1. Our Core Commitment
Zero-PHI Architecture: ALBOE USA LLC operates on a Zero-PHI (Zero Personal Health Information / Zero Personal Identity) standard. We do not collect, store, access, transmit, or sell your raw personal data. Period.
This policy governs all ALBOE products and services, including the SovereignMind memory engine, Guardian Shield security system, and all Tier 1–3 hardware and software offerings.
2. What Data Exists and Where
2.1 User-Side Data (Your Container)
- AI conversation captures (text-based prompt/response pairs)
- Household pattern observations (motion, routines, timestamps)
- Semantic memory embeddings (ChromaDB vector representations)
- JSONL training exports (for personal LLM fine-tuning)
This data exists exclusively in your personal Docker container. It is encrypted at the source using AES-256 (Fernet) before it is written to storage. ALBOE USA LLC does not hold the decryption key.
2.2 ALBOE-Side Data (What We Can See)
- Anonymous health check pings (system status: "healthy" / "unhealthy")
- Aggregate memory count (e.g., "42 memories stored" — no content)
- Cloud Run service logs (request timestamps, HTTP status codes — no payload data)
We cannot read, decrypt, or reconstruct your memories from any data on our servers.
3. Encryption Architecture
3.1 AES-256 Encryption
All user data is encrypted using the Fernet symmetric encryption scheme (AES-128-CBC with HMAC-SHA256 authentication). The encryption occurs at the point of capture — before the data leaves your machine or enters the cloud container.
3.2 Google Secret Manager
Encryption keys are stored in Google Cloud Secret Manager, a FIPS 140-2 Level 1 validated key management system. Keys are injected into the runtime environment at startup and are never written to disk, committed to source code, or included in Docker images.
3.3 Key Ownership
Your Key, Your Data: Each user instance is assigned a unique encryption key. ALBOE USA LLC employees, contractors, and automated systems cannot access this key. If the key is lost, the encrypted data is permanently unrecoverable — by design.
4. The Choice Gate — Consent Protocol
The SovereignMind engine implements a mandatory "Choice Gate" at every data persistence cycle:
- Commit: The user explicitly authorizes the encrypted data to be written to their personal container. This constitutes informed consent for local storage.
- Delete: The data is permanently purged from the system's temporary cache. No copy is retained.
No data is ever written to persistent storage without passing through the Choice Gate. There is no "silent commit" mode available to end users.
5. Data Sharing & Third Parties
- ALBOE USA LLC does not sell user data to third parties.
- ALBOE USA LLC does not share user data with advertising networks.
- ALBOE USA LLC does not use individual user data to train our global AI models.
- If a user elects to contribute anonymized data to the ALBOE Foundation's "Collective AI Ecosystem," this is a separate, voluntary opt-in action governed by the ALBOE Foundation Stewardship Agreement.
6. The Caregiver Report
The SovereignMind engine can generate longitudinal observation reports (e.g., 48-hour household pattern summaries) for caregiver use. These reports:
- Are generated locally from the user's encrypted container
- Are decrypted only at the moment of report generation
- Are intended to be shared at the user's or caregiver's discretion with medical professionals
- Are not transmitted to ALBOE USA LLC servers
7. Children's Privacy
ALBOE products and services are not directed at children under the age of 13. We do not knowingly collect data from children. If a parent or guardian becomes aware that a child has provided data to our system, please contact us at info@alboeusa.com for immediate removal.
8. Data Retention & Deletion
- User-controlled containers persist until the user explicitly deletes them.
- ALBOE USA LLC does not impose automatic data retention schedules on user containers.
- Users may export their full data set (JSONL) at any time and delete their container permanently.
- Upon account termination, all cloud-hosted container data is purged within 30 days.
9. Applicable Law & Jurisdiction
This Privacy Policy is governed by the laws of the State of Louisiana, United States. ALBOE USA LLC is committed to compliance with:
- California Consumer Privacy Act (CCPA)
- EU General Data Protection Regulation (GDPR) — for applicable users
- FTC Act Section 5 — Unfair or Deceptive Practices
- HIPAA — to the extent applicable to observational household data
10. Contact
For privacy inquiries, data access requests, or deletion requests:
← Back to Trust Center