Appearance

SELF Privacy Policy

Last Updated: May 26, 2026
Version: 9.4.1

Our Privacy Promise: We Cannot See Your Data

SELF uses zero-knowledge encryption. This means we mathematically CANNOT access your data:

  • ❌ We CANNOT read your stored AI conversation history (client-side encrypted in your Memory Bank)
  • ❌ We CANNOT see your memory bank entries
  • ❌ We CANNOT see your messages or any content
  • ❌ We CANNOT decrypt your data (we don't have your keys)

Your data is encrypted in YOUR browser using encryption keys derived from your 12-word recovery phrase (via BIP39) before it ever leaves your device. We store encrypted blobs that only YOU can decrypt. Not us - only you.

Our Six Privacy Commitments

SELF is built on six fundamental commitments to privacy and data sovereignty:

  • Human rights alignment - We make decisions that are in accordance with human rights
  • Harm prevention - We do not cause or enable harm whilst upholding those rights
  • Data ownership - We enable people to have control and ownership of their own data, and decide how it is used
  • Transparency - We are fully transparent in our practices so that people understand how we operate
  • Regulatory compliance - We uphold regulation and legislation in whatever territories we operate
  • No commercial compromise - We do not sacrifice any of our responsibilities in pursuing commercial gain

Data Minimization

We adhere to the principle of data minimization, collecting only the personal data that is necessary for the specific purposes outlined in this policy. We regularly review our data collection practices to ensure continued compliance with privacy regulations.

The SELF Difference

Unlike traditional apps that vacuum up your data, SELF operates on a fundamentally different model:

  • Zero-knowledge encryption = Server cannot access your data
  • Your recovery phrase = Derives encryption keys via BIP39 (only you have access)
  • Your data = Your property (client-side encrypted)

What We Collect

Account Information

  • Username - Your chosen unique identifier (required for account creation)
  • Account UUID - Technical identifier for your account
  • Account creation date - For account management
  • Usage volumes - Stored temporarily for display purposes only, not permanently retained

Legal Basis: Contract performance (necessary to provide SELF services). GDPR data minimization: we store only what is required for login and communications, specifically a lookup-only HMAC of your normalized email and an encrypted copy for communications.

Note: Stripe may collect email addresses independently during payment processing. SELF never returns plaintext email via APIs; we store a lookup-only hash of your email for sign-in and an encrypted copy for operational email (AES-256-GCM). Admin tools display masked email only.

Authentication & Encryption Information

  • Primary authentication: Passkey - SELF uses WebAuthn passkeys (Face ID/Touch ID/fingerprint) as the primary authentication method. We store a lookup-only hash of your normalized email and an encrypted copy of your email (AES-256-GCM, stored in our database) for communications.
  • Secondary/Recovery authentication: Email + OTP + Recovery Phrase - Available as fallback for scenarios where passkeys are unavailable.
  • Email privacy - Plaintext email is never returned by APIs. Email is stored encrypted in our database (AES-256-GCM). Admin tools show masked email only. Encrypted email is used only for transactional communications.
  • Recovery phrase privacy - Recovery phrase never transmitted to server. Encryption keys derived client-side only using BIP39 (mnemonic to seed).
  • Passkey credentials - WebAuthn passkeys (WebAuthn/FIDO2) are the primary authentication method with biometric support.
  • No passwords stored - We do not store passwords. OTP codes expire after 10 minutes, single-use only.
  • Encryption key derivation - Encryption keys are derived from 12-word recovery phrase using BIP39 (mnemonic to seed). Recovery phrase is required for encryption key derivation on all devices.
  • Recovery limits - Email enables OTP-based account login if you still control your email. It does not allow data recovery. Only your recovery phrase can decrypt your data. If you lose your recovery phrase, your encrypted data is permanently inaccessible.

Legal Basis: Contract performance (necessary for secure account access and data encryption)

Payment Information (Paid Tiers Only)

  • Billing information - Processed by Stripe, our secure payment provider
  • Subscription status - Active, cancelled, expired
  • Transaction records - For billing support and compliance
  • Fraud prevention - Stripe Radar analyzes transaction patterns for security

Important: We never store credit card details on our servers. Payment card data is handled entirely by Stripe. We may use IP addresses briefly for security (for example OTP and login rate limiting) but not for advertising or long-term profiling.

