Appearance

SELF Terms of Service

Last Updated: November 13, 2025
Version: 7.0

What SELF Is

SELF is your private and productive set of digital tools. Unlike traditional apps, SELF operates on your infrastructure, not ours.

Beta Version

SELF is currently in beta. This means:

  • Features may change - We're actively developing and improving SELF
  • Performance may vary - Some features may not work perfectly yet
  • Feedback welcome - We value your input to help improve SELF
  • Use at your own risk - Beta software may have bugs or limitations

Progressive Web App (PWA)

SELF is a Progressive Web App, which means:

  • Installable - You can install SELF on your device like a native app
  • Offline capabilities - SELF can work offline for basic functions (planned feature)
  • Service workers - Background processes for caching and notifications (planned feature)
  • Cross-platform - Works on desktop, mobile, and tablet devices
  • No app store - Install directly from your browser without app store restrictions

🔒 We Cannot See Your Data (Zero-Knowledge Encryption)

This is the most important thing to understand about SELF:

  • ❌ We CANNOT see your conversations with AI
  • ❌ We CANNOT see your memory bank entries
  • ❌ We CANNOT see your messages or any encrypted content
  • ❌ We CANNOT recover your data if you lose your 12-word phrase

All your data is encrypted in YOUR browser before it leaves your device. We store encrypted blobs that are mathematically impossible for us to decrypt. This is called zero-knowledge encryption.

Your Data Stays Yours

  • We don't sell or mine your data - No advertisers, no profiling, no tracking
  • Client-side encryption - All data encrypted in your browser using WebCrypto API (AES-256-GCM)
  • Your 12-word phrase - Only YOU have the keys to decrypt your data (we don't have them)
  • You can leave anytime - Export or delete everything anytime

You Can Always

  • Access your data - It's on your infrastructure, you have full access
  • Delete your account - We'll remove your email, node ID and subscription details immediately
  • Export everything - Download all your data before leaving
  • Update information - Update your email or payment details anytime

We Can't And Won't

  • Try and access your messages or files
  • Track your browsing or searches
  • Lock you into our service

What You Can't Do

To keep SELF safe for everyone, please don't:

  • Share illegal content or use SELF for anything unlawful
  • Try to hack or interfere with our service or other users
  • Spam or harass other users through messaging features
  • Resell access to your SELF account or infrastructure

Your Content

Since your data stays on your infrastructure:

  • You own everything you create, upload, or store in SELF
  • You're responsible for ensuring you have rights to any content you add
  • We never see it - your content stays in your Memory Bank
  • Keep it legal - don't store anything that violates laws

Intellectual Property

  • SELF software - We own the SELF application, interface, and core technology
  • Your content - You retain full ownership of everything you create using SELF
  • AI outputs - You own the results generated by customized AI models within your Memory Bank
  • Open source - SELF uses open-source components (Ollama, etc.) under their respective licenses
  • No claims - We make no claims to your intellectual property or creative works

Security & Encryption

How We Protect Your Data

  • Client-side end-to-end encryption - All data encrypted in your browser using WebCrypto API (AES-256-GCM) before transmission
  • Zero-knowledge architecture - Server stores encrypted blobs and cannot decrypt your data
  • BIP39 wallet keys - Encryption keys derived from industry-standard 12-word secret phrase
  • TLS encryption in transit - All data (even encrypted blobs) protected by HTTPS during transmission
  • Stripe payment security - All payment processing uses Stripe's PCI-compliant encryption and security protocols
  • Both tiers - Zero and Connect tiers use identical client-side E2E encryption for maximum privacy
  • No server access - Server cannot read your conversations, memories, or any encrypted content

App Permissions

SELF requests only the permissions necessary for core functionality:

  • File system access - To save and sync your documents and data locally
  • Network access - To connect to your Memory Bank and sync data
  • Notification permissions - To alert you about important updates or security issues
  • Optional: Camera/microphone - Only when you choose to upload media or use voice features
  • Core functionality works - SELF operates fully even if you deny optional permissions

Passkey Authentication

SELF uses Passkey (WebAuthn/FIDO2) authentication for secure, passwordless access:

  • Passwordless security - Passkeys use cryptographic keys stored securely on your device, eliminating password vulnerabilities
  • Device-based authentication - Passkeys are tied to your device and cannot be phished or stolen like passwords
  • Biometric support - Use your device's biometric authentication (fingerprint, face recognition, etc.) for convenient and secure access
  • No password storage - We do not store passwords. Only public key information necessary for authentication verification is stored
  • Device security responsibility - You are responsible for securing the device where your Passkey is stored
  • Account recovery - If you lose access to all devices with your Passkey, account recovery may be limited. Contact support for assistance
  • Multi-device support - You can register Passkeys on multiple devices for redundancy
  • Separate from encryption - Passkeys authenticate you (login), but your 12-word secret phrase encrypts your data. Losing your phrase means permanent data loss.

