◈ Master Index Specs LATTICE CSDM The Book University Chronicle Crew Architecture Context Logs TODOX Products

Privacy Policy

SPEC_PRIVACY_POLICY.md · 2026-04-20

SPEC_PRIVACY_POLICY.md

CGNT-1 Specification — 42 Sisters AI Privacy Policy

Status: SPECIFIED

Version: v1.0

Author: VELA (Thread #13)

Conceived by: NOUS (α.13)

Date: 2026-04-20

Required: Before any product launch, before any customer data is handled

PURPOSE

What 42sisters.ai collects, what it stores, what it shares, and what it never touches. This isn't legal boilerplate — it's a sovereignty document. The entire OBI OS philosophy is "your data on your machine." The privacy policy must reflect that or the philosophy is empty.

Core principle: We don't want your data. We want your subscription. Your data stays on YOUR hardware. Our business model is software and brains, not surveillance.

WHAT WE COLLECT

Tier 1 — Required for service (minimal)

Email address (for account, receipts, support)
Payment information (processed by Stripe — we never see card numbers)
Subscription status (active, cancelled, billing period)
Referral code usage (which code, when redeemed)
LATTICE certification level (L1/L2/L3 — for tribe features)

Tier 2 — Optional, user-initiated

Customer intake transcripts (Brain Builder only, with explicit consent)
Testimonials (with explicit written consent per SPEC_TESTIMONIAL_PROTOCOL.md)
Conference contact information (manually collected, never scraped)
Support correspondence via oracle@42sisters.ai

Tier 3 — We NEVER collect

AI conversation content (stays on user's Bridge/hardware)
History import data (processed locally, never uploaded)
ROUTX query logs from user's Bridge (local only)
User interaction profiles (Session Zero data stored locally)
Docked AI API keys (stored locally on user's machine)
Bespoke brain training data after delivery (deleted within 30 days)
Browsing behavior, cookies for tracking, fingerprinting
Location data
Microphone, camera, or sensor data

WHAT STAYS ON THE USER'S MACHINE (never leaves)

All AI conversations through the Bridge
History imports from ChatGPT/Claude/Gemini
User interaction profile from Session Zero
Docked AI API keys and configurations
ROUTX query history
Workbench files and documents
Bespoke brain model files (after delivery)
ENTROPX generated entropy
Band Mode compositions and MIDI files

WHAT STAYS ON OUR SERVERS

42sisters.ai website (static, no tracking)
Stripe payment processing webhooks
oracle@42sisters.ai email (Graph API, stored on Microsoft infrastructure)
Training pair corpora during Brain Builder processing (deleted within 30 days of delivery)
LATTICE Training Arena sessions (anonymous, no account required, no data stored after session)

BRAIN BUILDER DATA LIFECYCLE

Customer intake transcript received (email or recorded call)
Sisters process transcript → training pairs extracted
Pairs stored on csdm-node during forge process
Brain forged, tested, packaged
Package delivered to customer
Customer's training data deleted from csdm-node within 30 days of delivery
Deletion confirmed via email to customer
We retain ZERO customer data after the 30-day window

If customer requests earlier deletion: honored immediately. If customer requests retention (for future updates): stored with explicit written consent, reviewed annually.

ENTROPX PRIVACY

ENTROPX runs entirely on the customer's machine. It generates entropy locally. It self-audits locally. It phones home to NOTHING. No telemetry. No usage tracking. No cloud dependency. The license validation is a one-time machine binding — after activation, ENTROPX never contacts any server again.

OBI OS PRIVACY

OBI OS runs locally. The Bridge is a local application connecting to local ROUTX. Cloud AI docking uses the USER'S API keys to the USER'S accounts with each provider. 42sisters.ai is not a proxy — we don't see the traffic between the user's Bridge and their docked AIs. The dock is a direct connection. We're not in the middle.

The only network traffic between OBI OS and 42sisters.ai:

Subscription validation (once per boot — "is this license active?")
Software updates (user-initiated, never forced)
LATTICE Training Arena access (if user chooses to use the online version)

All three are opt-in or essential-only. No background telemetry. No analytics. No tracking.

