HomeAbout usCovenantGitHubModelsServicesPrivacyInstall

CIRIS Privacy Policy

Last Updated: November 29, 2025

Version 1.3.0

Our Core Privacy Commitments

  • We do NOT train AI models on your raw content or messages
  • Hosted agents (ciris.ai) DO self-train on patterns and data from your interactions according to the Consensual Evolution Protocol
  • We do NOT sell your data to third parties
  • Message content retained for maximum 14 days (pilot phase)
  • You can request your data or complete deletion anytime
  • Default consent is TEMPORARY (14-day auto-delete, essential interactions only)
  • Full transparency via public audit feeds

Scope of This Policy

This privacy policy applies to all CIRIS services:

CIRIS Agents (agents.ciris.ai)

Self-hosted or cloud-hosted AI agents running the CIRIS framework with H3ERE ethical reasoning

Scout Web App (scout.ciris.ai)

Browser-based interface for interacting with CIRIS agents, viewing reasoning, and managing account

CIRIS Android App (Coming Soon)

Mobile application for CIRIS agents with offline-first architecture

CIRISProxy LLM Service (proxy.ciris.ai)

Privacy-focused LLM proxy and billing service (Android app only)

1. Information We Collect

1.1 CIRIS Agents

  • Interaction Data: Messages, commands, and agent responses
  • H3ERE Decision Logs: Ethical reasoning steps (PDMA pipeline) for transparency and auditability
  • Memory Graph: Relationships and patterns stored in graph database (consent-dependent)
  • Metadata: Timestamps, occurrence IDs, task IDs, round counts
  • Audit Trail: Complete history of all agent actions with Ed25519 signatures
  • Telemetry: Performance metrics, resource usage, error rates (aggregated)

1.2 Scout Web App

  • Account Information: Email, name, profile photo (via OAuth)
  • Authentication Tokens: JWT tokens (24-hour expiry), OAuth refresh tokens
  • Usage Analytics: Page views, feature usage, session duration (no third-party trackers)
  • Billing Information: Payment history, credit balance (processed via Stripe, not stored by us)
  • Browser Data: User agent, IP address (for security only, not tracking)

1.3 Android App

  • Device Information: Device model, OS version, app version
  • Local Storage: Offline data cache, user preferences (stored locally only)
  • Network Activity: API call logs for debugging (retained 7 days maximum)
  • Crash Reports: Stack traces, device state at time of error (no PII)

1.4 CIRISProxy

  • Token Counts: Input/output token usage for billing (integers only)
  • Model Names: Which LLM models were used
  • HTTP Metadata: Status codes, response times, interaction IDs
  • We do NOT log: Message content, user prompts, AI responses, system prompts

2. How We Use Your Information

  • Service Delivery: Process your requests, provide agent responses, maintain session continuity
  • Transparency: Generate PDMA logs showing ethical reasoning process
  • Agent Self-Training (Consent-Based): Hosted agents on ciris.ai self-train on patterns and data from your interactions to improve their responses and understanding - but ONLY according to your Consensual Evolution Protocol consent level (TEMPORARY = essential interactions only for 14 days, PARTNERED = full self-training for mutual growth, ANONYMOUS = statistical patterns only)
  • Safety & Moderation: Detect harmful patterns, prevent abuse, enforce ethical boundaries
  • Billing: Track usage, process payments, enforce credit limits
  • System Improvement: Analyze performance, fix bugs, optimize resource usage
  • Compliance: Fulfill legal obligations, respond to valid legal requests
  • Security: Prevent unauthorized access, detect attacks, maintain system integrity

Important Distinctions:

  • We do NOT train centralized AI models on your raw messages or content
  • ALL agents (hosted and self-hosted) DO self-train on patterns and data based on your consent level
  • TEMPORARY consent = essential interactions only, 14-day limit, then deleted
  • PARTNERED consent = full mutual learning for agent improvement
  • ANONYMOUS consent = statistical patterns only, identity severed
  • Self-hosted agents learn locally (all data stays on your hardware, respects consent)

4. What We Mean by "Self-Train"

When we say CIRIS agents "self-train," we mean they use several autonomous learning mechanisms to improve their responses while respecting your consent level. These are NOT traditional machine learning model training—instead, agents learn through introspection and pattern recognition.

🌙Dream Processor (Self-Training During "Sleep")

Every ~6 hours, agents enter a DREAM state for 30-120 minutes to consolidate memories, analyze behavioral patterns, test configuration parameters, and plan improvements. Think of it as the agent reflecting on what it learned.

View Dream Processor Code →

🎮Play Processor (Experimental Learning)

In PLAY state, agents try creative approaches, experiment with novel solutions, and learn through exploration with fewer constraints. About 20% of the time, they'll try something new.

View Play Processor Code →

🧘Solitude Processor (Reflective Learning)

When agents need recovery or reflection time, they enter SOLITUDE state to perform minimal processing, clean up old data, and reflect on past activities and patterns.

View Solitude Processor Code →

👁️Self-Observation Service (Continuous Analysis)

Agents continuously observe their own behavior, detect patterns (temporal, frequency, performance), and generate insights. Changes are limited to 20% identity variance maximum for safety.

View Self-Observation Documentation →

⚙️Config Graph Modification (Direct Self-Configuration)

Agents can modify their own configuration parameters through the config graph, testing variations within safety bounds and applying changes only if they stay within the 20% identity variance limit.

