How we protect your data
Full transparency. No marketing. Just the facts about where your data is encrypted, where it is readable, and what we can and cannot access.
Data flow
Follow your data from its original source through encryption, sharing, and back.
Origin
Readable by original service
Export / import in your browser
Your browser
Readable by you only
Encrypted with your vault key
Personal Vault
Encrypted. We cannot read it.
Re-encrypted with share key
Personal MCP
Encrypted at rest.
Key sent with request
MCP server memory
Decrypted ~50ms
Served to AI service
AI service
Readable by AI service
AI suggests an update
Suggestion queue
Encrypted. We cannot read it.
You approve, encrypted with vault key
Back to your browser
You review and approve
You approve, encrypted with vault key
Saved to your vault
Encrypted. We cannot read it.
Two independent encryption layers
Your data in Personal Hub is protected by two separate encryption layers, each with its own key.
Layer 1: Personal Vault
Every piece of data you save is encrypted on your device using XSalsa20-Poly1305 before it reaches our servers. Your encryption key is derived from your password and never leaves your browser.
We store only ciphertext. We do not have your key. We cannot read your data.
If you forget your password, your 12-word recovery phrase is the only way back. We cannot recover your data for you.
Layer 2: Personal MCP
When you share data with an AI service, your browser generates a new encryption key for that specific connection. Selected data is re-encrypted with this key and stored separately from your vault.
Personal MCP supports two connection methods, each with a different key storage model:
- Manual connection URL: The share key exists only in your connection URL and in your browser (encrypted with your vault key). We never store it. We store only a SHA-256 hash for revocation.
- Directory connection (OAuth): The share key is stored on our server, encrypted with a server-side key-encryption-key. The share key is decrypted only during active requests from your AI service. This is a trade-off: easier setup, but the key is server-stored (encrypted) rather than client-only.
Each AI connection has its own key. Revoking one does not affect any other.
What we want you to know
We believe trust requires honesty about limitations, not just strengths.
- 1
During an active MCP request, your shared data is decrypted in server memory for approximately 50 milliseconds. A sophisticated memory-level attack during this window could theoretically expose data. We mitigate this by discarding the key immediately after each request.
- 2
Your MCP connection URL contains your share key. Anyone who obtains this URL can read your shared data. Treat it like a password. We warn you about this during setup and never display URLs in logs or analytics.
- 3
Once your data reaches an AI service (Claude, ChatGPT, etc.), it is subject to that service's privacy policy. We cannot control how they process or retain your data.
- 4
Your encrypted data is stored on Supabase (PostgreSQL hosted on AWS). While the data is encrypted and we do not store decryption keys, the infrastructure provider has access to the ciphertext. An attacker who obtained both the ciphertext and the key could decrypt the data.
- 5
Connection tokens are stored in your browser's localStorage, encrypted with your vault key. If someone has physical access to your device and knows your password, they could access your tokens.
Our infrastructure
We use a small number of services to run Personal Hub. Here is where your data touches each one.
Supabase (AWS eu-central-1)
Hosts our database. Stores your encrypted vault data and encrypted MCP shared data. Has access to ciphertext only. Cannot read your data.
Vercel (AWS)
Hosts our website and API routes, including the MCP server. Processes requests in server memory. Does not persist user data.
Stripe
Processes payments for Premium subscriptions. Receives your email and payment method. Does not receive any hub data.
Cloudflare
DNS and basic analytics (page views, country-level). Does not receive any hub data.
Postmark
Sends transactional emails (password reset, etc.). Receives your email address. Does not receive any hub data.
Our commitments
Your encryption key is derived from your password and never leaves your device.
We cannot read your vault data. Ever.
Each AI connection has its own encryption key, separate from your vault key.
You can export all your data, on any plan, at any time, for free.
You can revoke any AI connection instantly. Revoking deletes all shared data.
Our encryption code is open source and available for independent audit.
We are funded entirely by subscribers. No investors. No ads. No data selling.
We do not store your password or encryption key.
We do not store MCP share keys in plaintext. Manual connections: key is never stored. Directory connections: key is encrypted with a server-side key-encryption-key.
We do not log the content of MCP requests.
We do not access your AI conversations.
We do not sell, rent, or share your data.
We do not use your data to train any model.