Privacy Policy.

Who we are.

Ragionex operates this service. Data processing infrastructure is located in Germany (European Union). For privacy questions or to exercise your rights, contact [email protected].

What we collect.

Account data

When you sign up for the Memory API, we collect your email address and generate an API key tied to it. We store standard account metadata (such as signup and last-active timestamps) to operate and secure the account.

Waitlist submissions

If you join a waitlist (Knowledge custom docs or Memory Pro notifications), your email is submitted directly from your browser to a third-party form provider. Ragionex receives these submissions from the provider.

Memory content

If you use the Memory product, we store the content you explicitly send via the /v1/memory/write endpoint. This is the data you write for your AI agent to recall later. We treat this as user-owned content and do not access it except to provide the service.

API usage logs

When you use the Knowledge search endpoint (/v1/knowledge/search), we record standard web-server metadata (such as IP address, user agent, endpoint called, HTTP status, response time, and country code derived from IP), a masked prefix of the API key used, your search query, and a short truncated summary of the response. These categories are kept only to the extent needed for abuse detection, debugging, and capacity planning. Memory API requests are not persisted to this audit log beyond ephemeral web-server access logs.

Why we process it.

Each data category is processed for a specific, declared purpose:

• Account data - to authenticate your API requests and send transactional emails (API key delivery).
• Waitlist submissions - to contact you when a product tier becomes available.
• Memory content - to index it for semantic retrieval when you query your own memories.
• API usage logs - to monitor service health, debug errors, enforce rate limits, detect abuse, and comply with legal obligations.

Legal basis under GDPR: contract performance (Article 6(1)(b)) for account, memory, and API usage operations; legitimate interest (Article 6(1)(f)) for abuse detection and security logging. International transfers in the Memory product are protected by appropriate safeguards under Chapter V of the GDPR, including Standard Contractual Clauses where applicable.

Is providing your data required? Your email at signup and your Memory content are contractual requirements - without them, we cannot provide the requested service. Waitlist email submission is entirely voluntary; the only consequence of not providing it is that we cannot notify you when a tier opens.

Who we share with.

We use third-party service providers ("processors") to operate the service. We disclose them by category here; a specific subprocessor list is available on request via [email protected].

• Cloud infrastructure provider - hosts the Ragionex server and stores your data on disk. Located in Germany (European Union).
• CDN and DDoS protection service - routes incoming requests, filters malicious traffic, and caches static assets. Logs IP addresses and request metadata.
• Transactional email provider - delivers API keys and service notifications. Receives recipient email addresses and message content.
• Third-party form provider - receives waitlist email submissions directly from your browser (the submission does not pass through Ragionex servers).
• Technical service providers - support infrastructure that assists in data processing and content indexing. Some providers operate outside the European Economic Area. See "International transfers" below.

We do not sell, rent, or share your data with advertisers, data brokers, or third parties for marketing purposes.

International transfers.

Your data is primarily stored inside the European Union (Germany). However, certain processing operations may take place with service providers outside the European Economic Area when you use the Memory product.

These transfers are protected by appropriate safeguards under Chapter V of the GDPR, including Standard Contractual Clauses where applicable. A copy of the relevant safeguards is available on request via [email protected].

How long we keep it.

We retain your data until you request deletion or delete it yourself via the API. Retention is driven by the purposes listed below:

• Account and API keys - kept until you request account deletion.
• Memory content - kept until you delete via /v1/memory/delete or request full account deletion.
• Waitlist emails - kept until you request removal or we close the corresponding waitlist.
• API usage logs - retained only as long as needed to meet the purposes listed above (abuse detection, debugging, rate-limit enforcement) and to comply with any applicable legal retention obligation. Log entries are deleted when the purpose is extinguished, and earlier upon verified request where no overriding legal obligation applies.

Your rights.

Under GDPR, you have the right to:

• Access - request a copy of the personal data we hold about you.
• Rectification - correct inaccurate or incomplete data.
• Erasure ("right to be forgotten") - request deletion of your data.
• Portability - receive your data in a machine-readable format.
• Restriction - limit how we process your data.
• Objection - object to processing based on legitimate interest.
• Withdraw consent - revoke any consent you previously granted.
• Complain to a supervisory authority - you have the right to lodge a complaint with a data protection authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement. A directory is available at edpb.europa.eu.

To exercise any of these rights, email [email protected]. We respond within the timeframes required by GDPR.

Contact us.

For any privacy-related question, data subject request, or to request a specific subprocessor list, write to [email protected]. We respond within the timeframes required by GDPR.