Terms of Service

Written for humans, not lawyers.

Effective: February 28, 2026

1. Welcome to Gnosis Memory

Gnosis Memory ("Gnosis," "we," "us," "our") is a remote cloud MCP (Model Context Protocol) memory server operated by [Entity Name, LLC], an Alabama limited liability company (formation pending). It provides persistent, encrypted memory to AI assistants like Claude, ChatGPT, Gemini, and any MCP-compatible client.

Gnosis is not a local tool or plugin you install on your machine. It is a cloud service that your AI assistant connects to via a URL. When your assistant stores or retrieves a memory, it communicates with our servers over the internet.

By using Gnosis Memory, you agree to these Terms of Service ("Terms"). If you do not agree, do not use the service.

2. Eligibility

You must be at least 13 years old to use Gnosis Memory. If you are under 18, you represent that you have your parent or guardian's permission to use the service.

Gnosis requires Google OAuth, and Google requires users to be at least 13 to create an account, so Google's age verification enforces this requirement for us. In jurisdictions where a higher minimum age applies under GDPR Article 8 (up to 16 in some EU/EEA member states), the higher local requirement takes precedence.

You need a Google account to authenticate. We use Google OAuth to verify your identity — we do not create our own username/password system.

One account per person. Do not create multiple accounts to circumvent rate limits, bans, or any other restrictions.

3. Account Registration

When you sign in, we authenticate you through Google OAuth. During this process, Google shares the following information with us:

  • Your email address
  • Your display name
  • Your profile picture

We use this information to create and identify your account. We do not receive or store your Google password.

You are responsible for maintaining the security of your Google account. If someone gains access to your Google account, they can access your Gnosis Memory account. We recommend enabling two-factor authentication on your Google account.

If you believe your account has been compromised, contact us immediately at legal@gnosismemory.com.

4. Early Access Terms

Gnosis is currently in Early Access (beta):

  • No SLA. We do not guarantee any specific uptime, response time, or availability.
  • Features may change. We may add, modify, or remove features without prior notice.
  • Bugs happen. If you find one, report it to legal@gnosismemory.com.
  • It is free. During Early Access, Gnosis is provided at no cost.

When we transition from Early Access to paid tiers, we will notify you by email at least 30 days in advance. You will have the option to subscribe to a paid plan or export your data and close your account.

5. Acceptable Use

Use Gnosis Memory for its intended purpose: storing and retrieving memories for your AI assistants. The following activities are prohibited:

  • Illegal content. Do not store content that violates applicable law, including but not limited to content related to child exploitation, terrorism, or illegal trafficking.
  • API abuse. Do not send automated attacks, flood the API with excessive requests, or attempt to degrade service for other users. We enforce rate limits, and repeated violations will result in throttling or suspension.
  • Reverse engineering encryption. Do not attempt to reverse-engineer, bypass, or compromise our encryption mechanisms or other users' data.
  • Impersonation. Do not impersonate other users or attempt to access another user's memories.
  • Harm. Do not use the service to store content intended to harass, threaten, or harm other people.

We reserve the right to suspend or terminate accounts that violate these rules. When possible, we will notify you before taking action and give you an opportunity to correct the behavior.

6. Your Content

You own your memories. Everything you store in Gnosis Memory belongs to you. We do not claim ownership of your content.

By using the service, you grant us a limited, non-exclusive license to:

  • Process your content (to generate vector embeddings for search)
  • Store your content (encrypted at rest with your user-specific keys)
  • Encrypt and decrypt your content (using keys derived from your authentication)
  • Deliver your content back to you (when your AI assistant requests it)

This license exists solely to provide the service. We do not sell, share, or use your content to train AI models. We process it only to deliver the service to you.

Your memories are encrypted at rest with user-specific encryption keys. See the Encryption Disclosure below for important details.

7. Encryption Disclosure

How Your Data is Protected

Memories (text content) are encrypted at rest with per-user keys. We derive encryption keys from your OAuth credentials at the start of each session, generate them ephemerally, and do not store them at rest. We do not have standing access to decrypt your stored memory content. This is an architectural constraint, not a policy promise.

Vector embeddings are stored unencrypted. When you save a memory, we generate a mathematical representation (a vector embedding) that enables semantic search. These embeddings must remain unencrypted for similarity search to function.

Embeddings are non-reversible. They are one-way mathematical transformations that cannot be reversed to recover the original text.