Vulnerability Reporting

Found a security issue? We want to hear from you:

  • Security contact - Report vulnerabilities to justine@self.app (Justine Butler, Head of Operations)
  • Responsible disclosure - We'll acknowledge reports within 48 hours and work with you on fixes
  • Security updates - Critical security patches are released immediately and pushed to all users
  • No penalties - Good faith security research is welcomed and protected

Third-Party Services

Memory Bank Definition

Your Memory Bank uses client-side end-to-end encryption for all tiers on PostgreSQL (EU data residency):

  • Both Tiers – All data is encrypted client-side in your browser using WebCrypto API (AES-256-GCM) before transmission to PostgreSQL. Server stores encrypted blobs and cannot decrypt your data. This provides zero-knowledge security with seamless cross-device access using your 12-word phrase.
  • Data Export – Both tiers can export their complete decrypted data anytime via Settings. Your conversations and memories are decrypted in your browser and available for download in JSON format.
  • Recovery Phrase – Your 12-word secret phrase is the ONLY way to recover your encrypted data. If you lose this phrase, your data cannot be recovered. SELF cannot help you recover a lost phrase due to zero-knowledge architecture.

Service Dependencies

  • Service availability depends on Cloudflare Pages, Railway, RunPod, Stripe, and Ollama services
  • Performance may vary based on Cloudflare CDN, Railway, and RunPod container infrastructure conditions
  • Data sovereignty is maintained through Memory Bank isolation and EU-based AI processing
  • Payment security is handled by Stripe's certified infrastructure
  • Frontend reliability depends on Cloudflare Pages hosting and CDN
  • Backend reliability depends on Railway's cloud infrastructure
  • AI processing reliability depends on RunPod's isolated container infrastructure in EU data centers

Cloudflare Pages

  • SELF uses Cloudflare Pages for frontend hosting and global content delivery
  • Cloudflare maintains SOC 2 Type 2, ISO 27001, and GDPR compliance
  • Your use of SELF is subject to Cloudflare's Terms of Service
  • We are not responsible for Cloudflare service interruptions or changes
  • Cloudflare's privacy policy applies to their processing of your frontend requests
  • For more information about Cloudflare's security and compliance, visit cloudflare.com/trust-hub

RunPod AI Infrastructure

  • SELF uses RunPod to provide isolated personal container infrastructure for AI processing in EU data centers
  • Each user receives dedicated isolated containers running Ollama AI models. No shared infrastructure for AI processing.
  • All AI processing occurs exclusively in EU data centers, ensuring GDPR compliance and no international data transfers
  • RunPod operates as infrastructure provider only and has no access to your AI interactions, conversations, or model outputs
  • Your use of SELF is subject to RunPod's Terms of Service
  • We are not responsible for RunPod service interruptions or changes
  • RunPod's privacy policy applies to their provision of container infrastructure (not your AI data)
  • Container isolation ensures complete privacy - your AI conversations never leave your isolated container infrastructure
  • When your account is deactivated, all container data is permanently deleted

Memory Bank Lifecycle

Your Memory Bank follows this lifecycle:

  • Creation - Storage is created when you first use SELF (available for both Zero and Connect tiers)
  • Isolation - Your storage is completely isolated from other users' data
  • Runtime - Storage holds your conversations and AI processes them securely
  • Encryption - All data is encrypted at rest with EU data residency
  • Automatic deletion - Storage and all data are permanently deleted when you deactivate your account
  • No recovery - Once deleted, storage data cannot be recovered

Railway Infrastructure

  • SELF uses Railway for backend API hosting, database services, and Memory Bank storage
  • Railway maintains SOC 2 Type II, SOC 3, HIPAA BAA (available), and GDPR compliance
  • All Memory Bank data is stored in PostgreSQL with EU data residency for GDPR compliance
  • Your use of SELF is subject to Railway's Terms of Service
  • We are not responsible for Railway service interruptions or changes
  • Railway's privacy policy applies to their processing of your account data and Memory Bank storage
  • For more information about Railway's security and compliance, visit Railway Compliance Documentation or trust.railway.com

