right to limit use of sensitive personal information. We honor Global Privacy Control (GPC) signals — because we do not track, profile, or sell data, no additional action is required on our end when we detect a GPC signal.
If you are in the EU/UK, our legal basis for processing your data is contract performance (Article 6(1)(b) GDPR) for account and service data, and legitimate interest (Article 6(1)(f)) for security logging. You have the right to lodge a complaint with your local data protection authority.
We retain your account data and stored memories for as long as your account is active. If you delete your account, we will delete all associated data (user record, memories, personas, mind.db files, usage logs) within 30 days. Backup copies may persist for up to 90 days before being purged from backup systems.
Security event logs are retained for 12 months for abuse prevention, then deleted.
Enovari is not intended for use by anyone under the age of 18. We do not knowingly collect information from minors. If we discover that a user is under 18, we will delete their account and all associated data within 72 hours of discovery. If you believe a minor has created an account, please contact us immediately.
Enovari uses automated systems for memory retrieval, including confidence scoring, contradiction detection, and relevance ranking. These systems help organize and surface your stored information but do not make decisions that produce legal or similarly significant effects on you. You can override any automated organization by editing or deleting your memories directly.
In the event of a data breach affecting your personal information, we will notify you via email within 72 hours of confirmed discovery. We will also notify relevant state authorities and regulatory bodies as required by applicable law, including the South Carolina Department of Consumer Affairs if SC residents are affected.
During the beta period, Enovari does not use tracking cookies, third-party analytics, or advertising pixels. We use essential httpOnly secure cookies for authentication tokens and localStorage only for non-sensitive display preferences (e.g., cached user name). Authentication cookies cannot be accessed by JavaScript, providing protection against cross-site scripting (XSS) token theft.
We will replace this beta privacy policy with a comprehensive, attorney-reviewed policy before Enovari exits beta. We will notify all registered users via email when the permanent policy is published. Material changes to any privacy policy will be communicated at least 30 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.
If you have questions about this privacy policy, want to exercise your data rights, or need to report a privacy concern, contact us at:
siliconharbortechnologiesLLC@gmail.com
Silicon Harbor Technologies, LLC
Charleston, South Carolina