Privacy Policy

Zombie Codes — Persistent Memory for AI
Last updated: April 8, 2026

What Zombie Codes Is

Zombie Codes is an MCP (Model Context Protocol) server that provides persistent memory for AI assistants. When you connect Zombie Codes to an AI client like Claude, it stores context you choose to save — decisions, facts, preferences, observations — so your AI can recall them in future sessions.

What Data We Collect

We collect only what's necessary to provide the service:

• Account information: Your name and email address, provided by your identity provider (Google, GitHub, or Microsoft) when you sign in via OAuth. We do not see or store your password.
• Memories you store: The text content you explicitly ask your AI to remember. This is the core of the product — you control what gets stored.
• Session metadata: Timestamps, session IDs, and memory retrieval counts used to power features like consolidation and relevance ranking.
• Server logs: Standard request logs (IP addresses, timestamps, request paths) retained for up to 30 days for debugging and security monitoring.

What We Do NOT Collect

• We do not read, intercept, or store your full conversations with your AI assistant. We only see the specific tool calls (remember, recall, etc.) that your AI sends to our server.
• We do not use your data to train AI models. We run no LLM inference — your AI does all the reasoning.
• We do not sell, share, or rent your personal information to third parties.
• We do not use tracking cookies or analytics on this service.

How Your Data Is Stored

Your memories are stored in a PostgreSQL database hosted on Railway (SOC 2 Type II certified infrastructure). Data is encrypted in transit via TLS. Each user's memories are isolated in their own "brain" — your data is never mixed with other users' data.

We use OpenAI's text-embedding-3-small model to generate vector embeddings of your memories for semantic search. The text of your memories is sent to OpenAI's embedding API for this purpose only. OpenAI's API data usage policy states that API inputs are not used for training.

How Your Data Is Used

Your data is used exclusively to provide the Zombie Codes service:

• Storing and retrieving memories you create
• Generating embeddings for semantic search
• Running periodic consolidation (duplicate detection, activation decay) to improve memory quality
• Debugging issues and preventing abuse

Third-Party Sub-processors

We use the following third-party services to provide Zombie Codes. Your data may be processed by these sub-processors in accordance with their respective privacy policies and data processing agreements:

• Auth0 (by Okta) — handles authentication. Processes: email, name, OAuth tokens. Privacy policy: auth0.com/privacy
• Railway — hosts our server and database (SOC 2 Type II certified). Processes: all stored data. Privacy policy: railway.com/legal/privacy
• OpenAI — generates text embeddings for semantic search via their API. Processes: memory text content (for embedding generation only; not used for AI model training per OpenAI's API data usage policy). Privacy policy: openai.com/policies/api-data-usage-policies

Data Retention and Deletion

Your memories are retained as long as your account is active. You can delete individual memories at any time using the "forget" tool. To delete your entire account and all associated data, contact us at the email below. We will process deletion requests within 30 days.

Server logs containing IP addresses and request metadata are retained for up to 30 days, then automatically deleted.

GDPR Compliance (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, the following applies:

Legal basis for processing: We process your data under Article 6(1)(b) of the GDPR — processing is necessary for the performance of the contract (providing the Zombie Codes service you signed up for). For server logs used in security monitoring, our legal basis is Article 6(1)(f) — legitimate interest in preventing abuse and maintaining service security.

Data controller: Zombie Codes is the data controller for your personal data.

Your rights under GDPR:

• Right of access (Art. 15): You may request a copy of all personal data we hold about you, including all stored memories.
• Right to rectification (Art. 16): You may request correction of inaccurate data.
• Right to erasure (Art. 17): You may request deletion of your account and all associated data. You can also delete individual memories at any time using the "forget" tool.
• Right to data portability (Art. 20): You may request an export of your data in a structured, machine-readable format (JSON). We provide this via our REST API or upon email request.
• Right to restrict processing (Art. 18): You may request that we restrict processing of your data in certain circumstances.
• Right to object (Art. 21): You may object to processing based on legitimate interest.

To exercise any of these rights, email privacy@zombie.codes. We will respond within 30 days.

International data transfers: Your data is processed and stored in the United States via our sub-processors (Railway, Auth0, OpenAI). These transfers are governed by the sub-processors' standard contractual clauses and data processing agreements.

Your Rights (All Users)

Regardless of your location, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format (JSON via REST API or email request)

To exercise any of these rights, email privacy@zombie.codes.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the service. The "last updated" date at the top reflects the most recent revision.

Contact

For privacy questions or data requests:
privacy@zombie.codes