Legal Basis: Contract performance (billing and subscription management)

Technical Coordination Data

  • Node connection status - To ensure your services are running
  • Basic performance metrics - Anonymous server health data only
  • Security-related IP use - IP addresses may be used briefly for login rate limiting and abuse prevention (not retained for profiling)
  • Error logs - Anonymous debugging information (no personal content)

Legal Basis: Legitimate interests (service optimization and security)

What We DON'T Collect

Your Personal Content

  • Files and documents - Encrypted client-side, server cannot decrypt
  • Messages and conversations - Client-side E2E encryption using keys derived from your recovery phrase (via BIP39). Server stores encrypted blobs only.
  • Encryption keys - Derived from your recovery phrase using BIP39 (mnemonic to seed). Server never sees your recovery phrase or encryption keys.
  • Browsing history - Never sent to us
  • Location data - We don't track where you are
  • Device information - Beyond basic compatibility checks

AI Model Processing

  • Model outputs at rest - Stored in your Memory Bank as client-side encrypted blobs
  • Live AI processing - Prompts are processed on our dedicated EU GPU infrastructure to generate responses; we do not use your conversations to train models or share them with third-party model providers
  • Dedicated infrastructure - AI inference runs on dedicated (non-shared) GPU hardware in the EU, separate from multi-tenant cloud compute
  • No data sharing with model providers - Your conversations and AI interactions are not used to train third-party models. Model providers do not receive your data for training purposes.
  • No model training - We do not use your conversations to train models. Your AI usage is private to you.
  • Memory Bank storage - AI conversation history is stored as client-side encrypted blobs; the server cannot decrypt your content
  • EU data residency - AI processing and encrypted storage use EU-based infrastructure

Behavioral Analytics

We do not use advertising analytics, cross-site tracking, or behavioral profiling:

  • No ad profiles - We don't build profiles for advertisers or data brokers
  • No cross-site tracking - We don't follow you across other websites or apps
  • No click tracking - No behavioral analytics for marketing purposes

Advertising Data

  • Profile building - We don't create user profiles for advertisers
  • Interest tracking - We don't categorize your interests for advertisers
  • Third-party data - We don't buy or sell data about you or with anyone

Your Rights and Controls

Access and Control

  • View your data - See exactly what account information we have
  • Correct errors - Update your username or billing details
  • Export data - Download your account information
  • Delete account - Remove all your data from our systems

Data Portability

  • Account export - Download your account data in standard formats
  • Service migration - Move to other providers if desired
  • No lock-in - Export your data and leave anytime

Data Breach Response

In the unlikely event of a data breach that poses risks to your privacy, we will notify you and relevant authorities within 72 hours of becoming aware of the breach, as required by GDPR. Our incident response procedures ensure rapid containment and assessment of any security issues.

Data Protection Officer

As we do not conduct large-scale monitoring or process special categories of data at scale, we are not required to appoint a Data Protection Officer under GDPR. For data protection inquiries, contact: privacy@self.app

Automated Decision-Making

We do not use automated decision-making or profiling that would significantly affect you. Any automated processes (such as fraud detection by Stripe Radar) are limited to payment and subscription integrity and do not grant access to your zero-knowledge encrypted content. You retain full control over your account and data.

Contact Us About Privacy

Privacy Questions: privacy@self.app

Data Requests: legal@self.app

Mail: SELF Technology Pty Ltd, 194 Varsity Parade, Varsity Lakes, Queensland 4227, Australia

Third-Party Data Processing

SELF uses several third-party services for infrastructure and payments. Here's how your data is processed:

Memory Bank Definition

Your Memory Bank uses client-side end-to-end encryption for all tiers. Encrypted data is stored on single-tenant bare metal servers in the EU (PostgreSQL). Server stores encrypted blobs and cannot decrypt your data:

  • Both Tiers – Data is encrypted client-side in your browser using WebCrypto API (AES-256-GCM) with keys derived from your recovery phrase (via BIP39) before transmission to PostgreSQL. Server stores encrypted blobs and cannot decrypt your data. This provides zero-knowledge security with seamless cross-device access via recovery phrase (same phrase = same keys on all devices).
  • Data Export – Both tiers can export their complete decrypted data anytime via Privacy page. Your conversations and memories are decrypted in your browser and available for download in JSON format.
  • Recovery Phrase Backup – Your 12-word recovery phrase is the ONLY way to decrypt your data. There are no recovery codes, recovery kits, or email-based recovery options. These would be security backdoors that compromise zero-knowledge architecture. Encryption keys are derived from your recovery phrase using BIP39. If you lose your recovery phrase, your data cannot be recovered. SELF cannot help you recover lost recovery phrase access due to zero-knowledge architecture. We encourage you to securely backup your recovery phrase (shown once during onboarding, cannot be recovered if lost).

