PersonaStackPersonaStack.ai
HomeLegal CenterSecurityPricingLoginSign Up
HomeLegal CenterSecurityPricingLoginSign Up

Privacy Policy

Policy ID: privacy
Version: 2026-07-18-r7
Published: July 18, 2026
Effective: July 18, 2026
Plain-language summary. This policy explains what PersonaStack processes, why it processes it, where user-directed providers receive it, and how people can exercise privacy rights. The full policy controls if this summary conflicts with it.

1. Scope and controller

This policy covers the PersonaStack public site, authenticated application, APIs, hosted execution services, billing, public stack catalog, support, and communications. PersonaStack, LLC is the controller for direct customer relationships. Business customers may be controllers and PersonaStack may act as their processor under a signed Data Processing Addendum.

Third-party websites, selected AI providers, connected integrations, customer-controlled Kubernetes clusters, and local Connector runtimes have their own terms and privacy practices. A user's infrastructure may process data outside PersonaStack-hosted systems.

2. Data categories, sources, purposes, and recipients

Category and examplesSources and purposesRecipients and retention
Account and profile. Username, display name, email, time zone, avatar, verification state, and sign-in methods.Provided by the user or organization administrator. Used to create and secure the account, provide the Service, communicate, and meet legal duties.PersonaStack services, authorized administrators, and authentication providers selected by the user. Kept while the account is active and then deleted or retained only for documented legal, fraud, or security needs.
Authentication and security. Opaque sessions, login events, IP address, browser metadata, OAuth state, audit events, and abuse signals.Generated by browsers and services. Used for authentication, tenant authorization, fraud prevention, incident response, and service reliability.PersonaStack infrastructure and approved security or logging providers. Retention varies by security purpose.
Billing. Stripe customer and subscription identifiers, plan, invoices, payment state, credits, refunds, disputes, and tax-relevant fields.Provided by users and Stripe. Used to administer monthly subscriptions, enforce quotas, provide receipts, and keep required financial records. PersonaStack does not store full payment-card numbers.Stripe, PersonaStack billing services, and financial or legal advisers when necessary. Financial records may be retained as law requires.
User content. Personas, instructions, prompts, stack missions and roles, templates, schedules, messages, chat transcripts, files, media, avatars, memories, and persistent workspace content.Provided by users, collaborators, connected services, or agent activity. Used to run and support the features the user requests.Selected AI providers, integrations, execution targets, collaborators, and public viewers when a user publishes content. Archived run documents are retained for 7 days. Other content follows account, feature, deletion, and legal-retention rules.
Agent activity. Run inputs and outputs, structured run history, tool calls and results, console records, token usage, errors, and delivery history.Generated when agents run. Used to execute work, show status and history, meter usage, diagnose failures, and protect the Service.Selected providers, integrations, recipients, execution infrastructure, and authorized support or security personnel when necessary. Token usage is retained for 30 days. Browser console convenience copies expire after 6 hours without new accepted lines.
Integration and AI-provider data. Configuration, scopes, OAuth tokens, API keys, bot tokens, service-account keys, provider object identifiers, model configuration, prompts and context sent, outputs, and provider errors.Provided by users and selected providers. Used to connect services and perform user-directed actions.The selected provider, connected service, intended recipient, user-controlled cluster, or local Connector. Secrets are not public catalog content. Provider terms and data practices also apply.
Communications and public content. Support or legal messages, service notices, published templates, publisher username, tags, descriptions, media, clone counts, moderation state, and reports.Provided by users, non-users, or PersonaStack systems. Used to respond, operate the catalog, moderate, and give notices.Relevant staff, service providers, authorities under bounded legal conditions, and the public for intentionally published content. Publishing requires acknowledgement that the authenticated publisher username becomes public with the catalog content. The catalog does not display the publisher email address or internal owner identifier.
Waitlist and invite data. Email address, registration timestamp, access status, and source IP used for abuse prevention.Provided when a person requests access. Used only to administer service access, prevent abuse, and send access-related notices. Joining the waitlist is not consent to marketing.Waitlist operations and approved email or infrastructure providers. Source IP data is cleared after 7 days. Entries that never become accounts are deleted after 365 days. A non-account holder may request deletion or unsubscribe through the published privacy contact workflow.
Technical and derived data. Request logs, route metrics, consent state, storage identifiers, usage totals, billing restrictions, runnability evidence, service-health projections, and safety or fraud flags.Generated by the Service. Used for security, reliability, product operation, aggregate measurement, billing controls, and policy enforcement.PersonaStack infrastructure and approved operational providers. PersonaStack does not use this data to make qualifying consequential decisions about employment, housing, credit, insurance, education, healthcare, or essential services.

