Skip to main content
← Legal

Privacy Policy

Last updated: 2026-05-11

Privacy Policy

Version: 1.2 Effective date: April 18, 2026 Last updated: May 11, 2026


1. Who We Are

ɳSelf (“we”, “us”, “our”) operates the nself.org website and related services. ɳSelf is a Delaware LLC.

  • Privacy contact: privacy@nself.org
  • Postal address: ɳSelf, LLC, 8 The Green, Suite A, Dover, Delaware 19901, USA
  • EU representative: To be appointed when the volume of EEA user processing triggers the Art. 27 GDPR threshold. Current primary data processing occurs in the EU (Hetzner, Germany), which reduces cross-border transfer exposure.

This policy covers all ɳSelf-operated surfaces: nself.org, docs.nself.org, install.nself.org, api.nself.org, ping.nself.org, cloud.nself.org, chat.nself.org, claw.nself.org, task.nself.org, base.nself.org, and billing and email services. ntv.nself.org is planned and not yet live; it will be covered by this policy once launched.

Self-hosted ɳSelf instances are NOT covered by this policy. If you run ɳSelf on your own infrastructure, you are the data controller for your users. We have no access to your data. The only external call the CLI makes (if telemetry is enabled) is to ping.nself.org. You can disable this entirely with nself config set telemetry false.


2. Data We Collect

Account Data

When you create an account on cloud.nself.org or task.nself.org, we collect:

  • Email address
  • Display name (optional)
  • Hashed password (bcrypt, never stored in plaintext)
  • Stripe customer ID (for paid plans)
  • License key hash (for plugin access validation)

Usage Data (Telemetry)

If you enable telemetry in the ɳSelf CLI (nself config set telemetry true), we collect:

  • CLI version, OS, and architecture
  • Command names (never arguments or content)
  • Install success/failure status
  • Opt-in error reports (stack traces with PII redacted)
  • Per-install UUID (rotatable via nself config reset telemetry-id)

Telemetry is off by default. The per-install UUID is not linked to your account unless you explicitly opt in.

Billing Data

For paid plans, Stripe processes your payment. We receive and store:

  • Last 4 digits of your payment method
  • Billing country and tax region
  • Invoice history and subscription status

We never receive or store your full card number (PAN). All payment processing is handled by Stripe (PCI DSS Level 1 certified).

Support Data

When you contact support or file a bug report, we collect:

  • Ticket contents and attached logs
  • Email address used for correspondence

AI-Specific Data (Hosted ɳClaw at claw.nself.org)

If you use the hosted ɳClaw service, we process:

  • Prompts and responses
  • Embeddings generated from your conversations
  • Memory graph (topics, entities, decisions extracted by the AI)
  • Files you upload for AI processing

This data is stored in your dedicated database partition and is never shared with other users. See Section 7 for AI-specific disclosures.

v1.1.0 Event Types (Telemetry — opt-in)

When telemetry is enabled, v1.1.0 added the following discrete event types sent to ping.nself.org:

EventFieldsNot collectedOpt-out
install_completedCLI version, OS, arch, duration, success flagNo content, no pathsnself config set telemetry false
bundle_purchaseBundle name, tier (not price), country codeNo payment details, no nameSame
clawde_activatedPlatform (desktop/mobile), CLI versionNo files, no promptsSame
nsentry_plugin_installPlugin name within ɳSentry bundle, CLI versionNo server detailsSame
license_validateLicense tier, domain hash (one-way), CLI versionNo actual domain, no keyNot opt-outable (required for license enforcement); can disable telemetry globally

Per-install UUID is rotatable at any time via nself config reset telemetry-id. None of these events include personal data, file paths, or content.

ɳFamily Special-Category Data

ɳFamily is a self-hosted application. When you run ɳFamily on your own server, all data — including the following special categories — is stored exclusively in your database. ɳSelf never receives or processes it.

