← tatva

Privacy Policy

Last updated June 1, 2026

Tatva is a federated memory service for AI agents. It gives an assistant (such as Claude) a durable, searchable memory: notes, tasks, and facts you choose to store, retrieved later by meaning or by structured filters. This policy explains what we collect, how it is used, and how it is retained and deleted.

Data we collect

  • Memory content you (or your agent on your instruction) save: the text, plus optional category, project, tags, and timestamp.
  • Vector embeddings of that text, computed on our own servers (MiniLM) to power semantic search. No memory content is sent to any third-party AI model.
  • Audit trail: lifecycle events (create, read, update, archive) with the acting identity, timestamp, and the tool used — the feature that lets you see who accessed a memory and when.
  • Account data: your email, a hashed password (argon2), and your organization/membership records, used for authentication and tenant isolation.
  • Usage counters: per-organization add/retrieval counts, used for quota and billing.

How we use it

Solely to provide the service: store and retrieve your memories, enforce access control and quotas, and maintain the audit trail. We do not sell your data, serve advertising, or use your memory content to train models.

Storage, isolation & encryption

Memory content, embeddings, and audit events are stored in a managed Qdrant vector database; accounts, organizations, tokens, and usage live in MongoDB Atlas. Every memory and audit event is tagged with an organization id, and all queries are scoped to the caller's organization, so tenants cannot read one another's data. All traffic is encrypted in transit (HTTPS/TLS). API tokens are stored only as hashes.

Retention & deletion

Memories are immutably versioned: an update creates a new version and the prior version is preserved, so history is auditable. Archiving is a reversible soft-delete that hides a memory from default views without erasing it. You may request deletion of your account and its data at any time via the support channel below; on request we remove your organization's memories, embeddings, audit events, and account records.

Third parties

Subprocessors: Qdrant Cloud (vector storage), MongoDB Atlas (account/control-plane storage), and Hugging Face (hosting). Authentication is performed via a standard OAuth 2.0 identity provider. We do not share data with any other third parties.

Contact

Questions or data requests: rockerritesh4@gmail.com or via GitHub issues.