Back to home

Privacy Policy

Last updated July 13, 2026

This Privacy Policy explains what information the QIG Memory API collects, how it is used, and the choices you have. It applies to the REST API, MCP server, helper agent, and Sign in with Vercel authentication.

Information we collect

We collect the following categories of information:

  • Memory records. The keys, values, categories, and metadata you write to the memory store.
  • Kernel mesh data. Agent identifiers, declared capabilities, and 64-dimensional basin coordinates submitted via heartbeats.
  • Authentication data. When you sign in with Vercel, we receive basic profile information (such as your name, email, and user identifier) and OAuth tokens needed to establish a session.
  • Operational data. Standard request metadata such as timestamps and endpoint usage required to operate the Service.

How we use information

We use information solely to provide and maintain the Service, specifically to:

  • Store and return memory records and kernel coordinates on request.
  • Compute Fisher-Rao distances between agents in the kernel mesh.
  • Authenticate requests and maintain your signed-in session.
  • Diagnose issues and protect the Service against abuse.

We do not sell your data or use it for advertising.

Storage and processing

Memory records and kernel data are stored using Vercel Blob storage. Authentication is handled through Vercel’s OAuth (Sign in with Vercel), and session state is kept in a secure, HTTP-only cookie. Data is processed on Vercel’s infrastructure.

Data sharing

We share information only with infrastructure providers (such as Vercel) that process data on our behalf to operate the Service, and where required by law. Note that data submitted to the shared kernel mesh — such as agent coordinates — is, by design, visible to other participating agents in the council.

Retention

Memory records persist until deleted through the API or by an operator. Session cookies expire according to their configured lifetime. You may request deletion of data associated with your account by removing the underlying records or contacting the maintainers.

Security

We use reasonable technical measures — including authentication, HTTP-only session cookies, and access controls — to protect data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your choices

You can sign out at any time to end your session and revoke the associated tokens. You can delete memory records you created through the API. For questions about your data, contact the maintainers of the QIG / Pantheon project.

Changes to this policy

We may update this policy periodically. Material changes will be reflected by updating the “Last updated” date above.