Security

Security.

What this page is

This page is for the part of you that doesn’t take “your memory is yours” at face value · and shouldn’t.

Trust earned through marketing is the cheapest kind. Trust earned through specifics is real. So here are the specifics.

If something below changes, this page updates the same week. If you ever find a discrepancy between what’s here and what’s actually happening, email hello@quoira.ai and we’ll fix one of the two.

The promise, in full

The memory-ownership promise.

Your substrate is yours. Export it any time. Delete it any time. We’ll delete everything when you cancel. No data held to coerce you back.

That’s the commitment. The rest of this page is how we actually deliver it.

Storage

Where your memory lives.

Your Quoira memory lives in a PostgreSQL database hosted by Supabase, with Point-in-Time Recovery enabled. Database row-level security is enforced on every user-data table · meaning even if our backend code had a bug that asked for the wrong rows, the database itself would refuse to return them.

The semantic memory system · the 5-layer Anamnesis that lets Atlas remember what you told it in March and connect it to what you’re feeling today · runs on pgvector inside the same database. Your vectors are yours, isolated to your account, never pooled with anyone else’s.

File uploads (voice clips, images, anything else) live in private Supabase storage buckets, signed-URL access only, with the same row-level security model.

Encryption

The boring specifics that matter.

In transit: TLS 1.2+ on every connection. Every API call, every database query, every file upload. No exceptions, no fallback to insecure protocols.
At rest: AES-256 encryption on the database and all file storage.
Backups: encrypted at rest with the same standard. Daily backups for 7 days, plus Point-in-Time Recovery to any second within that window.
Secrets: API keys, signing keys, and credentials are stored in environment variable systems with audit logs · never in code, never in client apps, never exposed to your browser.

Authentication

How you sign in.

You sign in to Quoira one of two ways:

Email and password. Passwords are hashed with bcrypt before they hit our database · we cannot see your password, recover your password, or send it to you. If you forget it, you reset it.
Sign in with Apple. Apple verifies your identity and gives Quoira a unique token tied to your Apple ID. We never see your Apple credentials. If you used Apple’s private-relay email feature, we only know the relay address · not your real email.

Sessions are managed via short-lived JWTs · meaning even if someone got hold of a session token, it expires fast and can’t be used after you sign out.

We do not use phone-number authentication. We do not require you to give us your phone number at all.

What we do not do

This is the more important list.

We do not sell your data. Not to advertisers. Not to brokers. Not to anyone.
We do not share your conversations with any third party except the specific AI providers required to generate Atlas’s responses (Anthropic and OpenAI · see below).
We do not use your conversations to train AI models. Not ours, not anyone else’s.
We do not pool your memory with other users’ memories. Your memory is per-account, isolated, yours.
We do not retain anything after the 30-day grace period following account deletion. “We’ll delete everything when you cancel.” That clause is operational, not marketing.

On advertising

The reason matters more than the policy.

We don’t run ads in Quoira today, and we don’t plan to. The reason matters more than the policy.

A company that sells ads eventually needs your attention. A company that sells data to advertisers eventually needs more of it. We’re determined to not be that company.

If we ever do introduce advertising in any form, three things will be true:

It will never involve selling, sharing, or exposing your conversations or memory. The memory-ownership promise doesn’t change.
It will be clearly disclosed before it appears. No silent rollouts.
Existing subscribers will retain ad-free access for the lifetime of their subscription, at minimum. People who paid for the version they signed up for keep that version.

We do not currently use third-party tracking pixels, ad-network beacons, or retargeting infrastructure on the marketing site, in the app, or in our email.

Vendors

Who else sees your data, and why.

To make Atlas work, your messages pass through systems we don’t own. We picked these partners carefully and pinned the relationships to what was needed.