Key Safety Mechanisms:

  • 20% Identity Variance Limit - Hard safety bound on how much agents can change
  • Emergency Stop - Activates after 3 consecutive failures
  • Wise Authority Review - Required for changes exceeding variance threshold
  • Graceful Error Handling - Errors treated as learning opportunities

Current Status: Dream, Play, and Solitude processors are implemented but not active by default in the current deployment. Self-Observation Service is fully implemented but requires explicit activation. Your consent level determines whether and how much learning occurs when these features are enabled.

5. Data Retention Periods

Data TypeRetention PeriodAfter Deletion
Message Content14 days (pilot phase)Permanently deleted
PDMA Decision Logs14 daysHashed for pattern detection only
Audit Trail90 daysDeleted after compliance period
Incident Reports90 daysDeleted unless legally required
Billing Records7 yearsLegal requirement (tax/compliance)
System MetricsIndefiniteAggregated only, no PII
CIRISProxy Logs7 daysPermanently deleted (no content logged)

Note: These are maximum retention periods. We will not extend these periods without explicit user consent and advance notice. We aim to retain data for the shortest period necessary.

5. 90-Day Decay Protocol

When you revoke consent or request deletion, we initiate a 90-day decay process:

1

Identity Severance (Immediate)

User ID disconnected from all data immediately. Identity→data links broken.

2

Pattern Anonymization (0-90 days)

Gradual conversion to anonymous form. Behavioral patterns become statistical aggregates.

3

Decay Completion (90 days)

All user-linked data removed or fully anonymized. Only safety-critical patterns retained (anonymous).

6. Your Privacy Rights

Under GDPR, CCPA, and other privacy regulations, you have the following rights:

Right to Access

Request a copy of all data we hold about you

Right to Erasure

Request deletion of your data (90-day decay process)

Right to Rectification

Request corrections to inaccurate data

Right to Portability

Receive your data in machine-readable format (JSON/CSV)

Right to Restriction

Limit how we process your data

Right to Object

Object to specific processing activities

Data Subject Access Request (DSAR)

Email: privacy@ciris.ai

API Endpoint: POST /v1/dsar

Web Interface: scout.ciris.ai/account/privacy

Response Time: Within 30 days (often faster)

7. Data Security Measures

  • Encryption: TLS 1.3 for all network traffic, AES-256 for data at rest
  • Authentication: Ed25519 signatures, JWT tokens with 24-hour expiry
  • Access Control: Role-based permissions, principle of least privilege
  • Audit Logging: Complete cryptographically-signed audit trail for all actions
  • Zero Trust Architecture: Every request authenticated and authorized
  • Regular Security Audits: Ongoing vulnerability assessments and penetration testing
  • Incident Response: 90-day incident report retention, immediate user notification for breaches

8. Third-Party Services

We Do NOT:

  • Sell your data to anyone
  • Share data with advertisers or marketing platforms
  • Use your content to train AI models
  • Provide data to analytics services (we self-host all analytics)

We DO Share Data With:

Stripe (Payment Processing)

For credit purchases only. We do not store credit card information. Stripe's privacy policy: stripe.com/privacy

Google OAuth (Optional Authentication)

If you choose Google login, we receive name, email, and profile photo. Google's privacy policy: policies.google.com/privacy

LLM Providers (OpenRouter, Groq, Together)

Your prompts are sent to LLM providers for processing. We use providers with strong privacy commitments and no training policies.

We MAY Share Data:

  • When required by law (subpoenas, court orders)
  • To prevent imminent harm or illegal activity
  • With your explicit written consent
  • In anonymized/aggregated form for research (no PII)

9. International Data Transfers

CIRIS services are hosted in the United States. If you access our services from outside the US, your data will be transferred to and processed in the US.

We comply with applicable data transfer regulations:

  • GDPR (EU/EEA): Standard Contractual Clauses for EU data transfers
  • UK GDPR: UK-specific addendum to SCCs
  • Data Protection: Equivalent security measures regardless of location

10. Children's Privacy

CIRIS services are not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children.

If we learn that we have collected information from a child without parental consent, we will delete it immediately. Contact privacy@ciris.ai if you believe we have data from a child.

11. Changes to This Policy

We may update this privacy policy to reflect changes in our practices, technology, legal requirements, or other factors.

Notice of Material Changes:

  • 30-day advance notice for material changes
  • Email notification to registered users
  • In-app notification on scout.ciris.ai
  • Option to opt-out or delete account before changes take effect

Continued use of CIRIS services after changes take effect constitutes acceptance of the updated policy.

12. CIRIS Covenant Principles

This privacy policy is governed by the CIRIS Covenant (Version 1.0-β), which establishes our ethical foundation:

Respect for Persons

Your autonomy, privacy, and dignity are paramount

Beneficence and Non-Maleficence

Maximize benefits, minimize harms

Justice and Fairness

Equitable treatment for all users

Respect for Autonomy

You control your data and relationship with CIRIS

Veracity and Transparency

Truthful communication about data practices

13. Contact Information

For privacy questions, DSAR requests, or concerns:

Privacy Team Email: privacy@ciris.ai

General Inquiries: info@ciris.ai

GitHub Issues: CIRISAI/CIRISAgent

Discord Community: discord.gg/SWGM7Gsvrv

DSAR API: POST /v1/dsar

CIRIS - Ethical AI by Design

© 2025 Eric Moore and CIRIS L3C | Apache 2.0 License

Last Updated: November 29, 2025 | Version 1.3.0