Beta Release

Privacy Policy

Last Updated: March 2026

Woxpas helps you build a personal memory engine from your notes, documents, and files. This Privacy Policy explains how we collect, use, and protect your information during the Beta release, which operates entirely in cloud mode.

Our data commitments

  • Your data is never sold to anyone, for any reason
  • Your data is never used to train AI models — not ours, not anyone else's
  • Infrastructure is hosted on servers in Germany (EU)
  • Full account and data deletion on request, with a 30-day grace period
  • All data is encrypted at rest using AES-256 disk encryption

Note: All processing currently happens in the cloud. A future local-only mode is planned but is not part of the Beta.

1. Information We Collect

1.1 Account Information

To create and maintain your account, we collect:

  • Email address
  • Name (optional, for display purposes)
  • Password (managed securely by our authentication provider, Supabase)
  • Optional profile information

We do not collect social accounts, phone numbers, or third-party contacts.

1.2 Content You Upload

When you use Woxpas, you may submit content via:

  • Documents, PDFs, text files, and notes (direct upload)
  • Audio files (transcribed and extracted)
  • Images containing text (OCR-extracted)
  • URLs (web page content is fetched, saved, and processed)
  • Text entered via the capture surface, Chrome extension, or MCP tools
  • Files imported from Google Drive (beta — access by request)
  • Preference profile data — your communication style, work context, tools, and personal details that you choose to share with connected AI tools (editable anytime from the Preferences page)

We also store file metadata (names, sizes, upload timestamps) and extracted content used to build your personal memory graph. When AI agents execute tasks on your behalf (see Section 2.3), their output is saved to your vault as an agent session log.

Important Beta Notice

This is beta software. We work hard to keep it reliable, but issues may occur. We recommend exports for important data.

Your uploaded content is stored and processed within our cloud backend. All user data, including uploaded content, database records, and vector databases, is encrypted at rest using AES-256 disk encryption. Data in transit is protected via TLS.

1.3 Integrations & Connected Services

Woxpas connects to external tools to help you capture and retrieve memories. Current integrations include:

  • MCP (Model Context Protocol): Any MCP-compatible AI tool (e.g. Claude, Cursor) can read and write to your memory via authenticated connections
  • Chrome extension: Quick Capture lets you save notes from any browser tab
  • Slack: Capture conversations and decisions from Slack channels
  • Google Drive: Import files from your Google Drive (OAuth-connected, beta — access by request)
  • Calendar: Export follow-ups and events via webcal subscription

For all integrations:

  • Connections are authenticated via OAuth — access tokens are stored securely
  • Memory content (files, notes, extractions) is only saved or retrieved when you explicitly request it
  • Your preference profile is shared with connected AI tools at the start of each session to personalise responses. If you enable proactive saving, AI tools may also update your preferences when they detect durable personal facts during conversation
  • You can revoke any integration at any time from Settings

Browser Extension Permissions

Our Chrome extension requires the following permissions:

  • Identity: To authenticate with your Woxpas account via OAuth
  • Storage: To store your authentication token locally

The extension does not access your browsing history, read website content, or track your activity.

1.4 Information We Do NOT Collect

We do not collect:

Payment information (no paid plans yet)
Contacts
GPS location
Camera or microphone data
Background device activity
Social or advertising identifiers
Browsing history
Website content you visit

We only collect data you submit or that connected AI tools save on your behalf (e.g. preference updates).

2. How We Use Your Information

2.1 To Provide the Service

Your files are used to:

  • Generate summaries and semantic extractions
  • Build your personal memory map
  • Provide search and contextual recall
  • Enable document chat with citations
  • Create clusters and links between ideas
  • Maintain your document library
  • Share your preference profile with connected AI tools to personalise responses
  • Improve relevance and accuracy

Your data is never used to train base models.

2.2 Security and Abuse Prevention

We use minimal metadata to:

  • Protect accounts
  • Rate-limit abusive behaviour
  • Respond to valid legal requests

We do not proactively monitor the contents of your files.

2.3 Automated Vault Scanning (Watcher)

Woxpas includes an automated system called the Watcher that periodically scans your vault to surface actionable suggestions. The Watcher runs automatically on a schedule (currently twice daily) and analyses:

  • Unresolved contradictions between your notes
  • Overdue or stale commitments that may need follow-up
  • Ideas that have been idle and could benefit from research

The Watcher produces suggested actions — it does not execute anything automatically. All suggested actions require your explicit approval before any further processing occurs.

Important: No automatic execution

The Watcher only suggests. You must explicitly approve each suggested action before any agent is dispatched or any content is processed on your behalf. Unapproved suggestions expire automatically after 7 days.

2.4 Agent Dispatch

When you approve a suggested action, Woxpas may dispatch an AI agent to work on it. There are two dispatch methods:

  • Built-in Agent

    Uses a trusted AI provider (currently Anthropic Claude) to process the task. Relevant portions of your vault content are sent to the AI provider as context. The agent's output is saved back to your vault as an agent session log. The same data commitments apply — your data is not used to train AI models.

