Privacy Policy draft

Aedelgard, a service of Millenion AB (org.nr 556887-8697), Sweden · last updated 2026-06-20

This policy explains what Millenion AB ("we", "us") collects when you use Aedelgard, and the unusual lengths the architecture goes to in order to collect as little as possible. We are the data controller under the GDPR.

1. The privacy principle

In the paid Aedelgard service your memory is envelope-encrypted at rest (AES-256-GCM under a KMS-managed key) and isolated per tenant, bound to you so no other tenant can reach it. We do not sell, train on, or browse it, and no human reads it. Today this protects your data at rest and across tenants; to run inference your agent decrypts what it needs inside its own isolated process, so this is not yet operator-blind end-to-end encryption — that is on our roadmap. The free /summon trial also envelope-encrypts your key and chat at rest (AES-256-GCM, bound to your key); it does not yet add the per-tenant process isolation or KMS-managed master key of the paid service. Because your Aedelgard key is the only credential and we keep no email or password, if you lose it we cannot recover your key or your data.

2. What we collect

Your Claude API key: verified with a single minimal request, and used only to let your agent think on your behalf. In both the free trial and the paid service it is envelope-encrypted at rest (AES-256-GCM, AAD-bound to your key); the paid service additionally wraps the master key in KMS and isolates each tenant in its own process. Revoke it at Anthropic at any time.

Billing data: processed by Stripe. We receive a payment confirmation and a subscription status; we do not receive or store your full card details.

Operational data: minimal technical logs needed to run and secure the Service (e.g. request timing, error traces). We do not require an email, name, or password to use the Service.

3. What we do not collect

No account email or password (there is no login). No advertising identifiers. No selling of data to third parties. The contents of your memory vault are not accessible to us.

4. Processors

Anthropic (model inference, billed to your own key) · Stripe (payments) · Amazon Web Services (hosting, EU region). Each processes data on our behalf under their own terms.

5. Your rights

Under the GDPR you may request access to, correction of, or erasure of personal data we hold about you. Because we keep no email or password and your data is isolated per tenant, the personal data we can act on directly is limited to billing and operational records; your vault is reached through your Aedelgard key. Contact us to exercise these rights.

6. Retention

Billing records are retained as required by Swedish accounting law. Operational logs are kept only as long as needed for security and reliability.

7. Contact

Data requests and questions: contact@aedelgard.com · Millenion AB, Sweden.

This is a working draft pending legal review and will be finalised before paid checkout goes live.