// legal

Privacy Policy

Last updated: 31 May 2026

Noctuary ("we", "us", or "our") operates the Noctuary AI Incident Context Platform available at noctuary.io. This policy explains what data we collect, how we use it, and your rights.

1. What we collect

We collect the following categories of data:

• Account data — email address, hashed password, and account role when you register.
• ContextEvents — structured signal data emitted by the Noctuary Agent running in your infrastructure. These contain event metadata (timestamps, service names, event types, confidence scores) but never raw log content, credentials, or PII.
• Usage data — API request logs, incident diagnoses, and engineer feedback (confirmed/wrong) used to improve correlation accuracy.
• Technical data — IP addresses, browser type, and session identifiers for security and authentication purposes.

2. What we do not collect

By design, the Noctuary Agent processes log data locally in your infrastructure. The following never leaves your environment:

• Raw log file contents
• Credentials, API keys, or secrets appearing in logs
• Personally identifiable information (PII) from your users
• Network traffic or packet data

3. How we use your data

• To provide the incident enrichment service — correlating ContextEvents and generating hypotheses
• To operate and improve the platform — using aggregated, anonymised patterns
• To authenticate and secure your account
• To contact you about your account or significant service changes

We do not sell your data to third parties.

4. Data storage and security

Your data is stored on servers in the United States (Hetzner, Ashburn, VA). We apply encryption in transit (TLS 1.3 via Cloudflare) and at rest. Access to production data is restricted to the minimum necessary personnel.

5. Data retention

• ContextEvents expire automatically based on their TTL (set by the agent). Events are not retained indefinitely.
• Incident records and diagnoses are retained for the lifetime of your account.
• Account data is retained until you request deletion.

6. Third-party services

We use the following third-party services to operate Noctuary:

• Anthropic Claude — LLM inference for incident hypothesis generation. ContextEvent data is sent to Claude for processing.
• Cloudflare — DDoS protection, TLS termination, and WAF.
• Sentry — Error tracking (application errors only, no user data).

7. Your rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data. To exercise any of these rights, contact us at [email protected].

8. Contact

Questions about this policy: [email protected]