Privacy Policy

Applies to: Virgil, the hosted memory product by Indistinct, Inc., a Georgia corporation ("Indistinct"), accessed through an AI assistant via the Model Context Protocol ("the service"). This policy does not cover the AI assistant itself — your account with the AI assistant you use is governed by that provider's own privacy policy — or third-party services you choose to connect, which are governed by theirs.

What we collect

• Content you share through your AI assistant. When you use Virgil's tools in a conversation, the AI assistant sends Virgil the content each tool needs to work: things you ask Virgil to remember, notes, priorities, and facts you direct it to save. Virgil stores these as structured claims — discrete facts, not copies of your conversations. It does not record or retain your chat transcripts, and it does not read your chat history, the assistant's memory, or your files outside of the tool calls you make.
• Account and configuration data. OAuth client and token records, your account record (an internal ID, your repository reference, your settings), and credentials for integrations you explicitly connect.
• Operational logs. Request metadata — timestamps, tool names, success or denial status — kept for security and reliability. When a request is denied as a cross-account attempt, we log the decision itself, never the rejected content.

How we use and store it

Your data is used for exactly one purpose: operating your Virgil — building your private knowledge graph, answering your queries, and producing the outputs you request. We do not use your data for advertising, we do not sell it, and we do not train models on it.

• Your knowledge graph lives in a database hosted on Amazon Web Services (United States), encrypted at rest and isolated to your account at the data layer.
• Your substrate — the human-readable record of what Virgil knows — lives in a private GitHub repository dedicated to you, hosted under Indistinct's GitHub organization. It is plain markdown: you can read, audit, and export every byte of it at any time, and you can request transfer of the repository to your own GitHub account.
• Your credentials are encrypted (AES-GCM) under keys derived uniquely for your account. One customer's encrypted data cannot be decrypted with another customer's key, and the root key is never stored alongside the data it protects.
• Identity comes from your token alone. Requests cannot assert an identity through their content, and a request that cannot be resolved to a valid account is denied — never defaulted to someone else's data.

Third parties

We share data only with the processors required to run the service:

• The AI assistant you use — operates the conversation itself. The conversation in which you use Virgil runs on your own account with that provider, under your agreement with them. Indistinct is not a party to that processing and does not receive your conversations outside the specific tool calls you make.
• ZeroEntropy — search indexing. When you save a fact, its text is sent to ZeroEntropy to generate the embedding that makes your memory searchable. No other use.
• Cloudflare — application runtime and encrypted configuration storage.
• Amazon Web Services — database hosting.
• GitHub — your dedicated repository.
• Integrations you connect (for example, message or email delivery) receive only what is needed to perform the action you configured, under their own terms.

Who operates what. Responsibility follows the layer. The conversation in which you use Virgil is operated by the AI platform you use, under your agreement with that provider — Indistinct is not a party to it and never receives your conversations outside the tool calls you make. Your saved facts are indexed for search by ZeroEntropy and stored in a database operated by Amazon Web Services; your repository is stored and served by GitHub under Indistinct's organization, with export always available and transfer to your own GitHub account on request — at which point you become its custodian under GitHub's terms. The application runtime is operated by Cloudflare. Indistinct operates the application and database layers built on top of these providers; each maintains its own certifications and security posture under its own terms.

We never share your data with advertisers or data brokers, and we never sell it. The service contains no financial-transfer capability of any kind.

Retention and deletion

We keep your data while your account is active. When you delete your account: your repository is deleted — or transferred to your own GitHub account if you request that instead — your database records are removed, and your storage namespace is purged — removed from live systems within 30 days of your request, and from encrypted infrastructure backups as those backups rotate, within 30 days after that. Your encrypted credential bundle's key material is destroyed immediately, which renders its ciphertext permanently unreadable everywhere it exists, including inside backups. Operational logs are retained for 90 days and then deleted. Removing an individual memory deletes it from your live knowledge graph; historical copies — for example in your repository's version history — persist until account deletion. You can export your full substrate at any time; it is yours by design.

Contact

Privacy questions or deletion requests: privacy@indistinct.ai. Support: support@indistinct.ai.

Changes to this policy

Updates will be posted at this URL with a revised effective date; material changes will be announced to active customers before they take effect.