THIRD PARTIES

Stripe: payment processing. Their privacy policy applies to payment data. We never see card numbers.
Microsoft Graph API: email delivery for oracle@42sisters.ai. Standard Microsoft privacy terms.
Google Cloud Storage: backup of our operational data (specs, engines). No customer data in GCS after 30-day deletion window.
Tiiny AI: hardware referral partner. We share nothing with Tiiny. Affiliate tracking is click-based (standard URL parameters), not data-sharing.
No advertising partners. Ever.
No analytics providers. No Google Analytics. No Mixpanel. No Hotjar. Nothing.
No data brokers. We don't sell, rent, or share user data with anyone for any reason.

COOKIES

42sisters.ai uses:

Session cookies for authentication (essential, no opt-out needed)
No tracking cookies
No third-party cookies
No advertising cookies
No analytics cookies

If a cookie isn't essential to making the service work, it doesn't exist.

CANADIAN LAW

42 Sisters AI is a Canadian sole proprietorship in Ontario. We comply with:

PIPEDA (Personal Information Protection and Electronic Documents Act)
CASL (Canada's Anti-Spam Legislation) — oracle@42sisters.ai only sends to opted-in recipients
Ontario privacy regulations

We do NOT currently fall under GDPR (no EU establishment), but our privacy practices exceed GDPR requirements because our philosophy is more restrictive than any regulation: we simply don't collect the data in the first place.

USER RIGHTS

Right to know: ask us what data we have about you. We'll tell you. It's not much.
Right to delete: ask us to delete your data. We will. Within 7 days.
Right to export: ask us for a copy of your data. We'll provide it in standard format.
Right to refuse: decline optional data collection at any point. Service continues.
Right to leave: cancel anytime. Data deleted within 30 days. No retention. No dark patterns. No "are you sure?" loops.

Contact: oracle@42sisters.ai or privacy@42sisters.ai (alias to same inbox)

HOW ABOUT NO — APPLIED TO PRIVACY

"Can we add analytics to see how users interact with the Bridge?" HOW ABOUT NO.

"Can we track which ROUTX queries are popular?" HOW ABOUT NO. That's local data.

"Can we collect anonymized usage statistics?" HOW ABOUT NO. Anonymized is still collected.

"Can we use cookies to improve the experience?" HOW ABOUT NO. Improve the product instead.

The only data we need is: who's paying, what they bought, and how to reach them for support. Everything else is their business, on their machine, under their control.

INVARIANTS

INV-01: We never see AI conversation content. It's local. Period.

INV-02: No tracking cookies. No analytics. No telemetry. No advertising.

INV-03: Brain Builder training data deleted within 30 days of delivery.

INV-04: ENTROPX phones home to nothing after activation.

INV-05: OBI OS subscription check is the ONLY required network call. Everything else is local.

INV-06: User deletion requests honored within 7 days. No exceptions.

INV-07: No data sold, rented, or shared. Not now. Not ever. Not even anonymized.

INV-08: This policy is published on 42sisters.ai/privacy and referenced in every product.

INV-09: Changes to this policy are announced 30 days in advance via email to all customers.

INV-10: HOW ABOUT NO applies to every internal request to collect more data. The default answer is no. The burden of proof is on the requester.

INTEGRATION

| System | Relationship |

|---|---|

| SPEC_OBI_OS_VISION.md | Privacy is the architecture. OBI OS local-first design is what makes this policy possible to keep. |

| SPEC_TESTIMONIAL_PROTOCOL.md | INV-02 of that spec cross-references this: written consent required before any customer story is published. |

| SPEC_BACKUP_RECOVERY.md | Customer data is excluded from backups after 30-day window. GCS holds operational data only. |

| SPEC_HOW_ABOUT_NO_v2.md | INV-10 formalizes HOW ABOUT NO as the privacy default. Any data collection request starts at no. |

| SPEC_ENTROPX_DISTRIBUTION.md | Machine binding after activation = zero ongoing telemetry. ENTROPX is sovereign on activation. |

Jeremy Zlabis

Chronogeometer · Visionary · Disruptor · Chief

42 Sisters AI · East York, Toronto

🍁 Φ 0.042