// Privacy

Privacy Policy

Effective: May 10, 2026·OneNomad LLC · North Carolina, USA
Note. This document is provided in good faith for the Pyre public beta and reflects how we operate today. It is not legal advice. Final terms will be reviewed by counsel before general availability; material changes will be announced and dated.

Pyre is built on a local-first principle: by default, your conversations, personal memory, and personality stay on your machine. This policy describes what we collect, what we don't, and how we handle the narrow set of data that does cross our systems — primarily for Pyre Pro and Pyre Enterprise customers. "We," "us," and "OneNomad" mean OneNomad LLC, a North Carolina limited liability company.

1. What this policy covers

This policy applies to:

  • onenomad.dev and product marketing pages (this site).
  • Pyre Core — the open-source local runtime, when run on your own hardware.
  • Pyre Pro cloud features (cross-device sync, background agents, encrypted backups, plugin catalog).
  • Pyre Enterprise — managed and on-prem deployments, subject to the additional terms in your contract and Data Processing Addendum (DPA).

2. What we don't collect

Pyre Core does not phone home. There is no usage telemetry, no analytics beacon, no "anonymous metrics" sent to OneNomad when you run Pyre on your own machine. The source is open — you can verify this. Crash logs, when generated, are written to disk locally and are never transmitted unless you choose to attach one to a support request.

We also do not:

  • Train models on your data. Ever. Not for Core, not for Pro, not for Enterprise.
  • Proxy your cloud-LLM traffic. When you use a third-party model through Pyre (OpenAI, Anthropic, OpenRouter, etc.), the request goes directly from your machine to that provider using your API key. We never see the prompt or response.
  • Sell or share personal information with advertisers or data brokers.

3. Information we collect

3.1 Website visitors

We use minimal server logs (IP address, user agent, timestamp) for security and uptime monitoring. Logs are retained for 30 days. We do not deploy third-party advertising trackers or behavioral analytics on this site.

3.2 Pyre Pro accounts

For Pro subscribers we collect:

  • Account identity — email, OAuth identifiers (GitHub, Google, or passkey) handled by our authentication provider, Clerk.
  • Billing data — handled by Stripe. We see purchase records (plan, renewal date, status); we do not store full card numbers.
  • Encrypted sync blobs — your soul, persona, personal memory (Engram), conversation history, and project context, end-to-end encrypted on your device before upload. We hold ciphertext only. Without your device key, we cannot read this data.
  • Operational metadata — last-sync timestamps, blob sizes, error counts. Used to keep sync working and to bill correctly.

3.3 Pyre Enterprise customers

On-prem and managed Enterprise deployments are governed by your written contract and DPA. In on-prem deployments, OneNomad does not have access to your data; your administrators control storage, retention, and access. In managed deployments, audit logs and operational telemetry are scoped per the DPA.

4. How we use information

We use the information described above to:

  • Authenticate you and authorize device sync.
  • Operate billing, send receipts, and prevent fraud.
  • Provide customer support when you ask for it.
  • Investigate security incidents and meet legal obligations.

We do not use your data for advertising, profiling, model training, or any purpose unrelated to providing the service.

5. Third-party processors

We rely on a small number of vendors to operate Pyre Pro. Each is bound by a data processing agreement and operates under its own privacy policy:

  • Stripe — payments, billing, fraud prevention.
  • Clerk — authentication and user identity.
  • Hetzner — primary infrastructure hosting (EU data centers).
  • Cloudflare — CDN, DDoS protection, R2 object storage for encrypted sync blobs.
  • Neon — managed Postgres for account and operational metadata.

We will update this list when we add or remove processors. Enterprise contracts may add or restrict processors as part of the DPA.

6. End-to-end encryption

Pyre Pro's cross-device sync uses client-side encryption. Your device generates and holds the encryption key. Data is encrypted before it leaves your machine; only ciphertext is transmitted to our servers and stored on Cloudflare R2. We do not have and do not want a key-escrow mechanism. If you lose every device with the key and haven't exported a recovery key, your synced data will be unrecoverable — by design.

7. Cookies and analytics

We use a single first-party session cookie for authenticated areas of the site. We do not deploy third-party cookies, fingerprinting libraries, or advertising pixels. If we ever add a privacy-respecting analytics tool (e.g., Plausible, Fathom), we will name it here and provide a way to opt out.

8. Data retention

  • Server logs — 30 days.
  • Encrypted sync blobs — retained while your subscription is active; deleted within 30 days of cancellation, or immediately on request.
  • Account and billing records — retained for as long as legally required (typically 7 years for tax records).
  • Support tickets — 12 months from resolution unless you ask us to delete them sooner.

9. Your rights

Regardless of where you live, you can:

  • Access — request a copy of personal information we hold about you.
  • Delete — ask us to delete your account and associated data.
  • Export — receive your data in a portable format. For local data, you already have it; for synced data, your client can export decrypted copies.
  • Correct — update inaccurate account information directly in your account settings or by request.
  • Object / restrict — limit how we process your data where law permits.

EU/UK residents have additional rights under GDPR/UK GDPR including the right to lodge a complaint with a supervisory authority. California residents have rights under the CCPA/CPRA. Contact us at privacy@onenomad.dev to exercise any of these.

10. International transfers

OneNomad is based in the United States. Our infrastructure is primarily hosted in the European Union (Hetzner). When data moves between regions, we rely on standard contractual clauses and other safeguards required by applicable law.

11. Children

Pyre is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If we learn that we have, we will delete it.

12. Security

We protect data at rest and in transit using industry-standard cryptography (TLS 1.3, AES-256). Pro sync data is encrypted client-side before upload. Access to production systems is restricted, audited, and requires hardware-backed authentication. Reporting a vulnerability? Email security@onenomad.dev — please act in good faith.

13. Changes to this policy

We may update this policy as the product evolves. Material changes will be announced in-product and on this site at least 14 days before they take effect. The "Effective" date at the top reflects the current version.

14. Contact

Questions about this policy or about your data: privacy@onenomad.dev. General inquiries: hello@onenomad.dev.

OneNomad LLC · North Carolina, USA · onenomad.dev