Privacy Policy

1. Introduction

The Service (the Kagura AI Cloud Edition) is an AI memory platform operated by the data controller identified in the "Data Controller" section below. This Privacy Policy explains what personal data we collect, why we collect it, how we store and protect it, and the rights you have over it. The meaning of the terms used in this policy is set out in "Definitions" below.

This policy is written to comply with the EU General Data Protection Regulation (GDPR), the Japanese Act on the Protection of Personal Information (APPI, 個人情報保護法), and the California Consumer Privacy Act (CCPA / CPRA), whichever is applicable to you. We follow the principles of data minimization, purpose limitation, and transparency.

Scope — cloud edition only. This policy applies only to the cloud edition of Kagura AI we operate, provided on the kagura-ai.com domain (including its subdomains, e.g. memory.kagura-ai.com). The open-source (OSS) edition of Kagura AI is not covered by this policy; for the OSS edition, please follow github.com/kagura-ai/memory-cloud.

2. Definitions

In this policy, the following words have the meanings set out below. Terms shared with the Terms of Service match the definitions given there.

• "We", "our", "us" means Kagura AI, Inc., identified in the "Data Controller" section below.
• "the Service" means the Kagura AI Cloud Edition that we provide, on the kagura-ai.com domain (including its subdomains, e.g. memory.kagura-ai.com).
• "OSS edition" means the open-source edition of Kagura AI published at github.com/kagura-ai/memory-cloud. The OSS edition is not covered by this policy.
• "you" means the individual who uses the Service, or whose personal data we process in connection with the Service (corresponding to the "User" in the Terms of Service).
• "personal data" means information that can identify a specific individual. In this policy it is used as an umbrella term covering "personal data" under the GDPR and "personal information" (個人情報) under the APPI; we use "personal information" interchangeably.
• "memories" means the summaries, contexts, contents, tags, and accompanying details you store in the Service (included within "User Content" as defined in the Terms of Service).

3. Data Controller

Controller: Kagura AI, Inc. (Kagura AI 株式会社)

Address: Miyamasuzaka Building 609, 2-19-15 Shibuya, Shibuya-ku, Tokyo, Japan

Representative: Hisashi Ikenaga

Contact for privacy requests: privacy@kagura-ai.com

Jurisdiction: Japan. Data-protection law of Japan (APPI) governs this policy. Nothing in this policy affects the rights of EU / UK residents under the GDPR or those of California residents under the CCPA / CPRA.

We have not designated a separate Data Protection Officer (GDPR Art. 37 does not require one for our scale and processing profile); the controller listed above is the point of contact for all requests.

EU / UK representative (GDPR Art. 27). We have not appointed an EU or UK representative, relying on the Art. 27(2) exemption for occasional processing that does not include large-scale processing of special categories of data. If the scale of our processing of EU / UK residents' data changes, we will appoint a representative and name them here.

4. Personal Data We Collect

We collect only the data we need to run the Service, and we collect it only from you — directly from your input and from the OAuth provider you choose at sign-in. We do not buy personal data from data brokers and we do not scrape public sources to build profiles about you. Concretely:

Identity & authentication — when you sign in with your Google or GitHub account (OAuth): your email address, the permanent identification number that service assigns to your account, your display name (optional), your profile-picture URL (optional), and for GitHub your username. We also record which service you signed in with (Google / GitHub) so your next sign-in attaches to the same account.

Password authentication — for the initial administrator account only: a login ID and a scrambled, irreversible form of the password (a hash). Optionally, a key for two-factor authentication. We never store passwords as readable text.

Session data — a random, meaningless identifier that keeps you signed in. It is stored in your browser as a cookie (kagura_session) with a matching record on our servers, and becomes invalid automatically after 7 days or when you log out.

Signup allowlist — when registration is limited to pre-approved people (the signup gate): the identification number of each approved GitHub account, the username at the time it was added, how it was added, its current state (active / in grace period / revoked), and which administrator added it. Approval is matched on the permanent identification number, so changing your username does not affect it.

Memories — the summaries, contexts, contents, tags, and accompanying details you store through the save feature (API), an AI-tool connection (MCP), or the web interface (the "memories" defined above). You decide what goes into your memories; we store and process them on your behalf under the service contract.

Usage & technical data — how often you call the Service and use its features (to enforce your plan's usage limits); your connecting IP address and the kind of browser or app you use (for security, abuse detection, and troubleshooting); and system activity records (logs).

Billing & subscription data — for paid plans (Starter / Pro / Enterprise): your plan tier, subscription status, billing history, and invoice records. Card payments are processed by our payment processor (Stripe); full card numbers never touch our servers — we receive only a payment token, the card brand, and the last four digits.

5. Internal Observability Metrics

To monitor search quality and detect drift in our ranking system, we collect daily statistical metrics derived from your memories. This data is treated with the same legal protections as your primary memory content.

Purpose — to check, daily, whether search quality is degrading over time, and to guide improvements to search.

Data category — rare words appearing in your memories, converted into numbers that cannot be turned back into the original words (hashes), together with how often they appear, counted per context. The words themselves are never stored.