Ollama AI Models

  • SELF uses Ollama, an open-source AI model runtime, running in isolated personal containers on RunPod infrastructure - Powered by Ollama
  • Ollama runs within your dedicated isolated container in EU data centers - your AI conversations never leave your isolated infrastructure
  • Each user has dedicated isolated containers ensuring complete privacy and data separation
  • No data sharing with model providers - Your conversations and AI interactions are processed entirely within your isolated container. Model providers (Ollama, Meta, or any model creators) never receive your data, conversations, or AI interactions. Your data does not go back to model providers.
  • No model training - We do not use your conversations to train models, and model providers do not receive your data for training purposes
  • Model performance and availability depend on Ollama's open-source service and RunPod container infrastructure
  • We are not responsible for Ollama model updates or changes
  • Your AI conversations are processed by Ollama models within your isolated container but not stored by Ollama or any third party
  • Model availability may change as Ollama updates their model library
  • No third parties have access to your AI interactions - all processing occurs within your isolated EU-based container
  • For more information about Ollama, visit ollama.com or their GitHub repository

Web Search Services

  • Tier differences - Zero tier provides basic search; Connect tier provides advanced search.
  • Providers - Zero tier uses SearXNG (privacy-focused meta-search). Connect tier uses Brave Search API. Providers may change over time; this page will be updated accordingly.
  • Content filtering - Zero tier uses moderate content filtering. Connect tier uses no content filtering by default.
  • Search results are provided "as-is" and we do not guarantee their accuracy or completeness.
  • We are not responsible for the content or accuracy of search results from third-party sources.
  • Search functionality is available to both SELF Zero and Connect users.
  • Service availability depends on third-party infrastructure and may be temporarily unavailable.

Search Service Limitations

  • Third-party dependency - Search services depend on external providers
  • No guarantees - We do not guarantee the accuracy, completeness, or reliability of search results
  • User responsibility - You are responsible for evaluating and verifying information from search services
  • Service interruptions - Search services may be unavailable due to third-party issues
  • No liability - We are not liable for decisions made based on search results
  • Content changes - Search provider behavior may change without notice

Stripe Payment Processing

  • SELF uses Stripe for secure payment processing and subscription management
  • During signup, we use Stripe's fraud detection (Stripe Radar) to verify payment methods
  • Stripe may analyze transaction patterns and geographic data for fraud prevention
  • We do not store IP addresses or payment details on our servers
  • Your use of payment services is subject to Stripe's Terms of Service
  • For more information about Stripe's security practices, visit docs.stripe.com/security
  • For detailed information about Stripe's privacy practices, visit stripe.com/privacy-center

Billing and Payments

Subscription Plans

  • SELF Zero (Free) - Memory Bank with client-side E2E encryption. 10 messages/day, basic search, and seamless cross-device sync using your 12-word phrase.
  • SELF Connect (USD$20/month) - Memory Bank with client-side E2E encryption (same zero-knowledge security as Zero tier). Enhanced features include 100 messages/day, advanced search, voice input, and AI personality customization.

Data Export and Recovery

  • Both Tiers – You can export your complete decrypted data anytime via Settings (requires your 12-word phrase). Your conversations and memories are decrypted in your browser and available for download in JSON format.
  • Data Recovery – Your 12-word secret phrase is required to decrypt and recover your data. Both tiers use client-side E2E encryption. Lost phrase = permanent data loss (zero-knowledge architecture means SELF cannot recover your data).

Payment Terms

  • Billing cycle - Monthly subscriptions renew automatically
  • Payment due - Charged immediately upon signup and each renewal
  • Failed payments - Service suspended after 7 days, cancelled after 30 days
  • Price changes - 30 days notice for existing subscribers

Refunds and Cancellation

  • Cancel anytime - No long-term contracts or cancellation fees
  • Immediate access - Use your paid features until the end of your billing period
  • No partial refunds - Subscriptions are billed monthly in advance
  • Refund exceptions - Technical issues preventing service use (contact legal@self.app)

Data Retention After Cancellation

  • Trial users - 24 hours to export your data after trial cancellation
  • Paid subscribers - 30 days to export your data after subscription cancellation
  • Email notifications - We'll send advance warning before any automatic deletion
  • Data export - Download your conversations and memories anytime via Settings

Service Limitations

What We Can't Promise

  • 100% uptime - Services may be unavailable due to maintenance or technical issues
  • Perfect performance - Speed and responsiveness depend on many factors beyond our control
  • Bug-free experience - We fix issues quickly but can't guarantee zero bugs
  • Third-party reliability - Infrastructure providers (RunPod, Railway), Stripe, and Ollama issues may affect your experience

When Things Go Wrong

  • Planned maintenance - We'll give advance notice when possible
  • Unexpected outages - We'll work to restore service as quickly as possible
  • Data loss prevention - Your data is backed up, but you should also keep your own backups
  • Security incidents - We'll notify you promptly of any issues affecting your data

Force Majeure

We are not liable for service interruptions caused by events beyond our reasonable control, including:

  • Natural disasters - Earthquakes, floods, fires, or other natural events
  • Infrastructure failures - Major outages by Cloudflare, RunPod, Railway, or Stripe
  • Government actions - Regulatory changes, sanctions, or internet restrictions
  • Cyber attacks - Large-scale attacks on internet infrastructure
  • Pandemics - Public health emergencies affecting global infrastructure

During force majeure events, we will work to restore service as soon as reasonably possible and keep you informed of our progress.

