What we collect

  • From the request-access form: the email address, team or company name, and free-text reason you submit.
  • From the API: the IP address of every request to serie.wonderland.xyz, the bearer-token API key associated with your account, and standard HTTP request metadata (timestamps, paths, status codes).
  • Brain content: every node, edge, and embedding you create in your project's knowledge graph via the Serie CLI or Claude Code MCP integration. This is the actual product data.
  • Operator audit log: every administrative action (approval, rejection, suspension, key revocation, deletion) is logged with the operator's user_id, the target, and a timestamp. This is preserved indefinitely as a paper trail.

Where we store it

All data is stored in Amazon Web Services in the us-east-1 region. Brain content (nodes, edges, embeddings) lives on encrypted EFS storage attached to a single ECS Fargate task. Account data (orgs, users, API keys, audit log) lives in DynamoDB with point-in-time recovery enabled. Backups of the brain are written nightly to an encrypted S3 bucket.

We do not share your data with any third party. We do not sell it. We do not use it to train models. We do not feed it to other customers' brains.

How long we keep it

  • Active accounts: we keep your data as long as your account exists. There's no automatic expiration.
  • Inactive accounts: if your account has had no API activity for 90+ days, we may email you a deletion notice and delete the data 30 days later if you don't respond.
  • Backups: nightly RDB snapshots are retained for 90 days, then deleted automatically.
  • Audit log: kept indefinitely. The audit row survives the deletion of the org it describes (we keep a paper trail of who approved/deleted what).

How to delete your data

You can request deletion at any time by emailing hello@serie.wonderland.xyz. We will:

  1. Verify that you are the org admin (we'll reply to the email on file).
  2. Delete the org row, all user rows in that org, all API keys, all projects, all seats, and all FalkorDB graphs for the org. The internal tooling for this is serie admin delete-org.
  3. Confirm back to you with a deletion summary.
  4. Process within 30 days at the latest (typically within 24 hours).

The audit log entry for the deletion is preserved indefinitely. It contains the org_id, the deletion timestamp, and a summary of what was deleted, but it does not contain any of your brain content or API keys.

Your rights

  • Access: request a copy of all data we hold about your org via hello@serie.wonderland.xyz.
  • Correction: request a correction if any personal data is wrong (typically just the email on file).
  • Deletion: see the section above. Right of erasure under GDPR Article 17 / CCPA equivalent.
  • Export: export your brain content via the Serie CLI's kb_export tool at any time.
  • Complaint: if you're in the EU, you have the right to lodge a complaint with your local data protection authority.

Important limitations

This is a free closed beta with no SLA. By using Serie during the beta, you understand and agree that:

  • We provide no guarantee of uptime, durability, or confidentiality beyond what's described above.
  • We may delete your data at any time with reasonable notice (typically 30 days for inactive accounts; immediate for ToS violations or abuse).
  • We may discontinue the service at any time with reasonable notice.
  • We may modify this privacy policy. Material changes will be announced via email to org admins.
  • Do not store irreplaceable secrets in Serie. The brain is for code knowledge — architectural decisions, patterns, design rationale. It is not a password manager. It is not a vault for production credentials. Treat anything you put in it as data you can recreate from your repo if you have to.

Security

  • All API access requires a bearer token; tokens are SHA-256 hashed at rest and never logged.
  • Tenant isolation is enforced by a Lambda authorizer at the API Gateway boundary. Cross-org access is structurally impossible.
  • All inter-service traffic uses TLS. All data at rest is encrypted with AWS KMS-managed keys.
  • Bootstrap admin credentials are stored in AWS Secrets Manager and retrieved exactly once.
  • If you discover a security vulnerability, please email security@wonderland.xyz and we'll respond within 48 hours.

Contact

For all data privacy questions, deletion requests, complaints, or general inquiries: hello@serie.wonderland.xyz