Privacy Policy
Plain-language summary
- You own your data, and we never sell it or train AI on it. Ever.
- Two modes, your choice. Self-host (your data on your hardware, we can't see it) or Nerrem Cloud (we host your Brain in an isolated environment that's yours alone, encrypted at rest under your keys).
- We hold less than a typical cloud app — and we're precise about what we do. This policy says exactly what we process in each mode, and lists every third party that touches data.
- AI inference you request may leave your environment. When you ask Nerrem to run a model, your prompt/context goes to a model provider under zero-retention terms (or directly to your own provider if you bring your own keys).
1. Who We Are
Nerrem ("we," "us," "our") is Nerrem AI, operating under the laws of the State of Maryland, United States. We build a personal AI system ("Brain") and the nerrem.ai website.
Contact: privacy@nerrem.ai · nerrem.ai
2. The Two Modes — and What We Can See in Each
How we process your content ("Your Content" — Brain state, project data, email or stream content you connect, chats, agent output, files) depends on deployment:
| Self-host | Nerrem Cloud | |
|---|---|---|
| Where Your Content lives | Your hardware | An isolated single-tenant virtual machine we operate for you (a Firecracker microVM), with a per-customer encrypted volume |
| Encryption at rest | Your machine; under your keys | Under keys managed by your key service (brain-keys); per customer |
| Can Nerrem read it? | No — it never reaches us | Only transiently, inside your isolated environment, to run operations you request — never to train or sell |
| Isolation from other customers | N/A (only you) | Hardware-virtualization boundary; one microVM per customer |
In both modes, AI inference you request may transmit Your Content to a model provider (see §5), and we always collect the limited account/billing data in §3.
3. Data We Collect
3.1 Account, Billing, and Operational Data
To provide a paid, hosted service we collect and store:
- Account/identity: email, authentication data (via Supabase Auth), device public keys, and your license/entitlement state.
- Billing: subscription status, plan, and a customer record at our payment processor (Stripe). We do not store full card numbers.
- Metering: Brain Credit consumption and aggregator usage counts (token/compute amounts and timestamps) needed to bill and enforce limits — not the content of your prompts.
- Operational logs / telemetry: limited service logs and, if enabled, error reports. These are minimized and, where present, scrubbed of Your Content.
3.2 Website Data
Privacy-respecting, cookieless analytics (pages, referral, coarse country/device), and anything you submit through a contact or early-access form.
3.3 Your Content
We do not collect Your Content as a dataset. In self-host mode it never reaches us. In Nerrem Cloud it is hosted and processed only as described in §2 and §5, encrypted at rest, and never used to train models or sold.
3.4 Categories of Personal Information (CCPA/CPRA)
The categories of personal information we collect, by California statutory category, and the purpose of each:
| Category | Examples we collect | Purpose |
|---|---|---|
| Identifiers | Email, account ID, device public key | Account, auth, license |
| Commercial information | Subscription, plan, transaction records | Billing, service provision |
| Internet/network activity | Service logs, metering counts, cookieless site analytics | Security, reliability, billing, site improvement |
| Geolocation (coarse) | Country-level, from IP | Analytics, routing, fraud prevention |
We do not collect biometric information, government IDs, precise geolocation, or sensitive personal information as a routine matter, and we do not "sell" or "share" personal information for cross-context behavioral advertising. Your Content hosted on Nerrem Cloud (§2) is processed as a service function, not collected as a dataset about you.
4. Subprocessors
We use the following third parties to operate the Services. Each processes data on our behalf under contractual confidentiality and security obligations:
| Subprocessor | Purpose | Data involved |
|---|---|---|
| Fly.io | Cloud hosting / compute (per-customer microVMs, sync hub) | Encrypted Cloud volumes; encrypted federation blobs |
| Supabase | Auth + control-plane database | Account, license, billing-state, credit ledger |
| Stripe | Payments, subscriptions, tax | Billing/customer data, payment method (held by Stripe) |
| Cloudflare | DNS, CDN, website, web analytics | Website traffic metadata |
| Anthropic | LLM inference (aggregator) | Prompt/context for requests you make (zero-retention) |
| Together.ai | LLM inference (aggregator, OSS models) | Prompt/context for requests you make (zero-retention) |
As we enable more features we may add subprocessors (e.g., Resend for transactional email, Sentry for error tracking, Buttondown for newsletter). We will update this list before a new subprocessor begins processing personal data.
