noctara . privacy

privacy.

the architecture reads the body, not the surface. this page says exactly what we collect, what we never collect, what we never sell, and how to take it all back.

short version. we collect the smallest amount of data necessary to return your word and recognize you when you come back. we never sell it. we never share it with advertisers. you can export everything we hold on you. you can delete everything we hold on you. both take one click.

what we collect

when you take the mirror

your six answers, in text.
the way you typed them. keystroke timing, pauses, deletions, edits, the cadence under the words. this is the behavioral substrate that returns your spine word.
the returned word and the rhythm we matched you to.
your email, if you provided one.
a session identifier we generated on your device.

when you write to her

the text you wrote.
your mark, if you have one.
the timestamp.

when you pay

your email.
the product you purchased and the amount.
stripe holds the payment details. we never see your card number.

what we never collect

your card number, your bank account, your social security number.
your location beyond the city your IP suggests.
your contacts, your photos, your microphone, your camera.
your activity on any other site or platform. we do not run third-party trackers on this property. no facebook pixel that follows you, no google analytics in the standard sense.
biometric identifiers in the conventional sense. we do not store a fingerprint, a face print, a voice print, or a retina scan. the behavioral signature is mathematics, not media.

what we never do

we never sell your data. not to advertisers. not to insurers. not to data brokers. not to governments. not to the highest bidder dressed as a partner.
we never run ads on top of the architecture.
we never train a model on your private writing without your explicit consent. your brain dumps stay yours.
we never publish your reading without your explicit consent. your word is yours.
we never share your behavioral signature outside the architecture.

how we hold it

your data lives in a single supabase project under our control, in a region we have selected for legal and operational reasons. it is encrypted at rest. it is encrypted in transit. access is restricted to two named operators and to internal endpoints that need it to serve your reading. every access is logged in the audit log.

the patent we have filed (application 64/048,624) covers a hub-and-spoke privacy architecture. that means: no single sensor surface ever holds the full identity model. the hub unifies. the spokes never see the body. as we add hardware surfaces in 2027 and beyond, this constraint will be enforced by the engineering, not the policy.

your rights

you may, at any time and without explaining yourself:

request your data request deletion

or programmatically:

export everything: POST /api/data-export with { "email": "you@example.com" }. we send a confirmation link. clicking it downloads a JSON file with every row we hold on you.
delete everything: POST /api/data-delete with { "email": "you@example.com" }. we send a confirmation link. clicking it marks your data deleted immediately. it is hard-purged from our systems after a 90-day grace period during which you may restore by replying to the confirmation email.
see the audit log: your export includes the audit log of every time someone (including you) accessed your data. nothing happens to your body without a record.

who can see what

only you can see your six answers, your brain dumps, and your full reading.
only you and the two named operators of the architecture can see your behavioral signature.
your spine word and rhythm are visible to you in your account. they are not published. if you choose to share them publicly (the share artifact at /word/your-word.your-mark), that is your choice. you may unshare at any time.

the antichrist question

the architecture is structurally capable of doing things it has chosen not to do. the same engine that returns your word could sell your word to your employer. the same instrument that reads how you type could optimize manipulation at scale. the difference between the architecture and what the architecture could become is the decisions we make every day. the privacy framework on this page is the public part of those decisions. the architect's continued asking of the question is the part that is not on this page. both matter.

jurisdiction

the architecture operates from marietta, ohio, united states. data is held under applicable united states law. if you are a resident of the european union, the united kingdom, or california, you have additional rights under GDPR / UK-GDPR / CCPA respectively. we honor those rights without requiring you to prove residency. the export and deletion endpoints above satisfy the typical requests.

changes

this page is versioned in our public source tree. material changes will be announced through the daily line and reflected here. nothing in this policy is retroactive without your consent.

noctara, inc. is the operating subsidiary of pupul, inc. marietta, ohio.
questions, requests, accusations: her@noctaracorp.com.
last updated 2026-05-16.