Classification — looking at a hash alone reveals nothing, but because we also hold your original memory text, matching the two could in principle re-identify you. For that reason we treat this data as pseudonymous personal data under the GDPR (Art. 4(5), Recital 26), with the same legal safeguards as your primary memory content.

Retention — maximum 90 days. See "Data Retention" below for the broader retention framework.

Right to erasure — when you exercise your right to erasure (GDPR Art. 17 / APPI), these observability records are deleted via the same cascade as your primary memory content. See "Your Rights" below.

6. Legal Basis for Processing (GDPR Article 6)

We rely on the following legal bases to process your personal data:

Contract (Art. 6(1)(b)) — processing required to provide the Service you signed up for: account creation, session management, memory storage and retrieval, quota enforcement, subscription billing.

Legitimate interests (Art. 6(1)(f)) — security monitoring, abuse detection, system diagnostics, and aggregate usage analytics for capacity planning. You can object at any time by contacting us at the address above.

Legal obligation (Art. 6(1)(c)) — retention of billing records and tax-related records as required by Japanese tax law.

Consent (Art. 6(1)(a)) — reserved for future optional features (for example, product-update emails). We do not currently process any data under consent; if that changes, we will ask you explicitly and you will be able to withdraw consent at any time.

7. How We Use Your Data

Service provision — storing, indexing, and retrieving your memories; running hybrid search and Neural Memory features; enforcing quotas and rate limits.

Authentication & access control — verifying identity at sign-in, maintaining your session, and applying role-based and workspace-level permissions.

Security — detecting abuse, investigating incidents, blocking malicious traffic.

Support & troubleshooting — diagnosing issues you report and maintaining service reliability.

Service improvement — analyzing aggregate, non-identifying usage patterns to guide capacity planning and feature work.

What we do NOT do — we do not sell your personal data; we do not use your memories to train AI models; we do not use your memories for advertising or provide them to advertisers.

8. Data Storage & Security

Encryption in transit — all communication between your device and the Service is encrypted so it cannot be read in transit.

Encryption at rest — especially sensitive credentials (such as two-factor authentication keys) are encrypted one extra layer before they are stored. The database and file storage themselves are also encrypted.

Data stores — each kind of data lives in a dedicated store.

Access control — who can see which data is strictly limited by role (system administrator; workspace owner / admin / member / viewer; per-context membership). Administrative access to production systems is limited to the Data Controller listed above, and every action is logged.

Backups — encrypted database backups retained for up to 30 days for disaster recovery.

Monitoring — structured application logs and infrastructure metrics for availability and security monitoring.

Breach notification. If a personal-data breach occurs, we will notify the competent supervisory authority (the PPC in Japan; for GDPR-scope breaches, within 72 hours where required by Art. 33) and, where the breach is likely to result in a high risk to you, notify you directly without undue delay (Art. 34 / APPI), including what happened and what we are doing about it.

9. Data Retention

How long we keep your personal data and memories is set out below. If a retention period changes, this policy is updated.

Short-term memory — deleted automatically 30 days after it was last accessed, unless it meets one of the promotion criteria (frequently accessed, older than a set age, high importance, or used from multiple tools), in which case it becomes long-term memory and is kept.

Long-term memory — retained as long as your account exists, subject to plan limits (plan names match the pricing page):

• Trial plan (invite-based, free): 90 days from last access, then purged.
• Starter / Pro / Enterprise plans: retained indefinitely while the plan is active, within each plan's memory quota.
• If a paid plan lapses or is downgraded, memories above the new plan's quota enter a grace period before deletion.

Session records (sign-in state) — become invalid automatically after 7 days.

Signup allowlist records — kept while the approval is active. If an administrator revokes it, it enters a 30-day grace period, is then marked revoked, and is removed by the next scheduled cleanup.

System logs — up to 90 days, then purged or anonymized.

Internal observability metrics — search-quality monitoring data is retained for a maximum of 90 days. See "Internal Observability Metrics" above for full details and legal classification.

Encrypted backups — up to 30 days, then deleted.

Billing & tax records — retained for the period required by Japanese tax law (currently 7 years), even after account deletion.

Deleted accounts — when you delete your account, we purge your personal data within 30 days from our primary stores and within a further 90 days from backups as they rotate out. Billing and tax records above are the only exception.

10. Your Rights

Under GDPR, APPI, and CCPA / CPRA as applicable, you have the following rights:

Access — request a copy of the personal data we hold about you, and an export of your memory contents.

Rectification — correct inaccurate or incomplete data. Display name, locale, and timezone can be edited directly in your profile; other fields can be corrected on request.

Erasure ("right to be forgotten") — delete your account and associated personal data, including internal observability metrics which are removed via the same cascade. You can request erasure via the contact address below.

Data portability — receive your memory contents in a machine-readable format.

Restriction — ask us to temporarily stop processing specific data.

Objection — object to processing we base on legitimate interests.

Withdraw consent — for any processing we do based on consent (none at this time).

Lodge a complaint — if you believe we have mishandled your data you can complain to the Personal Information Protection Commission of Japan (PPC, 個人情報保護委員会) or to your local EU data-protection authority. We would appreciate a chance to address your concern first.

