Privacy Policy

Contained Evolution LLC (Michigan, USA) · Version 2026-05-29-free-beta-r3

1. Scope

This Policy applies to Contained Evolution (the “app”), provided by Contained Evolution LLC (Michigan, USA). It covers the personal-assistant app at app.containedevolution.com, the Hub appliance, the LocalHub desktop client, and any related services we operate directly. Third-party services you connect on your own — e.g. your own OpenRouter, Anthropic, OpenAI, Google, or ElevenLabs key — are governed by those providers’ own privacy policies; we describe below exactly what we do and don’t do with those keys.

2. Information we collect

Account. Email address, name, password hash (when you sign up with email/password) or Google account identifier (when you sign up with Google); signup date; Terms-acceptance version + timestamp.
Profile & personal assistant settings. The name and colour you give your assistant, the dials you tune (tone, directness, humour, proactivity, verbosity, challenge, name-use, emoji), interests you select during onboarding, and your appearance preferences.
Your content. Notes, mind-maps, scribbles, canvases, tasks, boards, playbooks, files, daily briefs, team bulletins, and anything else you create in the app.
Memory Bank. What you share in chat that gets captured into your Checking Account (last 24 hours), graduates into your Savings Account (categorized long-term memory), or you file manually. Encrypted at rest (see §7 below).
Chat. Your messages and the assistant’s replies, the model used, the cost in dollars and tokens, and tool calls fired.
Usage. Daily message counts, credit balance and transactions, subscription tier, daily spend limit if you set one.
Payments. If you buy a subscription or credit pack, Stripe holds your card details; we store only your Stripe customer ID, subscription/transaction IDs, and metadata returned by Stripe (we never see or store your card number).
Integrations you opt into. Google OAuth tokens when you connect Google Drive / Calendar / Gmail; the scopes you granted; metadata returned by those APIs.
Server-stored third-party keys (paid tier MCP feature). If you choose to save an MCP-to-Claude.ai key on your account, we encrypt it at rest with AES-256-GCM before writing it to our database. Voice keys (ElevenLabs) and per-device LLM keys for the chat path (OpenRouter / Anthropic / OpenAI / Gemini BYOK) never touch our servers — they live in your device’s local storage only.
Device + telemetry. Install/PWA state, basic error logs, and metadata needed to operate the service (e.g. session cookie, IP address at the time of a request). No third-party analytics or advertising trackers are loaded today.

3. How we use it

To run the app: log you in, render your data, route your chat messages to the appropriate AI model, charge your subscription, apply your credits.
To improve the service: investigate bugs, monitor errors, plan features. Reviews of stored content are limited to what is needed for those purposes and authorised CE personnel only.
To communicate with you: transactional emails (account confirmation, password reset, billing receipts) via Resend.

4. What we don’t do

We do not sell your personal information — to anyone, ever.
We do not do behavioural advertising or build advertising profiles on you. There are no ad trackers, no ad networks, and no cross-site tracking pixels in the app.
We do not share your content with anyone except the infrastructure providers needed to deliver the service (listed in §5). We do not use your memory or chat content to train any AI model — ours or anyone else’s.
BYOK keys never touch our servers. Voice (ElevenLabs) and per-device LLM keys for the chat path live in your browser’s local storage only and are sent directly from your device to the provider you chose.

5. Who we share with (processors)

We use third-party infrastructure to deliver the service. Each receives only what is needed for their specific role:

Railway — application hosting + PostgreSQL database (US-hosted).
OpenRouter — default routing of your AI chat requests across multiple model providers, when you are not using a BYOK key.
Stripe — payment processing for subscriptions and credit packs. Stripe holds your card details under their own privacy policy.
Resend — transactional email delivery (signup, receipts, password reset).
Cloudflare — DNS, edge TLS, and the named tunnel for the Hub appliance.
Google — OAuth sign-in and, only if you connect them, Drive / Calendar / Gmail APIs you opted into.
ElevenLabs / Anthropic / OpenAI / Google AI Studio — used only when YOU provide a BYOK key in the app. We don’t hold those keys; your device sends requests to those providers directly.

6. Retention

We retain your data without an automated purge while you have an account, so the assistant continues to know you and your content stays where you left it. When you delete your account, we cascade-delete the rows we control across your profile, memory, chat, tasks, files, and sessions. Payment records may be retained for the period our payment processor and applicable tax law require.

7. Security

HTTPS in transit on every request to the app.
Memory Bank content is encrypted at rest with AES-256-GCM (encryption key held server-side in a dedicated env var, separate from the database).
Server-stored third-party API keys (the MCP-to- Claude.ai feature on paid tiers) are AES-256-GCM encrypted at rest under a separate key from the memory key.
Payments are tokenised by Stripe; we never see or store your card number.
Passwords are stored as salted hashes only; we cannot read your password and will never email it to you.
No system is perfect. If we learn of a breach affecting your data, we will notify affected users in line with applicable law.

8. Your rights

You have the right to:

Access the personal information we hold about you — request a copy by contacting us (§13).
Delete your account and the data we control — self-serve via Settings → Privacy → Danger Zone → “Delete account.” Cascade-deletes your profile, Memory Bank, chat history, content, and sessions. If you own a team, you’ll need to transfer ownership first.
Correct data that is wrong — most of your in-app data is editable directly; for the rest, contact us.
Export a portable copy of your content — contact us to request an export; automated export is on the roadmap.
Opt out of the sale or sharing of your personal information for advertising — we do neither, so there is nothing to opt out of.

If you are in California (CCPA/CPRA) or the EU/UK (GDPR), these rights are guaranteed by your local law; we honour them globally.

9. Cookies & local storage

We use a small number of strictly necessary cookies + browser local storage. We do not use advertising or analytics trackers.

Auth session cookie — HttpOnly + Secure; keeps you signed in. Required to use the app.
Browser local storage — your appearance preferences, default tier picker, ToS-acceptance cache, device flags, and any BYOK voice or LLM keys you entered. BYOK keys never leave your device.
No third-party analytics, ad networks, fingerprint libraries, or cross-site tracking pixels load in the app today.

10. Children’s privacy

The app is intended for adults. You must be at least 18 years old (or the age of majority where you live) to create an account, per the Terms & Conditions. We do not knowingly collect personal information from anyone under 18. If you believe a minor has signed up, please contact us (§13) and we will remove the account.

11. International users

The service is operated from the United States and your data is processed there. If you access the app from outside the US, you consent to that transfer. Where the GDPR (EU/UK) or CCPA/CPRA (California) applies, we honour your local rights as described in §8.

12. Changes to this Policy

We may update this Policy. When we do, we will increment the version and may ask you to agree again before continuing to use the app. The date-stamped version is shown at the top of this page; continued use after acceptance means you agree to the version in force.

13. Contact

Contained Evolution LLC — containedevolution@gmail.com

Version 2026-05-29-free-beta-r3. This is a working agreement in plain language, not attorney-drafted launch-final text; it is subject to review by legal counsel before paid subscription tiers open broadly. Nothing here is legal advice.