For business and Team customers, where we act as a processor of personal data on your behalf, our Data Processing Agreement (DPA) governs that processing, incorporates the subprocessors above, and is available on request at privacy@nerrem.ai.
5. AI Inference and Model Providers
When you ask the Services to run a model:
- Nerrem aggregator (default for hosted plans): your prompt and context are sent to a model provider (e.g., Anthropic, Together.ai) using Nerrem-pooled keys, under agreements that prohibit the provider from retaining or training on your data (zero-retention) where the provider offers such terms. We configure the available zero-retention and no-training options, but we do not control and cannot guarantee a provider's internal processing. We meter the usage (counts, not content).
- Bring your own keys (BYOK): your content goes directly from your environment to the provider under your own agreement with them. Their privacy terms, not ours, govern that processing.
You control what is sent and when. We make sending deliberate and configurable; we cannot control a provider's handling of data sent under your BYOK keys.
6. Connected Streams
When you connect a stream (Gmail, Calendar, Slack, etc.), authentication uses that provider's OAuth. Tokens are stored encrypted and used to fetch data into your Brain (your device, or your isolated Cloud environment). Your use of those providers is governed by their privacy policies. We do not use connected stream content for any purpose other than operating the features you enable.
7. How We Use Collected Data
| Data | Purpose | Legal basis |
|---|---|---|
| Account / billing / metering | Provide, bill, and enforce the Services | Contract performance |
| Website analytics | Understand site usage | Legitimate interest |
| Form submissions | Respond to you / provide access | Consent |
| Operational logs | Security, reliability, debugging | Legitimate interest |
We do not use any data for advertising, profiling, sale to third parties, or to train AI models.
8. Data Sharing
We do not sell, rent, or trade personal information. We share only with the subprocessors in §4, where required by law or valid legal process, or in a merger/asset sale (under the same commitments, with notice).
9. Data Retention and Deletion
- Self-host: you control retention entirely; delete files or
~/.brainat any time. We hold no copy. - Nerrem Cloud: on cancellation, your isolated environment and volume are retained for at least 30 days so you can export, then deleted. You may request earlier deletion.
- Account/billing records: retained as required for tax and legal obligations; metering and logs retained on a minimized schedule.
- You can request a copy or deletion of personal data we hold at privacy@nerrem.ai; we respond within 30 days, at no charge.
10. Your Rights
EU/EEA (GDPR): access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. California (CCPA/CPRA): know, delete, correct, opt out of "sale"/"sharing" (we do neither), and non-discrimination. All users: request a copy or deletion of your data. Email privacy@nerrem.ai.
11. Security
In summary: TLS in transit; encryption at rest under your keys; per-customer microVM isolation on Nerrem Cloud; signed license tokens; sandboxed agent execution. No vendor can make software perfectly secure, and your own infrastructure security (in self-host) and account credentials (in both modes) are your responsibility.
12. International Transfers
Nerrem Cloud is hosted in the United States (via Fly.io). If you are outside the United States, your hosted data and the account data you submit are processed there. Where we transfer EU/EEA or UK personal data outside those regions, we rely on the European Commission's Standard Contractual Clauses (SCCs) (and the UK International Data Transfer Addendum) as the transfer mechanism.
13. Children's Privacy
The Services are not intended for anyone under 16. We do not knowingly collect personal information from children under 16 and will delete it if discovered.
14. Cookies
The website uses only essential cookies; analytics are cookieless. The Services (app/CLI) do not use advertising cookies.
15. Changes
We may update this policy; we will update the "Last Updated" date and, for material changes, give notice on the Website and in the Services, and will not retroactively reduce your rights without consent.
16. Our Commitments
- We will never sell your data, and never train AI on Your Content.
- Self-host means self-host — in that mode your content never reaches us.
- We won't hold your data hostage — open, exportable formats; export always available, including during grace and for 30+ days after cancellation.
- We disclose subprocessors — and update this list before adding one.
- We are precise, not aspirational — we describe what each mode actually does, not a simplified ideal.
17. Contact
privacy@nerrem.ai · general hello@nerrem.ai · security security@nerrem.ai
Written to be read by humans. If anything is unclear, email us and we'll explain it plainly.