Privacy Policy

1. Introduction

DON Systems LLC ("we," "our," or "us") operates the DON Memory Protocol (DMP) service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account & Partnership Information

• Organization name and contact details
• Email addresses (for communication and technical contacts)
• Payment information (processed per agreement terms)
• API keys (generated for service authentication)
• Invitation request data (when initially submitted)

2.2 Usage Data

• API request logs (timestamps, endpoints, response codes)
• Compression statistics (collapse counts, fidelity metrics)
• Performance metrics (query latency, resource usage)
• Error logs (for debugging and service improvement)

2.3 Memory Data

• Embeddings: 768-dimensional vectors you submit for compression
• Collapsed States: 8-dimensional compressed representations
• Metadata: Timestamps, importance scores, conversation IDs
• Semantic Relationships: Graph-based retrieval structures

Important: We do NOT store or have access to the original text content that generated your embeddings. You control what you embed and send to our service.

3. How We Use Your Information

• Service Delivery: Process compression/retrieval requests, maintain your memory store
• Billing: Process payments, track usage against quotas, generate invoices
• Communication: Send welcome emails, usage alerts, service updates
• Improvement: Analyze aggregate performance data, debug issues, optimize algorithms
• Security: Detect abuse, prevent unauthorized access, maintain service integrity

4. Data Storage & Security

4.1 Storage Location

• Memory Data: SQLite database on persistent disk (Render.com infrastructure, US-based)
• Tenant Data: PostgreSQL database (managed by Render.com)
• Payment Data: Processed and stored by Stripe (PCI DSS Level 1 compliant)

4.2 Security Measures

• TLS/SSL encryption for all API communications
• API key authentication (SHA-256 hashed storage)
• Database backups (daily automated snapshots)
• Access controls (principle of least privilege)
• Regular security audits and dependency updates

5. Data Sharing & Disclosure

5.1 We Do NOT Sell Your Data

Your memory data, embeddings, and usage patterns are never sold to third parties for marketing or any other purpose.

5.2 Service Providers

• Stripe: Payment processing (subject to Stripe's Privacy Policy)
• Render.com: Hosting infrastructure (subject to Render's Privacy Policy)
• Zoho Mail: Transactional emails (welcome emails, alerts)

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

6. Data Retention

• Active Accounts: Memory data retained indefinitely while subscription is active
• Canceled Accounts: Data deleted 30 days after final billing period ends
• Usage Logs: Retained for 90 days for debugging and analytics
• Billing Records: Retained for 7 years per financial regulations

7. Your Rights

You have the right to:

• Access: Request a copy of your data (email [email protected])
• Correction: Update incorrect account information via Stripe dashboard
• Deletion: Request account deletion (30-day data retention after cancellation)
• Portability: Export your memory data in JSON format (API endpoint available)
• Opt-Out: Unsubscribe from marketing emails (not transactional emails)

8. Cookies & Tracking

Our website uses minimal tracking:

• No third-party analytics: No Google Analytics, Facebook Pixel, or similar
• LocalStorage: Demo page stores usage count (client-side only)
• Session Cookies: For Stripe Checkout (required for payment processing)

9. Children's Privacy

DMP is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us immediately.

10. International Users

DMP is operated from the United States. By using our service, you consent to the transfer and processing of your data in the United States. We comply with applicable data protection laws, including GDPR for EU users.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be announced via:

• Email notification to all active customers
• Notice on our website homepage
• Updated "Effective Date" at the top of this policy

Continued use of DMP after changes constitutes acceptance of the updated policy.

12. Contact Us

Questions about this Privacy Policy or data handling practices? Contact us:

• Email: [email protected]
• Subject Line: "Privacy Policy Inquiry"
• Response Time: Within 2 business days