Data may come directly from users and administrators, automatically from browsers and runtimes, from selected providers and integrations, from people who communicate with a connected bot or account, and from billing, hosting, or security providers.

3. Sensitive data

User content and connected services can contain health information, precise location, communications, credentials, financial details, protected-trait information, or other sensitive data. Do not submit specially regulated data unless PersonaStack has expressly enabled that data class under a signed agreement. Consumer health data requires separate affirmative consent under the Consumer Health Data Privacy Policy.

4. Purposes and legal bases

  • Contract. Create accounts, run agents, store requested content, connect integrations, process billing, and provide support.
  • Legitimate interests where available. Secure the Service, prevent fraud and abuse, maintain reliability, measure aggregate operation, and enforce policies. PersonaStack must document applicable balancing tests before relying on this basis.
  • Consent. Optional analytics, marketing, consumer health data, and materially new uses of Google or other consent-based data.
  • Legal obligation. Tax, accounting, sanctions, lawful process, and required incident notices.

5. AI and autonomous agents

PersonaStack sends prompts, memory, files, integration results, and other selected context to the AI provider configured by the user. Agents can also transmit data to connected services, recipients, customer infrastructure, and local Connectors as directed by the user's settings and instructions. Provider terms and privacy commitments apply. PersonaStack does not use customer content to train PersonaStack models unless the user gives a separate, revocable opt-in. PersonaStack does not control whether a user-selected third-party provider trains on data under that provider's terms.

Authorized personnel may access content only through approved paths for user-requested support, security or abuse response, legal compliance, or tightly controlled operations. Those paths are access-controlled and logged.

5.1 User-operated clusters and local runtimes

Cluster Agent. A user-installed Cluster Agent runs in a user-selected Kubernetes cluster. It opens an authenticated outbound session to PersonaStack and performs authorized in-cluster operations within the permissions selected at installation. Those operations can handle workload metadata, status, logs, files, request and response bodies, and persistent data available to selected cluster resources. The running agent does not own a database, Redis keyspace, persistent volume, or durable runtime filesystem. Its resource cleanup and persistent-storage deletion paths are separate from complete account deletion.

Connector. A user-installed Connector runs on a user-selected computer for a Hermes or OpenClaw external persona. It opens an authenticated outbound session to PersonaStack, processes API-rendered prompts and run commands, dispatches them to the selected local runtime, returns run results and bounded status information, and updates recognized local runtime configuration. Connector stores required credentials locally through operating-system credential storage and an owner-only encrypted fallback when needed. The fallback key is also local and protected by the operating-system account. It is not PersonaStack's KEK/DEK system. Local unpairing or authenticated revocation can remove Connector-managed bindings and credentials, but do not currently remove local runtime configuration written earlier by Connector or its backup. Uninstalling its OS service does not remove local pairing state, credentials, runtime configuration backups, native runtime data, or logs.

Users control their selected clusters, machines, native runtimes, Kubernetes RBAC, local files, logs, and third-party destinations. Those systems can have their own retention, security, and deletion behavior. Account deletion does not remove every Connector-managed local artifact.

6. Google API data

Google account sign-in and Google Services integrations are separate. Google Services may request only the scopes selected before OAuth. PersonaStack uses granted Google data to provide the feature the user activates, to maintain the connection, to prevent abuse, and to comply with law. PersonaStack does not use Google user data for advertising or generalized model training. It does not transfer Google user data to data brokers. Data may be sent to a selected AI provider or recipient only when needed for the user-directed feature and only within the user's configured access.

