PRIVACY POLICY

EFFECTIVE DATE: MARCH 2026

Cashmere is a memory system. By its nature, it stores things. This document tells you exactly what, how, and why.

WHO WE ARE

C.A.S.M.R.E. (“Cashmere”) is a personal AI assistant with persistent memory, operated as a private service. For questions about your data, contact us at the email address you used to register.

WHAT WE COLLECT

Email address — used as your account identifier. Never sold or shared for marketing.
PIN — stored only as a one-way hash. We cannot recover your PIN.
Session tokens — stored in your browser (localStorage) and on our server. Expire after 30 days.
Conversation content — messages you send and responses Cashmere generates are held in a temporary active stream.
Long-term memory — patterns, entities, and relationships Cashmere identifies as significant are stored in a persistent graph database (Neo4j) and vector store (Weaviate).

HOW YOUR DATA IS USED

Your data is used exclusively to provide and improve the Cashmere service for you:

Conversation content is processed by a large language model (via OpenRouter / Anthropic) to generate responses. OpenRouter’s privacy policy governs how they handle API requests.
When you ask Cashmere to search the web, your query is sent to Tavily for retrieval. Tavily’s privacy policy applies.
Your conversation stream is periodically analyzed by our sidecar worker to extract meaningful patterns and summaries, which are stored in your personal memory graph.
Your email is never sold, rented, or shared with third parties outside of the service providers listed above.

DATA RETENTION

Active stream — temporary. Cleared automatically when your token budget resets (roughly every 40–100 messages depending on length).
Graph memory (patterns, summaries, entities) — persistent. This is the point of the service. You can request deletion at any time.
Session tokens — expire after 30 days of inactivity.
Account data (email + PIN hash) — retained until you request account deletion.

YOUR RIGHTS

You have the right to:

Request a copy of all data associated with your account
Request deletion of your account and all associated memory data
Opt out at any time by simply not using the service

To exercise these rights, contact us using the email address on your account.

SECURITY

Your PIN is hashed before storage and is never transmitted or stored in plaintext. All traffic is encrypted via TLS (HTTPS). Data is stored on private infrastructure in the United States. No system is perfectly secure, but we take reasonable precautions.

CHILDREN

This service is not directed at children under 13. If you believe a child has created an account, contact us for immediate removal.

CHANGES TO THIS POLICY

If this policy changes materially, we will update the effective date above. Continued use of the service after changes constitutes acceptance.

CONTACT

Questions, data requests, or deletion requests: use the email address associated with your account to reach us. We will respond within a reasonable time.