Data Processing Summary

  • Frontend CDN - Delivers our static frontend application (public JS/CSS/HTML only; no user ciphertext)
  • EU backend (bare metal) - API, database, encrypted Memory Bank, messaging, mail, and signaling on single-tenant bare metal in the EU
  • EU object storage - Encrypted attachments and mail blobs on dedicated EU object storage (S3-compatible); content remains client-side encrypted
  • Dedicated GPU infrastructure (EU) - AI text and image processing on dedicated (non-shared) GPU hardware in EU data centers
  • Stripe - Processes subscription and card payments securely (PCI compliant, no card data stored by us)
  • Search services (Connect tier) - Anonymous web search and URL retrieval queries sent to third-party providers (not linked to your identity; not stored in your Memory Bank). Providers may change and this policy will be updated accordingly.

SELF Chain Validator Infrastructure

SELF Chain operates on a fully decentralized, browser-based validator model:

  • Browser-based validators - Every user runs their own fully validating blockchain node directly in their browser. Validators construct blocks, validate transactions, and participate in consensus entirely client-side.
  • Client-side encryption - All validator operations, including block construction and validation, occur in your browser with full client-side encryption. Validator keys are derived from your recovery phrase and never leave your device.
  • Zero-knowledge architecture - Validator keys and blockchain operations remain encrypted and inaccessible to any server. Your browser is a full node with complete blockchain functionality.
  • Prize draw coordination - Prize draw orchestration runs on the same EU single-tenant bare metal infrastructure as other backend services. Coordinators have no access to validator keys or blockchain operations.

EU Infrastructure

Production services that handle user data run on single-tenant bare metal and dedicated EU-based infrastructure:

  • Single-tenant bare metal - Backend API, database, messaging, mail, and signaling on dedicated physical servers in the EU (not shared multi-tenant cloud compute)
  • Dedicated GPU hardware - AI text and image inference on dedicated (non-shared) GPU servers in EU data centers
  • Encrypted object storage - Memory Bank blobs, attachments, and mail storage on dedicated EU object storage; content remains client-side encrypted
  • Infrastructure provider role - Infrastructure providers host and operate systems only. They cannot decrypt your zero-knowledge encrypted content.
  • Account deactivation - When your account is deactivated, associated storage is permanently deleted per our retention policy

Legal Basis: Contract performance (necessary to provide SELF services with EU-based infrastructure)

Account & Payment Data

  • Account data - Username, subscription status, and usage metrics on EU single-tenant bare metal PostgreSQL. Email stored encrypted (AES-256-GCM).
  • Payment data - Stripe handles payment processing; we don't store card information

Data Export and Recovery

  • Both Tiers – You can export your complete decrypted data anytime via Settings. Your conversations and memories are decrypted in your browser and available for download in JSON format.
  • Data Recovery – Your 12-word recovery phrase is required to decrypt and recover your data. There are no recovery backdoors (no recovery codes or kits). Encryption keys are derived from your recovery phrase using BIP39 (client-side only, never transmitted to server). Both tiers use client-side E2E encryption. Lost recovery phrase = permanent data loss (zero-knowledge means SELF cannot recover your data). Securely backup your recovery phrase (shown once during onboarding, cannot be recovered if lost).

Service Metadata

  • Memory Bank identifiers - Technical identifiers for your isolated Memory Bank
  • Session metadata - Anonymous usage patterns for service optimization
  • Performance metrics - Response times and system health (no personal content)
  • Error logs - Anonymous debugging information for service improvement

Search Services

Web Search Integration (Connect Tier)

Web search is available on the Connect tier only (including during the 3-day free trial). When you enable search in chat, your query is sent anonymously to a third-party search provider—it is not linked to your SELF account or identity.

