Your brain, your data.

hippocampOS is a private context and memory workspace. It lets you create named brains for different parts of your life, connect selected data sources such as Gmail and Google Photos, enrich that information into searchable memory records, and retrieve context for use with AI assistants.

This policy describes how hippocampOS collects, uses, stores, shares, protects, and deletes personal information, including Google user data accessed through Google OAuth.

Account information: when you sign in with Google, we receive basic account information such as your name, email address, profile image, and Google account identifier.

Google OAuth data: when you authorize a connector, we store the access tokens, refresh tokens, scopes, token expiry information, and related authorization metadata needed to keep that connector working.

Gmail data: if you connect Gmail, hippocampOS may access email metadata and content needed to provide the product, including message IDs, thread IDs, sender and recipient fields, subject lines, labels, timestamps, snippets, body text or HTML, attachment metadata, and selected attachments when required for processing.

Google Photos data: if you connect Google Photos, hippocampOS may access only the photos or videos you explicitly select, plus related metadata such as media IDs, filenames, mime types, dimensions, creation times, and download URLs needed to import those selected items.

Workspace data: we store the brains, labels, descriptions, categories, memory nodes, search traces, AI enrichment results, settings, plan information, and workflow state you create or generate in the app.

Usage and operational data: we may process logs, diagnostics, request metadata, sync job state, error reports, and security events needed to run, debug, secure, and improve the service.

We use your information to authenticate you, maintain your account, connect your chosen data sources, sync authorized records, create and update memory graphs, power search, personalize your workspace, provide support, detect abuse, secure the service, and comply with legal obligations.

We use Google user data only to provide or improve user-facing features that you request inside hippocampOS. We do not use Google user data for advertising, retargeting, interest-based ads, credit decisions, lending, information resale, data brokerage, or surveillance.

We do not sell personal information or Google user data. We do not use Google user data to train generalized AI models.

hippocampOS can send selected workspace content, Gmail-derived content, Google Photos-derived content, and memory records to AI providers you configure or that the service uses to provide features such as summarization, categorization, extraction, and search.

AI processing is limited to providing and improving hippocampOS functionality for your account. We do not permit AI providers to use Google user data to train their general-purpose models unless you separately configure a provider account or plan whose terms say otherwise.

AI outputs can be inaccurate or incomplete. You should review important outputs before relying on them.

Service providers: we share information with vendors that host, store, process, secure, or operate the service, such as cloud hosting, database, object storage, queue, analytics, email, logging, payment, and AI infrastructure providers. They may use the information only to provide services to hippocampOS and not for their own advertising or resale.

Google APIs: when you connect Google services, hippocampOS communicates with Google only as needed to authenticate you, request authorized scopes, refresh tokens, sync authorized data, and complete connector actions you initiate.

Legal and safety: we may disclose information if required by law, subpoena, court order, legal process, or to protect the rights, safety, security, and integrity of users, the public, hippocampOS, or our service providers.

Business transfers: if hippocampOS is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to this policy or a policy with materially comparable protections.

hippocampOS's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular, hippocampOS uses Google user data only to provide or improve user-facing app functionality; does not sell Google user data; does not use Google user data for ads, retargeting, personalized advertising, credit-worthiness, lending, data brokerage, information resale, or surveillance; and does not use Google user data to train generalized AI or machine learning models.

You choose whether to sign in with Google, connect Gmail, connect Google Photos, authorize scopes, select media, start syncs, pause syncs, or disconnect a connector.

You may revoke hippocampOS's Google access from your Google Account permissions page. Revoking access prevents future syncs but does not automatically delete data already imported into hippocampOS.

You may delete imported records, memory nodes, brains, connectors, and account data through the product where available or by contacting us. We will honor deletion requests unless retention is required or permitted for security, fraud prevention, legal compliance, dispute resolution, backups, or legitimate business records.

We retain personal information for as long as needed to provide hippocampOS, maintain your account, operate authorized connectors, comply with legal obligations, resolve disputes, enforce agreements, and protect the service.

When you delete data or request account deletion, we will delete or de-identify active records within a reasonable period unless we must retain them for the reasons described above. Backup copies may persist for a limited period before being overwritten or deleted according to backup cycles.

OAuth tokens are deleted or disabled when a connector is disconnected, an account is deleted, or continued retention is no longer necessary to provide the authorized connector.

We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, encryption in transit, encryption at rest where supported by infrastructure providers, secret management, logging, and least-privilege operational practices.

No internet service can guarantee perfect security. You are responsible for maintaining the security of your Google account, devices, passwords, and any API keys or credentials you configure.

hippocampOS and its service providers may process and store information in the United States and other countries. Those countries may have data protection laws that differ from the laws where you live.

hippocampOS is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to hippocampOS, contact us so we can take appropriate action.

We may update this policy from time to time. If changes materially affect how we access, use, store, share, or delete Google user data or other personal information, we will provide appropriate notice and, where required, request consent before applying the new use.

For privacy requests, deletion requests, security concerns, or questions about this policy, contact the hippocampOS operator at abhilash0505@gmail.com.