Privacy Policy

This Privacy Policy explains how Cyton ("Cyton", "we", "us", or "our") handles personal data. Cyton is an independent product operated from Vietnam. It applies to:

• the Cyton desktop app for macOS (the "App"), and
• the website at cytonai.com (the "Site"), including sign-in and checkout.

It does not cover third-party products you connect Cyton to, such as Obsidian, Claude, or your AI client of choice. Those are governed by their own privacy policies.

• Local-first by design. Your vault notes and the graph derived from them live on your device, not on our servers.
• On-device processing. The conversion of your notes into searchable vector form (embeddings) runs locally, offline, on your Mac.
• Data minimisation. We collect only what is needed to sign you in, bill you, keep the product working, and support you.
• No ads, no selling. We do not sell or rent personal data and we do not use it for advertising.
• Your content moves only when you ask. Note content leaves your device only when you actively use an AI feature or connect Cyton to an AI assistant.

Account information

When you sign in with Google, we receive and store basic profile details from your Google account: your name, email address, and a Google/Supabase account identifier. We also store your plan status (Free or Pro). Authentication and this account record are handled by Supabase on our behalf.

Billing information

Payments are processed by Lemon Squeezy, which acts as the Merchant of Record for Cyton. When you subscribe to Pro, Lemon Squeezy collects your name, email, and payment details and processes the transaction. We do not see or store your full card number. We receive confirmation of your subscription status so we can unlock Pro features for your account.

Diagnostic and crash data

To keep Cyton stable we use Sentry (hosted in the EU) for error and crash reporting in the App and on the Site. When something goes wrong, Sentry may record technical details such as the error and stack trace, the Cyton version, your operating system and device type, and limited context about what the app was doing. We use this only to diagnose and fix problems. We do not use it to read your notes.

Website data

The Site is hosted on Vercel, which keeps standard server request logs (such as IP address and browser type) for security and reliability. Sign-in uses a Supabase session stored in your browser's local storage so you stay logged in. The Site does not use analytics, advertising, or tracking cookies.

Data stored locally on your device

The App keeps a configuration file and your knowledge-graph database in a folder on your Mac (~/.cyton). This local data can include your selected vault path, your email and name (for display), your plan, your session tokens, and the graph Cyton builds from your notes. This stays on your machine and is under your control.

Cyton reads the Obsidian vault folder you point it to and builds a living knowledge graph from it - nodes, connections, tags, and memory signals. This processing happens locally on your Mac. The full text of your notes and the resulting graph are stored on your device, not uploaded to Cyton servers. We have no copy of your vault.

The one situation in which note content leaves your device is when you choose to use an AI feature or connect Cyton to an AI assistant. That is described next.

Cyton's AI features - such as node enrichment, session synthesis, and active-recall questions - are powered by Anthropic's Claude API. When you use one of these features, the relevant note content or excerpts are sent to Anthropic to generate the result, then returned to your device. Anthropic processes this data to provide the API response and, under its commercial API terms, does not use data submitted through the API to train its models.

Separately, Cyton runs a local MCP (Model Context Protocol) server so you can connect it to your own AI assistant (for example, Claude). When you use Cyton through such an assistant, the notes and context you surface are sent to that AI provider as part of your own usage, governed by your agreement with that provider. You control what you send and when.

If you never use an AI feature and never connect an AI assistant, your note content does not leave your device through Cyton.

• Provide the service: authenticate you, sync your plan, and run the features you use.
• Billing: set up and maintain your subscription through Lemon Squeezy.
• Support: respond to your questions and requests.
• Reliability and security: diagnose crashes, fix bugs, and protect against abuse.
• Legal: comply with applicable law and enforce our Terms.

Where the GDPR or similar laws apply, we rely on these legal bases: performance of our contract with you (providing the App and Site), our legitimate interests (keeping the product working and secure), your consent (where requested), and compliance with legal obligations.

We use a small number of trusted providers to operate Cyton. We share only what each provider needs for its function. We do not sell personal data.

Each provider handles your data under its own privacy policy: Supabase, Google, Anthropic, Lemon Squeezy, Sentry, and Vercel.

We may also disclose information if required by law, or to protect the rights, safety, and security of Cyton and its users.

• Account data is kept while your account is active. If you ask us to delete your account, we remove your account record from Supabase.
• Billing records are retained by Lemon Squeezy as needed for tax and accounting under its policies.
• Diagnostic data in Sentry is retained on a rolling, limited basis for debugging.
• Local data on your device remains until you delete it (by removing the ~/.cyton folder or uninstalling the App).
• AI requests are not stored by us; handling on the provider side is governed by that provider's policy.

We use reputable infrastructure providers and standard protections such as encryption in transit. Your most sensitive content - your notes and graph - stays on your own device, which reduces exposure. No method of storage or transmission is perfectly secure, so we cannot guarantee absolute security, but we work to protect your information and to limit what we hold.

Cyton is operated from Vietnam and our providers operate globally, including in the United States and the European Union. Where your data is transferred across borders, it is handled under the receiving provider's safeguards and privacy commitments. By using Cyton you understand that your limited account, billing, and diagnostic data may be processed in these locations.

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. You can:

• Access or correct your account details, or request a copy, by emailing us.
• Delete your account by emailing us; we will remove your account record.
• Delete local data at any time yourself by removing the ~/.cyton folder and uninstalling the App.
• Manage your subscription through the Lemon Squeezy billing portal.
• Control AI processing simply by choosing whether to use AI features or connect an AI assistant.

To exercise any of these rights, contact us at v1017seth@gmail.com. We will respond within a reasonable time and as required by applicable law.

Cyton is not directed to children. The Site and App are intended for users aged 16 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy as Cyton evolves. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of Cyton after a change means you accept the updated policy.

Questions about privacy or this policy? Reach us at v1017seth@gmail.com.