Embedding generation. To generate vector embeddings, we process memory text through an embedding model that runs locally within our infrastructure (currently hosted by RunPod). The text is processed on the same server via local inter-process communication, not sent to an external API. See our Privacy Policy for the full sub-processor list.

What we do not log. We do not log search queries, memory content, or user-generated text beyond what is encrypted in the database. Operational logging is limited to request counts, timestamps, and error codes.

Early Access Transparency Note

During Early Access, our engineering team retains programmatic access to memory data for essential service operations: database migrations, schema updates, and data integrity verification. We use this access solely for service continuity, never to read or extract user content.

This programmatic access will be removed as we approach general availability, at which point the encryption architecture will enforce that only the authenticated user can access their decrypted memories.

8. Data Export and Deletion

You have the right to your data:

  • Export. You can request a full export of all your memories and associated metadata at any time.
  • Deletion. You can request deletion of your account and all associated data. Upon deletion, all encrypted memories, metadata, and vector embeddings are permanently removed within 30 days. In exceptional circumstances, deletion may be extended by up to 60 additional days, in which case we will notify you of the extension and the reasons for the delay.

When we delete your data, we mean it. Encrypted memory content, metadata, and vector embeddings are all removed from production systems within the deletion window.

Backups. Deleted data may persist in encrypted database backups beyond the 30-day deletion window until those backups are naturally replaced on our retention cycle (up to 90 days). Backup data is not accessed or processed for any purpose and is overwritten automatically. If a backup is ever restored, any previously completed deletions are re-applied before the restored data becomes active.

To request an export or deletion, contact legal@gnosismemory.com.

9. Copyright and DMCA

We respect intellectual property rights. If you believe that content stored on our service infringes your copyright, you may submit a notice to our designated agent.

Because user memories are encrypted at rest and we cannot read them, our ability to investigate copyright claims is limited to what we can technically access and verify.

To submit a DMCA takedown notice, contact:

Your notice should include: identification of the copyrighted work, identification of the allegedly infringing material, your contact information, and a statement of good faith belief that the use is not authorized.

Formal DMCA agent registration with the U.S. Copyright Office is pending entity formation.

10. Service Availability

During Early Access, we make no guarantees about uptime or availability. Outages and maintenance windows are inevitable.

We commit to the following:

  • We will communicate planned maintenance when possible.
  • We will work to resolve outages promptly.
  • If we ever decide to discontinue the service entirely, we will provide at least 90 days notice so you can export your data.

We do not provide a formal SLA during Early Access. When paid tiers are introduced, SLA terms will be defined as part of those plans.

11. Termination

Either party can terminate this agreement:

You Can Leave

You can delete your account at any time. Before deletion, you may export your data. Once you confirm deletion, your data will be permanently removed within 30 days.

We Can Suspend or Terminate

We may suspend or terminate your account if you violate these Terms. When possible, we will:

  • Notify you of the violation
  • Give you an opportunity to correct the issue
  • Provide a 30-day window to export your data before permanent deletion

In cases of severe abuse (such as attacks on our infrastructure or illegal activity), we may suspend access immediately without prior notice.

12. Limitation of Liability

In short: if something goes wrong, our maximum financial liability is what you paid us (currently $0 during Early Access). We are not liable for indirect damages like lost profits.

To the maximum extent permitted by law, [Entity Name, LLC] and its operators, contributors, and affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:

  • Loss of data
  • Service interruptions
  • Loss of profits or revenue
  • Damages arising from reliance on the service

Our total liability to you for any and all claims arising from or related to the service is limited to the amount you have paid us in the twelve months preceding the claim. During Early Access, that amount is $0.

This limitation applies regardless of the legal theory (contract, tort, strict liability, or otherwise) and even if we have been advised of the possibility of such damages.

13. Warranty Disclaimer

In short: the service is provided as-is, especially during Early Access. We do our best, but we make no guarantees about uptime, reliability, or fitness for any particular use.

Gnosis Memory is provided "AS IS" and "AS AVAILABLE" without warranties of any kind, whether express, implied, or statutory. We specifically disclaim all implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

We do not warrant that the service will be uninterrupted, error-free, or secure. We do not warrant that any data stored will be preserved indefinitely or that the service will meet your specific requirements.

Some jurisdictions do not allow the exclusion of certain warranties. In those jurisdictions, the above exclusions apply only to the extent permitted by applicable law.

14. Governing Law

These Terms are governed by and construed in accordance with the laws of the State of Alabama, United States, without regard to conflict of law principles.