  • Availability - Connect tier only; not available on Zero
  • Anonymous queries - Search text is not tied to your account, username, or email
  • Data processing - Queries are transmitted to the provider to retrieve results; URL content retrieval works the same way
  • Result accuracy - Search results are provided "as-is" from third-party sources; we do not verify or guarantee their accuracy
  • No retention - Search queries are not stored in your Memory Bank or our systems

Search Service Disclaimers

  • Third-party content - All search results come from external sources beyond our control
  • No endorsement - SELF does not endorse or verify the accuracy of search results
  • User responsibility - You are responsible for evaluating the credibility and accuracy of information from search services
  • Service availability - Search services depend on third-party availability and may be temporarily unavailable
  • No liability - We are not liable for decisions made based on search results

International Data Transfers

  • Primary location - Australia (SELF Technology Pty Ltd)
  • AI processing - Dedicated GPU infrastructure in EU data centers
  • Backend API hosting and encrypted Memory Bank storage - Single-tenant bare metal servers in the EU (PostgreSQL; encrypted blobs only)
  • Frontend delivery - Static frontend assets delivered via a third-party CDN
  • Payment processing - Stripe (US-based payment processor)
  • Legal framework - Australian Privacy Principles with GDPR-equivalent protections
  • Transfer mechanisms - We rely on Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards for transfers to Stripe where applicable. Encrypted Memory Bank storage uses EU-based single-tenant bare metal infrastructure.
  • AI data residency - AI processing uses dedicated EU-based GPU infrastructure
  • Additional safeguards - All transfers include appropriate technical and organizational measures for data protection

Changes to This Policy

Notification Process

  • 30 days advance notice for any material changes
  • In-app notification to all active users
  • Clear explanation of what's changing and why

Our Commitments

We will never change this policy to:

  • Start collecting data we previously didn't collect
  • Share data in ways we previously didn't
  • Reduce your privacy protections
  • Introduce tracking or advertising

Data Retention Periods

We retain different types of data for specific periods based on legal requirements and service needs:

  • Account information - Retained while your account is active and for 30 days after deletion
  • Payment data - Retained by Stripe for 7 years (legal requirement for financial records)
  • Secure vault/AI data - Trial users: automatically deleted 24 hours after trial cancellation with advance in-app notice. Paid users: automatically deleted when subscription is deactivated
  • Usage logs - Retained for 30 days for debugging and service optimization
  • Support communications - Retained for 2 years for service improvement and legal compliance
  • Transactional email only - We send account, billing, and trial-related emails only; we do not send marketing newsletters

Trial Data Deletion Process

For trial users who don't convert to paid subscriptions, we follow a clear deletion process to maintain storage efficiency while protecting your privacy:

  • Trial warning - In-app alert during last 24 hours of trial with upgrade and cancellation options
  • Cancellation notice - In-app notification when trial is cancelled with 24-hour deletion schedule
  • Grace period - 24 hours to export your conversations and memories via Settings
  • Automatic deletion - Memory Bank data permanently deleted 24 hours after trial cancellation
  • Deletion confirmation - In-app confirmation when deletion is complete
  • Audit trail - Deletion events logged for compliance and transparency

Legal Basis: Legitimate interests (cost management and storage efficiency) balanced with user rights (advance notice and data export opportunities)

SELF Chain Prize Draw Program

SELF Chain operates a promotional prize draw program where users earn entries through validator participation:

  • Prize draw entries - We collect validator participation data to calculate prize draw entries (1 vote = 1 entry)
  • Winner records - Winner information (user ID, prize amount, draw date) is retained for 5 years (Queensland regulatory requirement)
  • Privacy protection - Winners may request anonymity; winner names published only with permission
  • Legal basis - Contract performance (providing prize draw program as part of SELF Chain participation)

Age Requirements and Children's Privacy

SELF is intended for users 18 years or older. We do not knowingly collect personal data from users under 18.

If we discover we have collected information from a user under 18, we will delete it immediately and, where possible, notify their parent or guardian.

If you are a parent or guardian and believe someone under 18 has provided us with personal information, please contact us at privacy@self.app.

Regulatory Information

Australian Privacy Principles

This policy complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles.

GDPR Compliance

For users in the EU, we provide equivalent protections under the General Data Protection Regulation.

Data Protection Rights

You have the right to:

  • Be informed about data processing
  • Access your personal data
  • Rectify inaccurate data
  • Erase your data
  • Restrict processing
  • Data portability
  • Object to processing

Exercising Your Rights with Third-Party Data

For data processed by our infrastructure providers, Stripe, and AI services:

  • Access requests - Contact us at legal@self.app to access your data
  • Deletion requests - Your Memory Bank data is automatically deleted when your subscription is deactivated
  • Portability - We can export your account data, but AI conversations remain in your Memory Bank
  • Restriction - You can stop using SELF services to restrict further processing
  • Objection - Contact us if you object to how your data is processed by third parties
  • Payment data - For Stripe-related data requests, we can facilitate contact with Stripe support