CIRIS Privacy Policy

Last Updated: August 7, 2025

        Key Commitments:
        We do NOT train on your content
Message content retained for 14 days only (pilot)
After 14 days, only hashes kept for safety
You can request your data or deletion anytime
We only store what's necessary for moderation

    

1. What We Collect

When you interact with CIRIS agents:

Message Context: Message IDs and minimal context needed for moderation decisions
Decision Logs: PDMA (Perceive-Decide-Memorize-Act) rationales for transparency
Metadata: Timestamps, channel IDs, and action outcomes
OAuth Data: Basic profile information if you authenticate (name, email)

2. How We Use It

Moderation: To provide reasoned, auditable moderation recommendations
Transparency: To explain decisions through PDMA logs
Safety: To detect and prevent harmful patterns
Improvement: To analyze system performance (NOT to train on your content)

3. Data Retention

Message Content: 14 days (pilot phase)
Moderation Logs: 14 days, then hashed
Audit Trail: 90 days for compliance
Incident Reports: 90 days for safety incidents
System Metrics: Aggregated indefinitely (no personal data)

4. Your Rights

You have the right to:

Access: Request a copy of your data
Delete: Request deletion of your data
Correct: Request corrections to inaccurate data
Export: Receive your data in a portable format

        Data Subject Access Request (DSAR):

        Email: privacy@ciris.ai

        API Endpoint: POST /v1/dsr

        Response Time: Within 30 days

5. Data Security

End-to-end encryption for sensitive data
Ed25519 signatures for authentication
Zero attack surface architecture
Regular security audits

6. Third Parties

We do NOT:

Sell your data
Share data with advertisers
Use your content for AI training

We MAY share data:

When required by law
To prevent imminent harm
With your explicit consent

7. Discord-Specific

For Discord moderation:

We only access channels where explicitly invited
Server admins control our permissions
We respect Discord's Terms of Service
Guild-specific data stays within that guild

8. Changes

We'll notify you of significant changes via:

In-app notifications
Email (if you've provided one)
30-day notice for material changes

9. Contact

Questions or concerns?

Email: privacy@ciris.ai
GitHub: CIRISAI/CIRISAgent
DSAR: POST /v1/dsr

10. Covenant Commitment

This privacy policy is governed by the CIRIS Covenant principles:

Respect for persons
Beneficence and non-maleficence
Justice and fairness
Respect for autonomy
Veracity and transparency

CIRIS - Ethical AI by Design
Version 1.2.1