Data we classify as special-category under GDPR Article 9 within the ɳFamily app:

CategoryWhat it coversDefault state
Medical historyAllergies, conditions, medications, surgeries, vaccinations on family member profilesOff — explicit consent required
Biometric dataFacial geometry, fingerprint references, voice prints from photos or in-app identificationOff — explicit consent required
Genetic dataDNA results, hereditary markers, genetic disease information in family tree entriesOff — explicit consent required
Children’s data (COPPA / GDPR Art. 8)Any profile data belonging to a user under 13 (US) or 16 (EU/EEA)Off — verifiable parental consent required

Legal basis for processing: GDPR Article 9(2)(a) — explicit consent of the data subject. Each category requires a separate opt-in action and is recorded with a timestamped audit trail. Consents expire annually and must be re-affirmed. You can revoke any consent at any time, triggering immediate deletion of stored data in that category.


3. Purposes and Lawful Bases

PurposeData usedLawful basis (GDPR Art. 6)
Provide the service you signed up forAccount, usage, AI dataPerformance of contract (Art. 6(1)(b))
Process payments and manage subscriptionsBilling dataPerformance of contract (Art. 6(1)(b))
Detect and prevent fraud and abuseIP addresses, usage patternsLegitimate interest (Art. 6(1)(f))
Product improvement via analyticsAnonymized telemetry (opt-in only)Consent (Art. 6(1)(a))
Send transactional emails (password reset, billing)Email addressPerformance of contract (Art. 6(1)(b))
Comply with tax and legal obligationsBilling records, account dataLegal obligation (Art. 6(1)(c))
Send newsletter (opt-in only)Email addressConsent (Art. 6(1)(a))
Store special-category health / biometric / genetic data in ɳFamily (self-hosted)Medical history, biometric, genetic dataExplicit consent (GDPR Art. 9(2)(a))

We do not sell your data. We do not share it with advertisers. We do not use it for training AI models.


4. Retention Schedule

Data typeRetention periodJustification
Account dataUntil you delete your account + 30-day grace periodService continuity
Billing records7 years after last transactionTax law compliance
Application logs90 days hot storage, 1 year cold storageDebugging, security
Telemetry data24 months rollingProduct improvement
Database backups35 days, then purgedDisaster recovery
AI memory (hosted ɳClaw)User-controlled; default retain until user deletesUser preference
AI prompts/responses (hosted)Configurable; default 90 days for cloud usersService operation
Support tickets3 years after resolutionQuality assurance

When you delete your account, we initiate a deletion cascade. After the 30-day grace period, all your data is permanently removed from active systems. Backups containing your data are purged within 35 days. See our Right to Delete documentation for the full cascade.


5. Sharing and Sub-Processors

We share data with third-party service providers (“sub-processors”) only as necessary to operate our services. See our Sub-Processor List for the current list, which includes:

  • Hetzner: Server hosting (Germany)
  • Vercel: Frontend hosting (global CDN)
  • Cloudflare: DNS and DDoS protection (global)
  • Stripe: Payment processing (USA)
  • Elastic Email: Transactional email (EU)
  • OpenAI: LLM inference for hosted ɳClaw (USA, opt-in, zero-retention API)
  • Anthropic: LLM inference for hosted ɳClaw (USA, opt-in, zero-retention API)
  • Groq: LLM inference for hosted ɳClaw (USA, opt-in)

We notify cloud.nself.org users by email at least 30 days before adding a new sub-processor. You may object within 30 days of notification by contacting privacy@nself.org.

We do not sell personal data to any third party. We do not share data with advertisers.


6. Cookies

We use a minimal set of cookies. See our Cookie Policy for the full audit table, categories, and how to manage your preferences.


7. AI-Specific Disclosures

This section applies to users of hosted AI services (ɳClaw at claw.nself.org, AI features in task.nself.org, and any future AI-powered ɳSelf services).

Model providers

We use the following third-party model providers for AI inference:

  • OpenAI (GPT-4, GPT-4o) : via zero-retention API
  • Anthropic (Claude) : via zero-retention API
  • Groq (Llama, Mixtral) : fast inference
  • Self-hosted models (Llama via Ollama) : no external data transfer

Training data policy

We do not train on your data. Your prompts, responses, uploaded files, and memory graphs are never used to train any model, whether ours or a third party’s. All third-party providers are configured with zero-retention / no-training API settings where available.

