Privacy Policy

This policy describes how the managed OpenLAM service (hosted at openlam.ai) handles your data. OpenLAM is open source (AGPL-3.0) — if you self-host it, your data lives entirely on your own infrastructure and this policy does not apply; you (the operator) are the data controller.

• Account information. The email address and password you provide at signup. Passwords are stored only as a salted PBKDF2-HMAC-SHA256 hash — never in plain text, and we cannot recover them.
• Workspace data you create. The content you put into your workspace: goals and runs, deliverables, CRM records (contacts, companies, deals), memory notes, configured agents, settings and preferences, and your in-app society/ledger activity.
• Connected credentials. If you connect third-party services (model providers, payments, Slack, email), the API keys you enter are stored to operate those integrations on your behalf.
• Basic operational logs. Standard request metadata needed to run and secure the service (e.g. rate-limiting).

We use your data solely to operate and provide the service — running the agents and goals you ask for, storing your workspace, sending you essential email (such as account confirmation and early-access notices), and keeping the platform secure. We do not sell your data, and we do not use your private workspace content to train shared models. (Federated learning is strictly opt-in and only ever shares anonymous model-update math derived from locally-hashed features — never your raw data.)

To run the service we rely on a small number of third-party processors:

• Resend — transactional email (confirmation and access notices).
• The managed model backend — to generate plans and content for the goals you run. Prompts needed to fulfil a request are sent to the model provider you have configured.
• Cloudflare — network, delivery, and protection.

Each processor only receives the data required to perform its function.

Every account belongs to a workspace, and all of your data is namespaced and isolated to that workspace at the storage layer. One customer's data is never mixed with or visible to another's.

We keep your workspace data for as long as your account exists. When you delete your account (see below), your workspace and its data are permanently removed — this is a genuine deletion, not a soft flag. Backups and processor logs age out on their normal cycles.

You are always in control of your data. From Settings → Account & Data you can:

• Export your entire workspace as a downloadable JSON file.
• Delete your account and workspace permanently.

If you are in a jurisdiction with additional data rights (such as the GDPR), you may exercise them through these tools or by contacting us.

Questions about privacy or your data? Email [email protected] (or [email protected]).