Any disputes arising from these Terms or your use of the service shall be resolved in the state or federal courts located in Alabama. You consent to the personal jurisdiction of these courts.

The service is operated by [Entity Name], an Alabama limited liability company (formation pending).

If you are a consumer in the European Union or United Kingdom, nothing in these Terms limits your rights under mandatory consumer protection laws of your country of residence.

15. Changes to These Terms

We may update these Terms from time to time. When we do:

  • We will notify you by email at the address associated with your Google account.
  • Changes become effective 30 days after notice.
  • The updated effective date will appear at the top of this page.

Your continued use of Gnosis Memory after the 30-day notice period constitutes acceptance of the updated Terms. If you do not agree to the changes, you may export your data and delete your account before the changes take effect.

16. Indemnification

You agree to indemnify, defend, and hold harmless [Entity Name, LLC], its operators, and affiliates from any claims, liabilities, damages, losses, and expenses (including reasonable attorneys' fees) arising from:

  • Your use of the service
  • Your violation of these Terms
  • Your violation of any applicable law
  • Content you store that infringes any third party's rights

In short: if your use of Gnosis causes legal trouble for us, you are responsible for making us whole.

17. Dispute Resolution

In short: talk to us first. If that doesn't work, disputes go to arbitration in Alabama. EU/UK consumers retain their local legal protections.

If you have a concern, here is how we handle it:

Step 1: Talk to us first. Before filing any formal claim, you agree to attempt informal resolution by contacting legal@gnosismemory.com. We will work in good faith to resolve the issue.

Step 2: Arbitration. If informal resolution fails within 30 days, any dispute shall be resolved through binding arbitration administered by the American Arbitration Association under its Consumer Arbitration Rules, in the State of Alabama, by a single arbitrator.

CLASS ACTION WAIVER: Disputes will be resolved only on an individual basis, not as part of a class, consolidated, or representative action. If this waiver is found unenforceable, the entirety of this arbitration provision shall be null and void.

Either party may bring an individual action in small claims court if the claim qualifies.

This arbitration provision does not apply to consumers in the European Union or United Kingdom to the extent it would be unenforceable under mandatory consumer protection law, including EU Directive 93/13/EEC on unfair terms in consumer contracts.

18. Severability

If any provision of these Terms is found unenforceable by a court or arbitrator, that provision shall be limited or eliminated to the minimum extent necessary. The remaining provisions remain in full force and effect.

19. Data Processing Agreement

In short: we only process your memories as your AI assistant instructs us to. We have specific obligations about security, deletion, and transparency. This section is the formal agreement about how we handle your data under European data protection law.

This section constitutes the Data Processing Agreement ("DPA") between you (the data controller) and [Entity Name, LLC] (the data processor) for the processing of personal data through Gnosis Memory, pursuant to GDPR Article 28(3) where applicable.

In jurisdictions where an individual user may not qualify as a data controller for their own personal data (for example, under the GDPR household exemption, Article 2(2)(c)), Gnosis acts as the data controller for such data and processes it on the legal bases described in our Privacy Policy.

Roles

You, through your configured AI assistant software, act as the data controller. You determine why and what personal data is stored by instructing your AI assistant to create, search, and delete memories. Gnosis Memory acts as the data processor, executing those instructions delivered via the MCP (Model Context Protocol).

Gnosis is separately a data controller for operational data it processes for its own purposes (account management, technical logs, security monitoring). See our Privacy Policy for details.

Controller responsibility. As the data controller for memory content, you are responsible for ensuring that you have a lawful basis for any personal data you instruct your AI assistant to store. If your memories contain personal data about other individuals, you are responsible for compliance with applicable data protection laws regarding that data.

Scope of Processing

  • Subject matter: Storage, retrieval, and search of user-generated memories for AI assistants
  • Duration: For the term of your account, until you instruct deletion
  • Nature and purpose: Encrypted storage, vector embedding generation for semantic search, and retrieval of memories per MCP tool instructions
  • Type of personal data: User-generated text content, associated metadata (topics, type, scope), and derived data (vector embeddings, topic hashes)
  • Categories of data subjects: Users of the controller's AI assistant software stack

Processor Obligations

Gnosis Memory shall:

