Privacy Policy

Effective Date: February 19, 2026
Last Updated: February 19, 2026

This Privacy Policy explains how Thought Substrate Inc. ("Thought Substrate," "Joined," "we," "us," or "our") collects, uses, discloses, and protects information when you use Joined Agent and related services (the "Service").

Joined is designed around user-owned intelligence and trust. This policy is written to protect your data while preserving clear, consent-based paths to improve the Service over time.

1. Scope

This Privacy Policy applies to our consumer Service across web, iOS, messaging interfaces (including Telegram), APIs, and related support operations.

The Service is intended for adults only. You must be at least 18 years old to use Joined.

2. Core Definitions

To avoid ambiguity, these terms have specific meanings in this policy:

• User Content: Prompts, messages, files, media, instructions, and other content you submit to the Service.
• User Vault / Memory: Your user-scoped persistent context, memories, files, preferences, and artifacts stored for your ongoing use of Joined Agent.
• Derived Data: Non-content signals generated from Service operation and usage (for example, tool success rates, correction frequency, latency patterns, and reliability metrics) that do not include raw User Content, reconstructable quotes, or identifiable memory fragments.
• Telemetry: Technical and operational metadata used to operate, debug, secure, and improve the Service (for example, timestamps, error codes, performance metrics, and device/session diagnostics).
• De-identified Data: Information that cannot reasonably identify you and is not linked back to your account.
• Model Training: Training, fine-tuning, reinforcement, or optimization of models intended for generalized behavior across users.
• Personalization: Adapting Service behavior using your own User Vault / Memory and account context for your benefit.

3. Information We Collect

We collect the following categories of information:

3.1 Account and Profile Data

• Account identifiers (such as email, username, or platform identifiers).
• Authentication and account security data.
• Basic profile settings you choose to provide.

3.2 User Content and User Vault / Memory

• Content, files, and artifacts you submit, generate, upload, or store.
• Memories, preferences, and persistent context you choose to keep in your Vault.

3.3 Telemetry and Diagnostics

• Performance and reliability metrics.
• Tool execution metadata (for example, success/failure signals and timing).
• Error logs and debugging metadata.

3.4 Support and Communications Data

• Support messages and issue reports.
• Time-bound support access records when you explicitly authorize access to your data.

3.5 Compliance and Safety Data

• Signals related to abuse prevention, fraud detection, platform integrity, and legal compliance.

4. How We Use Information

We use information to:

• Provide, maintain, and secure the Service.
• Personalize Joined Agent for you using your own User Vault / Memory.
• Deliver requested features, including sharing and collaboration controls.
• Monitor reliability, diagnose incidents, and improve tool performance.
• Detect abuse, enforce policies, and comply with legal obligations.
• Communicate service updates, legal notices, and support responses.

5. Personalization, Model Improvement, and Consent

5.1 Default Policy

• Raw User Content and User Vault / Memory are not used by default for generalized global Model Training.
• Your filesystem content, memories, and artifacts remain your data and are used to provide and personalize your experience.

5.2 Improvement Channels

We may improve the Service through:

• Derived Data and Telemetry.
• De-identified and aggregate reliability patterns.
• Evaluation signals and operational quality metrics.

5.3 Red Lines for Derived Data

Our Derived Data use is constrained:

• No reuse of raw User Content as Derived Data.
• No quote reconstruction from private User Vault / Memory.
• No identifiable memory fragments in improvement datasets.
• No cross-user blending of private User Vault data for personalization.

5.4 Optional Programs

If we offer optional programs that involve broader data contribution (for example, expanded model-improvement programs), participation will require explicit opt-in consent.

6. Sharing and Disclosure

We may disclose information in the following circumstances:

• At your direction: when you publish artifacts, share with other users, or enable bot-to-bot interaction with explicit authorization.
• Service providers (subprocessors): trusted vendors under contractual restrictions that process data on our behalf.
• Legal and safety reasons: to comply with law, legal process, or enforceable government request; to protect rights, safety, and platform integrity.
• Business transitions: in connection with mergers, acquisitions, financing, or asset transfers, subject to appropriate protections.

6.1 Current Subprocessors

As of the Last Updated date, our primary subprocessors include:

• OpenAI (model inference and related processing)
• Anthropic (model inference and related processing)
• Amazon Web Services (including Amazon Bedrock infrastructure/services where enabled)
• PostHog (product analytics and telemetry)

We may update subprocessors over time consistent with this Privacy Policy.
For detailed and downstream vendor snapshot disclosures, see Subprocessors.

7. Human Access and Support Controls

We design for minimal access. Human review may occur for:

• User-requested support and debugging.
• Abuse, fraud, or safety investigations.
• Incident response, legal compliance, or policy enforcement.

When support access to user data is user-enabled, the default access window is time-bound to 24 hours, unless extended with your consent or required for legal/security reasons. Access is limited and logged.

8. International Data Transfers

Joined may process data in the United States and other countries where our providers operate. When required, we use contractual and legal safeguards for cross-border transfers, including Standard Contractual Clauses (SCCs) or equivalent mechanisms.

9. Retention

We retain data based on category and purpose:

• Operational telemetry logs are retained for up to 30 days by default.
• User Vault / Memory and account data are retained while your account is active, subject to your deletion actions and retention obligations.
• Safety, abuse, and legal-compliance data may be retained beyond standard windows when needed for investigations, legal holds, or enforcement.

If you request account deletion:

• Data is marked for deletion promptly.
• Active-system purge target is within 7 days.
• Backups are deleted on normal backup expiration cycles, subject to legal hold and legal obligations.

10. Your Rights and Controls

Subject to applicable law, you can:

• Access and export your User Vault data.
• Download your data in machine-readable formats (including JSON/ZIP export bundles).
• Request correction or deletion of your data.
• Manage publishing/sharing controls and bot-to-bot permissions.
• Withdraw optional data-use consents you previously granted.

11. Security

We use administrative, technical, and organizational safeguards designed to protect data in transit and at rest, and to limit unauthorized access. No system is perfectly secure, but we continuously improve our protections and monitoring.

12. Changes to This Privacy Policy

We may update this Privacy Policy over time.

• For material changes, we will provide advance notice (generally at least 30 days).
• Continued use after the effective date of an update means you accept the updated policy.
• If we seek to materially expand use of previously collected User Content or User Vault / Memory beyond this policy, we will request explicit consent before applying that expanded use to previously collected content.
• We publish material legal updates in our Legal Changelog.

13. Contact

Thought Substrate Inc.
600 Congress Ave., Austin, TX 78701, USA

• Privacy: privacy@joined.ai
• Legal: legal@joined.ai