← Back to Home

Privacy Policy

Last updated: 27 March 2026

1. Who We Are

SARAI Defence Ltd ("SARAI", "we", "us", "our") is a company registered in England and Wales (Companies House #17121999), incorporated 27 March 2026. Registered address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK.

We build Rewind — a self-hosted AI memory SDK for developers. Our mission is to give developers sovereign control over AI memory. 50% of our revenue goes to supporting Ukraine.

Contact: vova@saraidefence.com

2. The Short Version

Your memory data never leaves your machine.Rewind is self-hosted by design. We do not store, log, or have access to your AI memory. The only data we hold is what's strictly necessary to run your account and process payments.

3. What We Collect

We collect only the minimum necessary:

  • Email address — to create and manage your account.
  • API usage metrics — request counts and rate-limit data per API key. We track how much you use the API, not what you send.
  • Payment information — handled entirely by Stripe. We never see or store your card details.

4. What We Do NOT Collect

  • Your AI memory data — it lives on your machine, full stop.
  • The text you send to our embedding API (see §5 below).
  • Behavioural tracking, analytics, or ad pixels.
  • Anything we could sell to third parties — we don't, ever.

5. Cloud Embedding API (Pro Tier)

The FREE tier is fully local — zero data leaves your machine.

The Pro tier ($9/mo) uses our cloud API to compute embeddings via NVIDIA NV-Embed-v2. Here is exactly what happens:

  1. 1.Your text is sent to our API over TLS.
  2. 2.We compute a vector embedding and return it to you.
  3. 3.The text is discarded immediately — not stored, not logged, not cached.
  4. 4.The returned vectors are not retained by us.
  5. 5.Embeddings are not used for model training, fine-tuning, or any purpose other than returning them to you.

Pro includes 25,000 embedding queries per month. Overage is billed at $0.01 per 1,000 embeddings. Rate limit: 100 requests per minute per API key.

The Enterprise / MOS tier is deployed on your own infrastructure, with an air-gapped option available. No data touches our systems.

6. Cookies

We use only essential session cookies required to keep you logged in. No tracking cookies, no analytics cookies, no third-party cookies. You cannot opt out of session cookies — they are required for the service to function.

7. Third Parties

We share data with exactly two third parties:

  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • Cloud GPU provider — our embedding API runs on GPU infrastructure. Text transits for computation only and is discarded immediately.

We do not sell, rent, or trade your data to anyone, ever.

8. Legal Basis for Processing

Under UK GDPR, we process your data on these bases:

  • Contract — account data and API access are necessary to provide the Service you subscribed to (Article 6(1)(b)).
  • Legitimate interest — API usage metrics for rate limiting, abuse prevention, and service stability (Article 6(1)(f)).
  • Legal obligation — payment records retained as required by UK tax law (Article 6(1)(c)).

9. GDPR & Your Rights

We are a UK company and comply with UK GDPR. You have the right to:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated data.
  • Object to processing or request restriction.
  • Data portability.

To exercise any of these rights, email vova@saraidefence.com. We will respond within 30 days. For deletion requests, we will delete your account and all associated data within 30 days of your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you by email within 72 hours of becoming aware of the breach. We will also notify the ICO as required under UK GDPR.

11. International Data Transfers

If you use the Pro tier, text sent to our embedding API may be processed on GPU infrastructure located in the United States. The UK has granted an adequacy decision recognising the US data bridge framework. We ensure all transfers are covered by appropriate safeguards under UK GDPR, including standard contractual clauses where required.

Free tier users: no data leaves your machine. No international transfers occur.

12. Data Retention

We retain account data (email, usage metrics) for as long as your account is active. Payment records are retained as required by UK tax law (7 years). Upon account deletion, all personal data is purged within 30 days.

13. Security

All data in transit is encrypted via TLS. Account passwords are hashed. API keys are stored as hashed values. We apply the principle of least privilege across our systems. If you discover a security vulnerability, please email vova@saraidefence.com.

14. Changes to This Policy

If we make material changes, we will notify you by email and update the "last updated" date above. Continued use of the service after changes constitutes acceptance.

15. Contact

SARAI Defence Ltd
71–75 Shelton Street, Covent Garden
London, WC2H 9JQ, UK
vova@saraidefence.com