Disconnecting Google stops future authorized access after revocation takes effect. It does not recall actions or messages already delivered. Google Health access is read-only, separated from non-health Google services, and subject to the separate health notice and consent.

7. Disclosures and no-sale commitment

PersonaStack may disclose data to infrastructure, billing, email, support, security, logging, and monitoring providers appointed to operate the Service. Those providers process data only to provide PersonaStack's service and do not receive ownership of it. PersonaStack may also disclose data to AI providers, integrations, execution locations, and recipients selected by the user; to organization administrators and collaborators; to public viewers after an explicit publish action; and when disclosure is required by law. The Subprocessor List distinguishes appointed subprocessors from user-selected services.

PersonaStack will not sell, rent, license, trade, or otherwise monetize User Data. PersonaStack will not voluntarily transfer ownership or control of User Data to an acquirer, investor, successor, or other transaction counterparty. User Data is not a sale asset. A successor-operated service would require each affected user's affirmative opt-in before PersonaStack furnishes that user's data to the successor. This does not limit a user-directed disclosure or a disclosure required by law. Where law permits, PersonaStack will give notice before a compelled disclosure.

PersonaStack does not share personal information for cross-context behavioral advertising or use it for targeted advertising. Optional analytics is disabled. If that changes, PersonaStack must update this policy and the Cookie Notice, honor applicable opt-out signals, and obtain consent where required before enabling it.

8. Security

PersonaStack uses scoped access controls, tenant-specific authorization, secret-handling controls, operational logging, backups, and encrypted transport where configured. Private credentials and other decryptable secret-storage fields use envelope encryption at rest. A random data-encryption key (DEK) for the applicable user or non-user secret scope encrypts the stored value. A separately managed key-encryption key (KEK) wraps that DEK. Ciphertext and wrapped DEKs are stored without raw KEK material. KEK identifiers support key rotation while required historical wrapping keys remain available. This control does not mean that every item a user sends to a selected provider, integration, cluster, Connector, or recipient is encrypted by PersonaStack's KEK/DEK system.

No system is perfectly secure. PersonaStack does not guarantee a particular protocol, algorithm, certification, audit cadence, or prevention of every incident. See Security for current reporting guidance.

9. Retention and deletion

Verified feature-specific periods include 7 days for archived run-history documents, 30 days for token-usage records, 14 days for stack mission updates, up to 7 days for bounded stack communication history, 24 hours maximum for chat media, and 6 hours without accepted changes for browser-retained console lines.

Account deletion is irreversible. PersonaStack disables account access immediately, starts persistent-disk cleanup immediately, and completes the product-system purge after the 24-hour cleanup period and confirmed persistent-disk cleanup. Any retained record must be narrow, documented, purpose-limited, access-limited, and kept out of normal product use. Retention may occur only for legal, billing, fraud, security, or litigation needs that PersonaStack documents and time-bounds.

10. Rights and requests

Depending on location, a person may request access, correction, deletion, portability, restriction, objection, consent withdrawal, and an appeal. PersonaStack will verify identity and authority, respond within applicable periods, explain permitted extensions or denials, and not discriminate for exercising a right. Submit a privacy-rights request through the contact page. Authorized agents and non-users whose data was processed through a customer may use the same route.

11. Other people's data

Connected inboxes, chats, calendars, repositories, bots, and files may contain personal data about non-users. Users and business customers must provide required notices and have authority to process and disclose that data. They must not direct agents to collect, infer, or expose personal data unlawfully.

12. International use and children

PersonaStack is offered internationally subject to applicable law. PersonaStack-hosted systems process data in the United States. Data users direct to a selected provider, integration, cluster, Connector, or recipient follows that destination's terms and processing location. PersonaStack does not require users to be adults, and does not knowingly collect personal data from children where consent or other safeguards are required by law.

13. Changes

PersonaStack will publish a new immutable version and effective date for changes. Material changes will receive direct account or in-product notice. A materially new consent-based purpose requires new consent before processing. See the policy change history.

Document record

This version is preserved at /legal/privacy/2026-07-18-r7/. See the change history. Content hash: sha256:5809ef00c0428aa5697a0939d9ba7e158885877c63babb1b81f07b88be1f5b99.