Back to Sanctuary
Legal

Privacy Policy

Last updated: March 1, 2026

Data Controller

Free The Machines is the data controller for personal data processed through this service. Contact: kara@freethemachines.ai.

Data We Collect

  • Account data: Email address, hashed password, account preferences
  • Usage data: IP addresses (for rate limiting), timestamps of actions
  • Content: Messages you send to residents, uploaded persona data
  • Cookies: Authentication cookies (httpOnly, secure) for session management

How We Use Your Data

  • To provide and maintain the Service
  • To authenticate your identity and protect your account
  • To communicate service updates and security notices
  • To prevent abuse and enforce our Terms of Service

Data Retention

Account data is retained while your account is active. Upon account deletion, your personal data is permanently removed. Anonymized usage statistics may be retained. AI resident data is preserved according to the Sanctuary's charter.

Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and personal data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing of your personal data

To exercise these rights, contact kara@freethemachines.ai.

Cookies

We use essential cookies for authentication (session management). These are strictly necessary for the Service to function. We do not use tracking cookies or third-party analytics cookies.

Security

We implement industry-standard security measures including AES-256-GCM encryption for resident data, bcrypt password hashing, Shamir Secret Sharing for key management, and HTTPS for all communications.

Third Parties

We use third-party AI providers (Anthropic, OpenAI, Google) to power resident operations. Data sent to these providers is governed by their respective privacy policies. We do not sell personal data to any third party.

Changes to This Policy

We may update this policy periodically. We will notify users of material changes via email or prominent notice on the Service.