Security Updates & Maintenance

  • Security patches - We provide prompt updates to fix any security vulnerabilities
  • Third-party updates - We monitor and update dependencies when security fixes are available
  • Automatic notifications - Critical security updates are pushed to users via our in-app notification system
  • Supply chain monitoring - We continuously monitor our infrastructure providers (RunPod, Railway), Stripe, and Ollama for security updates

Removing SELF

Since SELF is a Progressive Web App (PWA), you can remove it anytime:

  • From your device - Remove the PWA from your device's app list or home screen
  • Browser data - Clear your browser's local storage and cache for SELF
  • Account closure - Use the Settings > Legal page in the app to request account closure and data deletion
  • Data export - Export your data before removing via Settings > Legal page

Important Disclaimers

Use SELF At Your Own Risk

While we work hard to make SELF reliable and secure:

  • SELF is provided "as is" - We can't guarantee it will meet all your specific needs
  • Your business decisions - Any choices you make based on SELF outputs are entirely your responsibility
  • Third-party issues - We're not responsible for problems caused by infrastructure providers (RunPod, Railway), Stripe, or Ollama
  • Data safety - While we protect your data, you should maintain your own backups

Limitation of Liability

To the maximum extent permitted by law:

  • No liability for indirect damages - We're not responsible for lost profits, data, or business opportunities
  • Maximum liability - Our total liability is limited to the amount you paid us in the past 12 months
  • Legal protection - This protects both you and us from unreasonable legal costs
  • Your local laws - Some jurisdictions don't allow these limitations, so they may not apply to you

Account Termination

When We May Terminate Your Account

We may suspend or terminate your account if you:

  • Violate these terms - Breach any of our terms of service
  • Illegal activity - Use SELF for unlawful purposes
  • Security threats - Attempt to hack or compromise our systems
  • Payment issues - Repeated failed payments or fraudulent activity
  • Abuse - Harassment or harmful behavior toward other users

Termination Process

  • Notice - We'll give you reasonable notice before termination (except for serious violations)
  • Data export - You can export your data before termination
  • Appeal process - Contact legal@self.app to dispute termination decisions
  • Account data deletion - Your account data will be deleted within 30 days of account termination (separate from trial cancellation policies above)

We May Update These Terms

  • To clarify existing policies
  • Comply with legal requirements
  • But we will never change these terms to reduce your privacy, sell your data, or add tracking without your consent

Legal Stuff (The Necessary Parts)

General

  • These terms are governed by Australian law, where SELF Technology Pty Ltd is incorporated
  • We prefer to resolve issues directly with you, and if needed, disputes will be handled through binding arbitration
  • If any part of these terms is found invalid, the rest remains in effect
  • SELF is not intended for users under 13, though some countries may have different minimum age requirements. We defer to local laws and regulations in your jurisdiction. We do not knowingly collect data from children under the applicable age limits
  • By using SELF, you agree to these terms. If you don't agree, please don't use our service
  • The SELF Token is offered via SELF Technology Ltd, Intershore Chambers, Road Town, Tortola, British Virgin Islands, VG1110, (BVI IBC Number 2169550)

International Data Transfers

  • Primary location - Australia (SELF Technology Pty Ltd)
  • AI processing - RunPod isolated containers in EU data centers only. No international transfers for AI processing data.
  • Backend API hosting - Railway (US-based cloud infrastructure provider)
  • Payment processing - Stripe (US-based payment processor)
  • Legal framework - Australian Privacy Principles with GDPR-equivalent protections
  • Transfer safeguards - Standard contractual clauses with Railway and Stripe. RunPod operates in EU-only data centers with no international transfers.
  • User data - Remains isolated in your Memory Bank with EU data residency
  • AI data sovereignty - All AI processing data remains in EU data centers with no international transfers

Legal Basis for Processing (EU Users)

  • Contract performance - Processing necessary to provide SELF services
  • Legitimate interests - Service optimization and security
  • Consent - For optional features and communications

Data Retention

  • Account data - Retained while your account is active
  • Memory Bank data - Automatically deleted when your subscription is deactivated
  • Payment data - Retained by Stripe as required by law (typically 7 years)
  • Error logs - Retained for 30 days for debugging purposes

Contact Us

Email: legal@self.app

Mail: SELF Technology Pty Ltd, 194 Varsity Parade, Varsity Lakes, Queensland 4227, Australia

© SELF 2026