This comprehensive Privacy Policy and accompanying Limited Liability Agreement, hereinafter referred to as "This Policy," is meticulously established by The Company (hereinafter, "The Company") with express and exclusive reference to the utilization, deployment, configuration, and subsequent operation of the proprietary, open-source-compatible software solution identified as "Arche: Memory Injection for AI Agents" (hereinafter designated as "Arche" or "The System"); whereas Arche is fundamentally and structurally architected as a User-Deployed, Self-Managed Technical Architecture, specifically designed to facilitate the creation, conversion into vector embeddings, and semantic retrieval of persistent AI memory fragments, typically requiring integration with a User-provisioned PostgreSQL database instance fortified by the requisite pgvector extension and interconnected via a self-hosted Model Context Protocol (MCP) Server, it is therefore an irrefutable, non-negotiable, and prerequisite condition of installation and ongoing usage that the User, irrespective of whether the deploying entity is an individual or an organization, fully and unequivocally comprehends, acknowledges, confirms, and irrevocably agrees that The Company provides and licenses Software and attendant documentation, and does not, under any existing, emergent, or future circumstances whatsoever, function as a Software-as-a-Service (SaaS) provider, necessitating that The Company shall not, cannot, and structurally lacks the technical capability to receive, ingest, store, transmit, analyze, process, or otherwise maintain custody, temporary or permanent, of the User's confidential Personal Memory Data, thereby placing all such data entirely outside the operational purview of The Company's infrastructure.

The processing activities referenced in this Policy pertain exclusively to data which is willfully input, programmatically transferred, or otherwise manually or automatically submitted by the User, operating their self-hosted Arche System, through the Web Dashboard, the Model Context Protocol (MCP) Server, or the various Import functionalities; this data, generically referred to as "Personal Memory Data," constitutes the semantic essence of the User's preferences, expertise, work style, and historical context.

2.1 Categories of Personal Memory Data (Processed Exclusively on User's Infrastructure):

The exclusive, singular, and non-expandable purpose underlying the processing of Personal Memory Data, which processing is performed entirely by and within the technical boundaries of the User's self-provisioned deployment, is the comprehensive operationalization of the Model Context Protocol (MCP) framework; this operation necessitates the immediate and dynamic injection of contextually pertinent, semantically retrieved vectorized memory fragments directly into the structured input prompts destined for and subsequently transmitted to the User's externally selected, independent Large Language Model (LLM) providers (e.g., Anthropic, OpenAI, Google), constituting the necessary contractual fulfillment required to deliver the core utility of persistent, context-aware, and continuous AI interaction which the Arche System is designed to facilitate, contingent upon the User's explicit command and configuration choices.

Notwithstanding the fact that the Arche System is specifically engineered to store all Personal Memory Data, predominantly in its vectorized form, within a robust, User-configured, third-party, open-source-compatible vector database environment (which, according to the Technical Guide, must support the pgvector extension for efficient indexing), the absolute, exhaustive, non-delegable, and permanent responsibility for the ongoing maintenance, architectural security, robust access control policies—including the necessary configuration of PostgreSQL's Row-Level Security mechanisms (as explicitly detailed in Section 7.2 of the Arche Technical Guide)—appropriate cryptographic protocols, reliable data backup procedures, and strict adherence to all relevant regional, national, or international data protection and privacy statutes (including but not restricted to, the General Data Protection Regulation or the California Consumer Privacy Act) pertaining to the physical or logical location of such stored data, shall remain, at all times and without exception, the exclusive obligation of the individual User or the deploying entity.

4.1 Assumption of Risk and Architectural Liability Limitation:

The Company, acting solely as the licensor and provider of software source code and technical documentation, hereby expressly and irrevocably disclaims, to the maximum extent permissible under applicable law, any and all forms of liability, indemnification claims, or responsibility arising from, connected to, or related to any incident of data breach, comprehensive data loss, unauthorized third-party access, service interruption, or consequential non-compliance with statutory or regulatory requirements resulting from the configuration, systemic failure, intentional or unintentional negligence, or inadequate security provisioning of the User's self-provisioned database infrastructure, the User's operating environment, or the services provided by any external third-party data hosting or LLM provider; the User's unilateral decision to deploy, configure, and operate Arche constitutes an explicit and fully informed assumption of all attendant infrastructure hosting and data management risks.