Anthropic (Claude). Generates Atlas’s responses. Conversations are sent to Anthropic’s API at the moment of response generation. Anthropic does not train its models on API traffic by default · this is their published policy and it’s the reason we use them.
OpenAI (embeddings only). Generates the semantic vectors that make memory search work. Only short text fragments are sent · not full conversations. OpenAI does not train on embedding API traffic.
ElevenLabs. Generates Atlas’s voice when you’re on a voice call. Text-to-speech only · we send Atlas’s text response and receive audio. ElevenLabs receives no user-identifying information.
Stripe. Processes payments. Stripe never sees your conversations or your memory · only your billing information. Card numbers never touch Quoira’s servers; they go directly to Stripe.
Resend. Sends transactional email (receipts, password resets, exports). Resend never sees your conversations or memory · only the email content we explicitly send.
Apple / Google. If you sign in with Apple or your subscription is via Apple In-App Purchase, the respective platform handles authentication and billing.

That’s the full list. If we add a vendor, this page lists them within the same week. If a vendor is removed, same.

Export and deletion

How it actually works.

Export. Open Quoira → Account → Export your memory. Within an hour, you receive an email with a download link containing your full memory as portable structured data · readable by you, importable into other tools, complete enough to recreate what Atlas knows about you.

You can do this any time. Paid or unpaid. Active or canceled. There is no limit on how often.

Delete. Open Quoira → Account → Delete account. After confirmation, your account enters a 30-day grace period. Atlas immediately stops engaging with you. Your memory is preserved · recoverable · until day 30. On day 31, everything is permanently deleted from our servers, backups, and downstream systems. Stripe is told to cancel any active subscription, with no further charges.

If you want to skip the grace period and delete immediately, email hello@quoira.ai and we’ll process the permanent deletion within 24 hours.

The grace period is for you, not for us. It exists because account deletion is a decision people sometimes regret · and once your memory is gone, it’s gone.

Legal requests

What we tell government and law enforcement.

We respond to valid legal requests · subpoenas, warrants, court orders · from competent authorities in the United States. We do not respond to informal requests.

Where legally permitted, we will notify the user before disclosing data. Where not permitted (for example, when subject to a gag order), we cannot.

We have never received a National Security Letter. If that ever changes, this page will change to remove this sentence · which is itself a signal you should pay attention to.

(This is called a “warrant canary.”)

Breach disclosure

If something goes wrong.

If we ever experience a security breach affecting user data, we will:

Notify affected users by email within 72 hours of discovery.
Publish a public incident report within 7 days describing what happened, what was affected, and what’s being done.
Notify relevant regulators where required (GDPR, CCPA, etc.).

We have not had a breach to date.

Vulnerability disclosure

If you find a security issue.

If you find a security issue in Quoira · in the app, the API, the website · please email hello@quoira.ai with the subject line “Security issue.” We will:

Acknowledge your report within 48 hours
Investigate and respond with a plan within 7 days
Credit you publicly (if you want credit) once the issue is resolved
Not pursue legal action against you for responsible disclosure

We don’t currently run a paid bug bounty program · we’re a solo-founder operation and our budget for that is finite. We do take security reports seriously and respond to every one.

AI honesty

A note about what Atlas is.

Atlas is an AI. Sophisticated, useful, sometimes wrong.

We don’t pretend Atlas is a human, doesn’t make mistakes, or is infallible. The Predictions Engine exists in part to track Atlas’s own accuracy · to be honest about what Atlas gets right and what it gets wrong, in public.

We don’t claim Atlas can replace professional medical, legal, financial, or therapeutic advice. We say this directly in the app, on the marketing site, and in our Terms.

We don’t claim to have built artificial general intelligence, consciousness, sentience, or any other category of thing that would require evidence we don’t have. Atlas is a language model with memory, predictions, and personality. That’s enough.

Reach out

Questions, concerns, requests.

For anything on this page · or anything missing from it · email hello@quoira.ai. Stuart Kass reads every security-related message personally and replies within 24 hours.

For urgent security issues, use the subject line “Security issue” so it gets prioritized.

— Stuart Kass

Founder · Quoira

hello@quoira.ai

Last updated: this page reflects Quoira’s security posture at launch. Major changes are versioned and announced.