We respond to requests within 1 month (EU standard, GDPR Art. 12(3)), which is also within the "without undue delay" standard of APPI. Complex requests may be extended by up to 2 additional months; we will notify you if an extension is needed.

11. International Transfers

Primary storage is in Japan. We use reputable cloud providers (see "Third-Party Services" below) which may process data in other regions for operational reasons (for example, content delivery networks). Where data is transferred outside Japan / the EEA, transfers rely on standard contractual clauses or adequacy decisions as appropriate. The EU has recognized Japan under an adequacy decision (2019), so EEA-to-Japan transfers are lawful without further safeguards. We do not intentionally store your data outside Japan.

Data Processing Agreement (GDPR Art. 28). Enterprise customers who act as controllers for their workspace data can request a signed DPA, including the EU Standard Contractual Clauses where applicable, via privacy@kagura-ai.com.

12. Third-Party Services

We use a small number of third-party services to operate the Service. We use only what is needed, and we do not share data beyond what each service requires to perform its function.

GitHub (github.com) — OAuth sign-in. GitHub's privacy practices: GitHub Privacy Statement.

Google (google.com) — OAuth sign-in. Google's privacy practices: Google Privacy Policy.

Cloud infrastructure — compute, database, object storage, and CDN. Our provider changes are noted in the service status page.

Google Analytics (Google LLC) — used to analyze how the site and the Service are used. Google's handling of the collected information is governed by the Google Privacy Policy; you can disable collection with the browser opt-out add-on.

Firebase (Google LLC) — used for application infrastructure (authentication, push notifications, crash reporting, and similar). Data handling is governed by Firebase Privacy and Security.

Large language model providers — OpenAI, Anthropic, Google AI, and local-first Ollama instances are only invoked when you explicitly use a feature that calls them (for example, embeddings, reranking, summarization). What you send is handled under each provider's own privacy policy; we pass only the minimum data needed and do not permit them to train AI models on it.

Payment processing — Stripe, Inc. for subscription billing of paid plans (Starter / Pro / Enterprise). Stripe acts as our processor under its Data Processing Agreement, which incorporates the EU Standard Contractual Clauses. Card data is collected directly by Stripe, which meets the highest level of the payment-card industry's international security standard (PCI DSS Level 1); we never store full card numbers. Stripe's privacy practices: Stripe Privacy Policy.

We select providers that meet our data-protection standards and keep the list minimal.

13. Disclosure of Personal Data

We disclose personal data only in the following limited circumstances:

Processors (service providers) — the third-party services listed above, acting on our instructions under data-processing terms, only to the extent needed to perform their function.

Workspace administrators — if you join a team workspace, its owner / admins can see your membership, role, and the content you share into shared contexts, per the access controls you and they configure.

Legal requirements — courts, law enforcement, or regulators where disclosure is required by applicable law or a valid legal order. We review every request, narrow it where we can, and notify you unless legally prohibited.

Business transfers — if we are involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

With your consent — any other disclosure happens only at your direction or with your explicit consent.

We do not sell. We do not sell personal data in exchange for money (and have not in the preceding 12 months). If our use of advertising-related cookies constitutes "sharing" as defined by the CCPA / CPRA, we will provide an opt-out mechanism.

14. Cookies

The Service uses cookies.

Strictly necessary cookie:

• kagura_session — the cookie that keeps you signed in. It is protected with safety settings that prevent it from being read by third parties or misused from other sites, and it expires after 7 days or when you log out. Because it is strictly necessary, GDPR ePrivacy rules do not require a consent banner for it.

If the essential cookie is unavailable. The cookie above is essential for authentication and session management. If you block or delete cookies in your browser settings, you will not be able to use the Service properly, including signing in.

Analytics cookies. We use cookies for analytics (Google Analytics) to improve the Service. These are not essential cookies; where consent is required we ask via a banner before setting them, and the Service itself remains usable if you decline.

Advertising cookies. Where advertising is displayed on the Service, we or our partners may use cookies to display, deliver, and measure that advertising. Where consent is required, we ask via a banner before setting them. See also "Advertising" in the Terms of Service.

15. Children's Privacy

The Service is not directed to children under 16 (GDPR Art. 8) or, in Japan, under the age a legal guardian's consent is required under the Civil Code. We do not knowingly collect personal information from children in that age range. If you believe we have done so, please contact us and we will delete the data promptly.

16. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you (GDPR Art. 22). Quota enforcement and rate limiting are purely technical and do not infer anything about you as a person.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We update the "Last updated" date at the top of this page.
• For material changes only, we email registered users at the address we have on file.
• We post a prominent notice on the Service.

Continued use of the Service after a material change constitutes acceptance of the updated policy. If you do not accept a material change, you may delete your account before the effective date.

Contact

Questions about this Privacy Policy, or requests to exercise your rights:

• Email: privacy@kagura-ai.com
• GitHub (for non-privacy technical issues only): kagura-ai/memory-cloud

Please mark requests under GDPR / APPI / CCPA as such in the subject line so we can route them correctly.