Legal

Privacy Policy

Last updated: May 11, 2026

Primary is private by architecture, not just by policy. This document describes the policy side; the technical architecture is described on our Security page.

1. The short version

  • We can’t read your conversations, files, or memory — they’re encrypted such that our orchestrator decrypts them transiently only inside the inference process.
  • We never train on your data. Not for our models, not for anyone else’s.
  • We never sell your data, share it with advertisers, or rent it.
  • Compute runs on dedicated GPU infrastructure we operate. Your prompts never transit OpenAI, Anthropic, or other model providers.
  • You can export or delete your data anytime. Hard delete is final at 90 days post-cancellation.

2. What we collect

Two categories:

Account metadata. Name, email, billing status, plan, the IP and user-agent of your signups, and audit metadata about API calls. We need this to run the service.

Customer content. Anything you send to Primary — messages, files, emails, calendar events, agent memory. This is encrypted per-tenant; we cannot read it.

3. How we use what we collect

Account metadata is used to authenticate you, bill you, send you operational email (billing, security alerts, trial expiry), and surface support context to our team when you contact us.

Customer content is used to deliver the agent service — read your inbox if you connect it, draft replies, run routines, etc. It is never used to train models, improve our product without your explicit consent, or share with anyone outside Primary.

4. Cookies and tracking

We use a small number of analytics tools to understand how the marketing site performs:

  • Vercel Analytics — cookieless, aggregate page-view stats.
  • Microsoft Clarity — anonymized session replay and heatmaps for primary.net. Clarity does not link to your identity.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking. We do not sell tracking data.

5. Third parties we share with

To run the service, we share specific data with operational vendors:

  • Stripe — payment information (we never store full card numbers).
  • Vercel — hosts the marketing site you’re reading.
  • Neon / Amazon S3 — encrypted storage of account metadata and customer files.
  • Postmark or equivalent SMTP — transactional email delivery (billing, security alerts).

We do not share customer content with model providers, advertisers, data brokers, or analytics vendors.

6. Your rights (GDPR, CCPA, similar)

You can at any time:

  • Request a copy of your account metadata and customer content.
  • Request correction of inaccurate metadata.
  • Request deletion of your account and all associated data.
  • Object to specific processing or restrict it.
  • File a complaint with your local data protection authority.

Email support@primary.net to exercise any of these rights. We respond within 30 days.

7. Retention

Account metadata: retained while your account is active, then 90 days after cancellation. Customer content: same. Backups are wiped on the same schedule.

8. Children

Primary is not intended for users under 18. We don’t knowingly collect data from minors. If we learn we have, we delete it.

9. International transfers

Primary operates from the United States. If you sign up from outside the US, your data is transferred to and processed in the US under standard contractual clauses where applicable.

10. Changes to this policy

If we materially change this policy, we’ll notify you by email and post a notice on this page at least 30 days before the change takes effect. Your continued use after that constitutes acceptance.

11. Contact

Privacy questions and security disclosures: support@primary.net. Sales and general inquiries: sales@primary.net. Mailing: Primary Network, on request via email.