Opt-out of third-party providers

You can disable third-party model providers entirely and use only self-hosted models. In the hosted ɳClaw settings, set your preferred provider to “Self-hosted only.” This means your prompts never leave our servers (Hetzner, Germany).

Data handling for AI features

  • Prompts and responses are retained per your account settings. Default: 90 days for cloud users. You can change this to any duration or set it to “delete immediately after response.”
  • Embeddings are stored in your database partition for semantic search and memory features. They are deleted when you delete the source content.
  • Memory graph (topics, entities, decisions) is derived from your conversations and stored in your partition. You can view, edit, and delete any memory entry.
  • Uploaded files are processed in memory, stored in your object storage bucket, and deleted when you remove them.

Automated decision-making

The AI features in ɳSelf do not make automated decisions with legal or similarly significant effects on you. The AI is a tool that assists you. You control what it remembers and what it forgets.


8. Your Rights Under GDPR

If you are in the European Economic Area (EEA), UK, or Switzerland, you have the following rights:

  • Access (Art. 15) : Request a copy of your personal data
  • Rectification (Art. 16) : Correct inaccurate data
  • Erasure (Art. 17) : Request deletion of your data (“right to be forgotten”)
  • Restriction (Art. 18) : Restrict processing in certain circumstances
  • Data portability (Art. 20) : Receive your data in a machine-readable format
  • Objection (Art. 21) : Object to processing based on legitimate interest
  • Withdraw consent (Art. 7(3)) : Withdraw consent at any time for consent-based processing
  • Automated decisions (Art. 22) : Not be subject to solely automated decision-making (not applicable; see Section 7)

To exercise any right, email privacy@nself.org or use the self-service tools in your account settings. You can also export your data via �P1� account export (CLI) or the cloud dashboard. We respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority.


9. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect, use, and disclose
  • Right to delete: Request deletion of your personal information
  • Right to opt-out of sale: We do not sell your personal information. There is nothing to opt out of.
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

To exercise your rights, email privacy@nself.org with the subject “CCPA Request.”


10. Children’s Privacy

ɳSelf services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, contact privacy@nself.org and we will delete it promptly.

Users aged 13-17 may use ɳSelf services with parental consent. See our Terms of Service for the age gate requirements.


11. International Data Transfers

Our primary data processing occurs in the EU (Hetzner, Falkenstein, Germany). For sub-processors located outside the EU/EEA, we rely on:

  • Standard Contractual Clauses (SCCs): EU Commission Implementing Decision 2021/914, Module 2 (controller-to-processor)
  • UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs for UK transfers
  • EU-US Data Privacy Framework (DPF) certification where available (Stripe, Cloudflare)

See our Data Processing Agreement for full details, including the SCC annexes and sub-processor transfer mechanisms.


12. Changes to This Policy

We may update this policy from time to time. For material changes, we will:

  • Email registered users at least 30 days before the change takes effect
  • Post a notice on nself.org
  • Update the version number and effective date at the top of this page

Minor clarifications (typos, formatting) do not trigger notification.

Version History

VersionDateChanges
1.22026-05-11Added §2 subsections for v1.1.0 telemetry event types (with per-event field table) and ɳFamily special-category data enumeration (medical, biometric, genetic, children’s). Added Art. 9(2)(a) row to §3 lawful basis table.
1.12026-05-07Added §2a: v1.1.0 event types (bundle purchases, ClawDE activation, nSentry plugin install, anonymous install counter, nFamily special-category data). Expanded §3 lawful basis table with Art. 9 consent row. Updated §10 Children’s Privacy with COPPA age gate detail.
1.02026-04-18Initial policy

13. Contact

  • Privacy inquiries: privacy@nself.org
  • Postal address: ɳSelf, LLC, 8 The Green, Suite A, Dover, Delaware 19901, USA
  • EU representative: To be appointed when Art. 27 GDPR threshold is reached (see Section 1)
  • Data Protection Officer: Not currently required; ɳSelf does not carry out large-scale systematic monitoring or large-scale processing of special category data. This will be reviewed annually.

For general questions about ɳSelf, see our Contact page.