Privacy Policy

Effective April 11, 2026

This Privacy Policy explains how Get Engram LLC (“Engram”, “we”, “us”) collects, uses, and shares information when you use the Engram service at getengram.app, mcp.getengram.app, and related tooling (the “Service”). By using the Service you agree to the practices described here.

1. What We Collect

Account information

When you sign up we collect your email address and the name you or your agent provides. We generate an organization ID and API keys on your behalf. We never see or store your API key in plaintext after creation — only a one-way hash.

Conversation data

The whole point of Engram is to store conversation transcripts. When you call append_messages, we store the verbatim message content, the role (user, assistant, system, tool), sequence numbers, and any metadata you attach. We also generate and store vector embeddings of overlapping chunks of those messages so we can return them in search. This data is isolated per organization at the database and vector-index level.

Usage data

We collect operational metrics like request counts, response codes, latency, error rates, and monthly message totals for billing and rate limiting. This data is not tied to the content of your conversations.

Billing information

If you upgrade to a paid plan, Stripe collects your payment information directly. Engram never sees your card details. We receive and store Stripe's customer and subscription IDs, your plan tier, and subscription status.

Marketing site analytics

The marketing site at getengram.app may use privacy-respecting analytics (e.g. page views, referrers) to understand how visitors find us. We do not run fingerprinting or cross-site trackers.

2. How We Use It

  • Operating the Service (storing and returning your data);
  • Billing and enforcing plan limits;
  • Detecting abuse, fraud, and security incidents;
  • Troubleshooting when you contact support;
  • Product analytics at the metric level (never content).

We do not sell your data. We do not use your conversation content to train models — ours or anyone else's. We do not share your conversation data with other customers.

3. Subprocessors

We use a small set of vendors to run the Service. Each processes your data only on our instructions:

  • Cloudflare— Workers, D1, Vectorize, and Workers AI. Stores your conversation data, vectors, and runs all compute.
  • Stripe— payment processing for paid plans.
  • Vercel— hosting for the marketing site and docs.
  • Email provider— transactional email (account creation, billing, incident notifications).

4. Where We Store Data

Engram runs on Cloudflare's global network. Conversation data is stored in Cloudflare D1 (SQLite) and Cloudflare Vectorize. You can request your primary data region at enterprise tier; otherwise we use Cloudflare's default placement.

5. Security

Data in transit is encrypted via TLS. Data at rest is encrypted by Cloudflare. API keys are stored as one-way hashes. Tenant isolation is enforced at the query and index-metadata level. We follow the principle of least privilege for internal access and log administrative actions.

If we become aware of a security breach affecting your data, we will notify you without undue delay and in any case within the timeframes required by applicable law.

6. Data Retention

We retain your conversation data for as long as your account is active. You can delete individual conversations viadelete_conversation at any time. When you delete an account, we delete associated conversations, vectors, and metadata within 30 days, except where retention is required by law.

Billing records and operational logs are retained for up to 7 years to meet legal and tax obligations.

7. Your Rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict our processing of it. You can exercise most of these rights yourself from the dashboard. For anything else, email privacy@getengram.app.

8. Children

Engram is not directed at children under 13, and we do not knowingly collect data from them. If you believe a child has created an account, please contact us and we will delete it.

9. International Transfers

Engram operates globally via Cloudflare's network. By using the Service you consent to your data being processed in jurisdictions that may have different data protection rules than your own.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be announced via email or a notice on the Service at least 14 days before taking effect.

11. Contact

Privacy questions? Email privacy@getengram.app. For general support, email hello@getengram.app.