Privacy & security

Your inner life should not become someone else’s dataset.

IndividuateAI stores conversations, memories, and relationship maps. We treat that as exceptionally sensitive data and design the system so there is no operator-held master key for user content.

Passkey-only access Per-user encryption Zero-retention AI routing
Account security model01 / 01
Conversations sealed Memories sealed Relationship maps sealed

No universal unlock key exists

01

The promise

What the design protects

A stolen database, disk, or backup should not reveal your conversations or saved memories. A compromise of the server while you are offline should not expose the key needed to decrypt your account.

No master content key

Each account has its own random 256-bit data-encryption key. We do not retain a universal key that can unlock everyone’s content.

Encrypted at two layers

The SQLite database is encrypted at rest, and sensitive content is separately encrypted with your account’s own key.

Small active window

Your key reaches the server inside your encrypted session cookie and remains in memory only briefly while active requests and background memory work finish.

Inspectable implementation

The application is open source, so these claims can be checked against the code rather than accepted as marketing language.

02

The limits

Where encryption cannot help

We want the boundary to be explicit. The model must receive readable conversation text to respond. A root attacker controlling the live server could also capture the keys and content of people actively using it during that compromise.

At restEncrypted

Saved conversations, memories, maps, databases, disks, and backups.

During a requestReadable briefly

The live server and chosen AI provider must process readable content.

The system reduces the blast radius; it does not make a live compromised server harmless.

It changes the risk from “every user, at any time” to “active users during the compromise window.” Provider exposure is controlled through zero-retention routing and contractual safeguards, not end-to-end encryption.

03

Encryption

Three layers between data and disclosure

  1. 1

    Storage layer

    Database encryption

    SQLCipher encrypts the complete SQLite database on disk. The deployment key lives in the protected server environment, not in the repository.

  2. 2

    Account layer

    Per-user content encryption

    Messages, memory fragments, embeddings, episodes, relationship profiles, and graph labels are encrypted again with XChaCha20-Poly1305 under your account’s unique key.

  3. 3

    Recall layer

    Encrypted recall

    Embeddings are decrypted only in memory for your own searches. This avoids keeping a plaintext vector index that could reconstruct sensitive text.

04

Passkeys & recovery

Your credentials unlock your key

Authentication is passkey-only. A passkey seals a copy of your account key using WebAuthn PRF or, for supported Apple passkeys, synced largeBlob storage. Your recovery key seals another independent copy.

1 Your passkey2 Account key3 Your content
There is deliberately no password-reset back door.

If you lose every passkey and your recovery key, the encrypted content cannot be recovered by us. Any recovery mechanism we controlled would also be a mechanism capable of bypassing your encryption.

After sign-in, the unlocked account key travels inside the encrypted authentication cookie so you can stay signed in without repeatedly entering a PIN. Short PINs are not used because they can be brute-forced offline.

05

AI & voice providers

What leaves the application

TextOpenRouter

Language models

Conversation context is routed through OpenRouter with data collection denied, restricting requests to providers that do not retain prompts or use them for training.

Data collection: denied
AudioDeepgram · EU

Voice transcription

Voice recordings are processed by Deepgram within the European Union only to provide transcription. Every request opts out of Deepgram's model improvement program; Deepgram states that opted-out content is retained only for the time required to process the request.

Model improvement: offRegion: EU
Text → audioDeepgram · EU

Spoken responses

Text sent for speech generation is processed by Deepgram within the European Union only to provide speech synthesis, with the same model-improvement opt-out and processing-duration retention. Generated audio is streamed into browser memory and is not written to your database.

Model improvement: offAudio: not saved
06

Operational safeguards

Security also depends on operations

  • Secrets and API keys live in the deployment environment and are never committed.
  • Authentication cookies are encrypted and require a strong server secret.
  • Every memory, graph, session, and streaming request is scoped to the authenticated user.
  • Conversation content is excluded from application logs.
  • Authentication endpoints are rate-limited.

Do not take our word for it

Inspect the implementation.

IndividuateAI is open source. The security architecture can be read, questioned, and improved in public.