Privacy Policy

Last updated: February 2026

1. What We Collect

Account data: When you sign in via Manus OAuth, we receive your name, email address, and a unique identifier. This is used to authenticate you and associate your capsules with your account.

Capsule content: All data you enter into Soul Capsules (identity, memory, rules, skills) is stored in our database and associated with your account.

Audit logs: We record security-relevant operations (capsule creation, updates, deletions, rollbacks, token usage) with timestamps. IP addresses are stored as one-way SHA-256 hashes — they cannot be reversed to identify you.

API token metadata: Token names, scopes, creation dates, and last-used timestamps are stored. Token values are stored only as cryptographic hashes.

2. What We Do NOT Collect

  • Private cryptographic keys (never stored server-side)
  • Raw API token values (only hashes are stored)
  • Conversation logs or raw AI chat history
  • Payment information (we do not process payments)

3. PII Detection

Soul Ark performs client-side pattern matching to detect common personally identifiable information (PII) such as email addresses, phone numbers, and credit card numbers in capsule content. When detected, you will receive a warning. We do not automatically redact or block content — you remain in control. We encourage you not to store third-party PII without consent.

4. Data Storage and Security

All data is transmitted over TLS (HTTPS). Capsule data is stored in a managed database with access controls.

Encryption at rest: Database-level encryption is applied to all stored data. For users requiring zero-knowledge storage (where the server cannot read your data), we recommend encrypting sensitive capsule content locally before storing it, using your Ed25519 private key or a separate encryption key.

Key security: Ed25519 private keys are generated in your browser and returned to you exactly once. They are never transmitted to or stored on our servers. Treat them like passwords.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data may be shared only in the following circumstances: (a) with your explicit consent via share links you create; (b) to comply with legal obligations; (c) to protect the security of the Service.

6. Share Links

When you create a share link, the linked capsule content becomes accessible to anyone with the link URL. You control the permission level (revival-only or read-only), expiry time, and maximum access count. Revoke share links at any time from the capsule detail page.

7. Data Retention

Active capsule data is retained as long as your account exists.

Soft-deleted capsules are retained for 30 days before permanent deletion.

Audit logs are retained for 90 days.

Upon account deletion, all associated data is permanently removed within 30 days.

8. Your Rights

You have the right to:

  • Export all your capsule data at any time (JSON, YAML, or Markdown)
  • Delete individual capsules or your entire account
  • Revoke API tokens at any time
  • Request a copy of your audit log

9. Contact

For privacy-related questions or data requests, please contact us through the platform's support channels.