  • Webhook (External Agent)

    You may configure your own external agent via a webhook URL in Settings. When dispatched, Woxpas sends the task description and a scoped access token to your webhook endpoint. This token grants the external agent temporary, restricted access to your vault (read access + write access limited to saving session logs). The token expires after 1 hour. You are responsible for the security and behaviour of any external agent you configure.

Scoped Access Tokens

When an agent is dispatched, it receives a time-limited token with restricted permissions:

  • Read access: Can retrieve context from your vault
  • Write access: Limited to saving agent session logs only
  • Expiry: Token expires after 1 hour
  • Audit trail: Every token is logged with a unique ID for traceability

3. How Your Data Is Stored and Processed

3.1 Cloud Processing (Beta Only)

All document processing and AI inference occur on our servers. There is no on-device processing in the Beta release.

3.2 Storage

Uploaded content is stored:

  • Within our controlled cloud backend
  • All user data, including uploaded content, database records, and vector databases, is encrypted at rest using AES-256 disk encryption. Data in transit is protected via TLS
  • Our servers are located in Germany (EU). Data is processed globally only when necessary (e.g., AI model API calls)

3.3 Access Controls

  • Staff cannot access your uploaded files unless strictly required to resolve a support request or fulfill a legal obligation
  • Access is logged and restricted to senior engineering personnel
  • We do not manually read or review user documents except when required

3.4 Account Security

We provide security features to protect your account:

  • Two-factor authentication (2FA) is available and recommended
  • Authentication is managed by Supabase, which securely handles password hashing and storage
  • Session tokens expire and can be revoked
  • Integration connections can be revoked anytime from Settings

4. AI Processing

To provide summaries, citations, and contextual answers:

  • Portions of your content may be sent to AI model APIs (e.g., OpenAI, Anthropic, Google)
  • These providers are contractually prohibited from using your data to train their models
  • Only the minimum content required for the query is sent
  • When you approve a Watcher action, relevant vault content is sent to an AI provider to execute the agent task (see Section 2.4)

We do not send your data to unvetted or experimental model providers.

5. Third-Party Services

We may use trusted third parties for:

  • Cloud hosting
  • Email delivery
  • Analytics (Plausible)
  • Error reporting

None of these services may sell or use your data for advertising.

AI Assistant Integrations

Woxpas integrates with AI assistants via the Model Context Protocol (MCP). Any MCP-compatible tool can connect to your memory. When you connect an assistant to Woxpas:

  • You authorize the connection via OAuth (secure token-based authentication)
  • Memory content (files, notes, extractions) is only saved or retrieved when you explicitly request it
  • Your preference profile is automatically shared at the start of each session. With proactive saving enabled, AI tools may update your preferences during conversation — you can edit or clear preferences at any time
  • We track which integration submitted content (for your reference only)
  • You can revoke access anytime from Settings → Developer

AI assistants can only access your memory vault and preferences through authenticated MCP connections that you control.

Analytics & Cookies

We use Plausible Analytics, a privacy-first analytics service that does not use cookies or collect personal data. It provides aggregate statistics only (page views, referrers, device types).

Analytics tracking is enabled by default on marketing pages. You can opt out at any time via the cookie preferences in the site footer.

No analytics are collected within the application itself.

6. Data Retention and Deletion

6.1 File Deletion

When you delete a file:

  • It is removed immediately from our active storage and indexes
  • We do not retain backups of deleted user content in the Beta release

6.2 Account Deletion

When you request account deletion:

  • Your account enters a 30-day grace period
  • During this period, your account is deactivated but data is preserved
  • You can cancel the deletion by logging back in during the grace period
  • After 30 days, all data is permanently deleted: files, memory extractions, preference profile, conversations, vector embeddings, API keys, and auth records
  • A confirmation email is sent at both the start and end of this process
  • We do not retain any user content after hard deletion

6.3 Logs

We maintain only lightweight technical logs required for operation. We do not store full content logs or file copies.

7. Children's Privacy

Woxpas is not intended for anyone under 18. If such an account is discovered, we delete it.

8. Notice-and-Takedown

Woxpas does not proactively monitor documents. However, if we receive a valid report of illegal or harmful content, we will:

  • Investigate the report
  • Take appropriate action (content removal, account suspension)
  • Comply with applicable laws

This protects Woxpas from liability while preserving user privacy.

9. Your Rights

Depending on your location, you may request:

Access to your stored files and preference profile
Deletion of specific content
Full account deletion
Correction of account information or preferences
Export of your data

Requests can be sent to: [email protected]

10. Changes to This Policy

As Woxpas evolves, this policy will be updated. Significant changes will be communicated.

11. Contact

For questions about this policy:

Email: [email protected]

Support: [email protected]

By using Woxpas, you acknowledge that you have read and understood this Privacy Policy.