  • Process personal data only on your documented instructions. These Terms (including this DPA), together with the Scope of Processing above, constitute your documented instructions. At runtime, your AI assistant delivers instructions via the MCP protocol: each API call (memory_add, memory_search, memory_delete) is an instruction to process data as specified.
  • Not process your memory data for any purpose beyond those documented instructions. If we believe an instruction infringes GDPR or other applicable data protection law, we will inform you.
  • Inform you before processing personal data beyond your instructions if required to do so by Union or Member State law, unless such law prohibits disclosure on important grounds of public interest.
  • Transfer and process personal data in the United States. Safeguards for international transfers are described in our Privacy Policy, Section 7.
  • Ensure that persons authorized to process personal data are bound by contractual or statutory confidentiality obligations.
  • Implement appropriate technical and organizational security measures, including: encryption of memory content at rest with per-user ephemeral keys, access controls, and secure transport (TLS).
  • Engage sub-processors only with your general written authorization, which you grant by accepting these Terms. Current sub-processors are listed in our Privacy Policy. We will notify you by email at least 30 days before engaging any new sub-processor or replacing an existing one. If you object to a new sub-processor on reasonable data protection grounds, you may notify us within 14 days of our notification; we will either (i) not use the objected-to sub-processor for your data, or (ii) enable you to terminate the service and export your data without penalty. We impose data protection obligations on each sub-processor that are no less protective than those set out in this DPA, by way of written contract.
  • Assist you in responding to data subject rights requests to the extent technically feasible, by providing export, deletion, and account management tools accessible through your AI assistant. If you are unable to exercise your rights through your AI assistant (for example, if you lose access to your MCP client), you may contact us directly at privacy@gnosismemory.com to request data export, deletion, or access. We will respond within 30 days. For complex or voluminous requests, this period may be extended by up to 60 additional days, in which case we will notify you within the initial 30-day period.
  • Assist you, taking into account the nature of processing and information available to us, with your obligations under GDPR Articles 32 through 36, including: ensuring appropriate security of processing; providing information necessary for you to fulfill any breach notification obligations; assisting with data protection impact assessments where required; and assisting with prior consultation with supervisory authorities where required.
  • Upon termination of the service or your account, at your choice, delete or return all personal data processed on your behalf, and delete existing copies, unless retention is required by applicable law. See Section 8 (Data Export and Deletion) for timelines. You may request a full export before or during the deletion process.
  • Make available to you, upon reasonable request, information necessary to demonstrate compliance with these obligations. We will allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable advance notice (at least 30 days), reasonable scope limitations, and confidentiality obligations. Audits shall be limited to once per twelve-month period unless a data breach or regulatory investigation necessitates additional review.

Early Access note: During Early Access, Gnosis is operated by a sole developer. Response times for audit requests, breach notifications, and sub-processor change notices reflect the resources available at this stage. We will expand operational capacity as the service grows.

Record Fields

Gnosis appends standard record fields to stored memories as part of the advertised schema: timestamps (created_at, updated_at), user identifier, and content hash (for duplicate detection). These fields are part of the documented processing and are not additional processing beyond your instructions.

Breach Notification

In the event of a personal data breach affecting your memory data, we will notify you without undue delay (and in any event within 72 hours) after becoming aware of the breach, including: the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to address the breach. This information is provided to enable you to fulfill any notification obligations you may have as data controller.

Because memory content is encrypted at rest with per-user keys, a database-level breach would not expose readable content; however, metadata, embeddings, and account data could be affected. See our Privacy Policy for details on our encryption model.

20. Entire Agreement

These Terms, together with the Privacy Policy and the Data Processing Agreement in Section 19, constitute the entire agreement between you and [Entity Name, LLC] regarding Gnosis Memory and supersede all prior agreements and understandings, whether written or oral.

21. Assignment

You may not assign your rights under these Terms without our written consent. We may assign our rights in connection with a merger, acquisition, or sale of assets, provided the assignee agrees to be bound by these Terms. Any assignment in violation of this section is void.

22. Force Majeure

Neither party is liable for failures or delays in performance due to causes beyond reasonable control, including natural disasters, war, government actions, internet or infrastructure failures, or failures of third-party service providers. This does not affect your right to cancel your account or export your data at any time.

23. Contact

If you have questions about these Terms, need to report a violation, or want to exercise your data rights, contact us at:

  • Email: legal@gnosismemory.com
  • Entity: [Entity Name, LLC] (formation pending)
  • Address: Physical address pending entity formation

We aim to respond to general inquiries within 5 business days. For data rights requests (export, deletion, access), see Section 19 and our Privacy Policy for applicable timelines.