Privacy

Effective: 2026-05-07 · Last updated: 2026-05-07

This is the privacy policy for CYGNUS Pro, the desktop application distributed by Proprioceptive AI, Inc. ("Proprioceptive AI", "we", "us"). It explains what data the application and the supporting cloud service collect, what we do with it, and what rights you have. We try to keep it short and direct.

Three principles up front

1. Your prompts and responses stay on your machine.

CYGNUS runs the language model locally. Your prompts, the model's responses, and the per-token telemetry frames the probes emit are processed entirely on your device. We do not receive them. We do not see them. We could not see them if we wanted to.

2. We do not train on your data.

Even if we could see your prompts (we can't, see #1), we wouldn't train on them. The probe weights and adapter are frozen at the versions described in our research papers and shipped via Model Pack updates. We do not use customer data for training, fine- tuning, or evaluation.

3. We collect the minimum to run the service.

Your email, your subscription state, your machine's stable install hash, and (if you opt in) redacted crash reports. That's it. The full list and how to delete it is below.

What we collect

Account data

Email address — used for activation, billing, and security notices. Stored on our cloud service (DigitalOcean, NYC3 region).
Subscription state — current tier, seats, expiration. Synced from Stripe on every state change.
Activation token — a per-machine token derived from your account at first activation. Bound to a stable install hash so a leaked token can't be used elsewhere.

Payment data

We use Stripe for payment processing. Your card details never touch our servers; Stripe's dashboard is the only place that information lives.
We receive only: a Stripe customer ID, the last four digits of your card, the card's country, and your billing address (if Stripe supplies it for tax compliance).
Stripe's privacy policy: stripe.com/privacy.

Crash reports (opt-in)

If you enable "Send anonymous crash reports" in the wizard or Settings, the app sends a redacted error report when something breaks. Patent 87 SAFE/NEVER classification structurally redacts every probe field, every API key, every email, and every 256-bit hex string before transmission. The exact redaction list is in the public source at src/main/crash-reporter.ts.

Crash reports include: app version, OS + architecture, redacted error message, redacted stack (top 30 frames, home paths anonymized to $HOME), and a stable per-install hash (16 hex chars; not your machine_id).

You can disable this any time in Settings → Telemetry.

What we don't collect

Prompts, responses, or any content you type into the app
Probe scores, telemetry frames, or any matrices
Your machine ID, MAC address, or hardware serial numbers
Browsing history, files on disk, or anything outside the app
Analytics about how you use the app (no Google Analytics, no Mixpanel, no Segment)

Where it lives

Account data + subscription state: our cloud service at api.proprioceptiveai.com, hosted on DigitalOcean (us-east). Encrypted at rest (block storage), in transit (TLS 1.3), and access-controlled (X-API-Key + per-IP firewall).
Payment data: Stripe (PCI-DSS Level 1 compliant). We do not store card details.
Local data on your machine: activation token in OS keychain (Keychain on macOS, Credential Vault on Windows, libsecret on Linux). Audit log in your user-data directory; never transmitted.

Who we share it with

Nobody, except as required to run the service. Specifically:

Stripe — for payment processing
Our email provider (Postmark / SendGrid — TBD) — for activation emails and billing receipts
DigitalOcean — for hosting the API server
Law enforcement if compelled by valid subpoena. We will challenge requests we believe are overbroad. We do not make our service available to government surveillance programs.

We do not sell your data. We do not "monetize" you. We do not run ads. The only revenue stream is your subscription.

How long we keep it

Account data: until you delete your account, then 30 days for compliance, then purged
Subscription state: same as Stripe's retention (7 years for tax compliance)
Crash reports: 90 days, then auto-deleted
Local audit log: stays on your machine, never transmitted, never expires (you control it)

Your rights

Under GDPR, CCPA, and similar privacy laws, you have the right to access, correct, export, or delete your data. To exercise any of these rights, email logan@proprioceptiveai.com from the email address on file. We aim to respond within 30 days.

To delete your account immediately: Settings → Account → Delete account in the desktop app, or email us. Deletion is irreversible.

Changes to this policy

If we change this policy, we'll update the "Last updated" date at the top, and — if the changes are material — we'll email anyone with an active subscription at least 30 days before the change takes effect.

Contact

Email: logan@proprioceptiveai.com
Mailing address available on request via the email above.
Data Protection Officer: same email; subject line "DPO".