The Company, by the very nature of the self-hosted Arche architecture, neither possesses nor unilaterally initiates the transmission of Personal Memory Data to any third party for its own benefit; however, the User acknowledges and understands that the functional operation of The System mandates two critical, sequential external transmissions, both of which are initiated and controlled solely by the User's self-hosted MCP Server, thereby requiring the User to independently review and comply with the respective policies of the third-party recipients:

5.1 Transmission to External Embedding Model Providers (Vectorization):

The process of converting the textual Core Memory Content (Section 2.1.A) into high-utility Vector Embeddings (Section 2.1.B) requires the temporary and essential transmission of the raw text to an external, independent, and commercially available Embedding Model Service (e.g., Google's models or functionally equivalent providers), the data handling practices, retention periods, security measures, and jurisdictional compliance of which are solely and exclusively governed by the contractual terms and privacy policies established between the User and the respective Embedding Model Provider.

5.2 Transmission to External Large Language Model (LLM) Providers (Context Injection):

The primary value proposition of Arche is the seamless and dynamic injection of the retrieved, contextually relevant Personal Memory Data into the User's prompt intended for the chosen external LLM Inference Engine (e.g., OpenAI's ChatGPT, Anthropic's Claude, or Google's Gemini); this injection transfers the data to the LLM Provider selected by the User, and the subsequent storage, processing, training usage, security, and confidentiality of this injected memory context falls entirely and absolutely under the domain of the terms of service, acceptable use policies, and privacy agreements negotiated and established solely between the User and the external LLM Provider, requiring the User to conduct a comprehensive and independent compliance review of those external agreements.

The Company hereby explicitly and unequivocally disclaims all responsibility and liability for the manner in which any external Embedding Model Provider or any external Large Language Model Provider processes, utilizes, retains, or secures the Personal Memory Data transmitted to them by the User's self-hosted Arche System.

In absolute adherence to the architectural principle of User Data Sovereignty, the User maintains complete, unrestricted, and perpetual control over their Personal Memory Data, and furthermore, possesses the unqualified right, structurally guaranteed by the inherent design of the Arche System, to perform the following actions without recourse or permission from The Company:

6.1 Right of Access and Retrieval:

The ability to access, view, search (via semantic similarity or keyword query), and list all stored memories directly through the Web Dashboard interface, which establishes a secure connection only to the User's self-hosted database instance.

6.2 Right of Rectification and Erasure:

The non-derogable right to modify, correct, edit, or permanently and irrevocably delete any stored Personal Memory Data utilizing the delete_memory tools exposed by the MCP Server or by executing standard SQL commands directly against the underlying database tables controlled by the User.

6.3 Right of Data Portability (No Vendor Lock-In):

The unequivocal and architecturally guaranteed right to export all Personal Memory Data, encompassing both the raw text content and the associated Vector Embeddings, at any point in time, utilizing standard, non-proprietary SQL database tooling, thereby facilitating complete and seamless portability and transition away from the Arche System without any dependency upon The Company's operational assistance.

The Company explicitly reserves the full, comprehensive, and non-negotiable right to revise, amend, update, or fundamentally modify the stipulations, clauses, and dependencies contained within this Privacy Policy and Limited Liability Agreement at any juncture, which revised conditions shall automatically become immediately effective upon the publication of the updated Policy within the official Arche documentation or codebase repository; any continued utilization of the Arche System subsequent to the publication of such revisions shall constitute the User's explicit, unconditional, and legally binding acceptance of the entirety of the updated terms, requiring the User to maintain continuous and proactive consultation of the current Policy.

7.1 Administrative Contact:

For any strictly administrative, policy-related, or legal inquiries pertaining solely to the structure, licensing, or interpretation of this Policy, the User is directed to contact: