UNIPH.AI
HomeAll docsOpen App

PII Policy

PII Policy

Last updated: January 2026

This document describes what personally identifiable information (PII) Uniph.ai stores, where it lives, and optional masking guidance for logs and trace.

1. PII We Store

| Category | Fields | Location | Purpose | |----------|--------|----------|---------| | User identity | email, name, avatarUrl, provider, providerAccountId | users table | Authentication, profile, session resolution | | User preferences | preferences (JSON: timezone, defaultModel, theme) | users table | App personalization | | Goals & tasks | name, description, title | goals, tasks tables | User-created content | | Memory | content, key, tags | memory_entries table | Long-term context; may include user preferences, facts, conversation snippets | | Intents & outcomes | rawInput, outcome titles, descriptions | intents, outcomes tables | User goals and generated results | | Suggestions | Suggestion titles, interactions | user_suggestions table | Recommendation history | | Integrations | config (may include OAuth tokens, API keys) | integrations table | Encrypted or hashed where applicable | | Agent identities | emailAlias, scopes, tokens | agent_identities table | Encrypted; used for provider OAuth | | Audit / ledger | Action types, decisions, metadata | decision_ledger, agent_identity_audits | Operational audit; may reference user IDs | | Connection attempts | Success/failure, service type, latency | connection_attempts | Friction metrics |

2. Retention

  • Memory: Configurable per kind via MEMORY_RETENTION_HOURS_JSON (e.g. conversation 720h, note 2880h). Enforced by retention job.
  • Audit / ledger: No automatic retention by default; consider adding configurable TTL for compliance.
  • User data: Kept until account delete (see Export & Delete below).

3. Optional Masking in Logs and Trace

To reduce PII exposure in logs and trace:

  • Logs: Avoid logging email, name, or content in plain text. Use userId or hashed identifiers when debugging.
  • Trace: GET /api/execution/trace returns jobs, verifications, and decision ledger. Metadata may contain user IDs; consider redacting email and content in trace responses if you expose them to third parties.
  • Error responses: API errors return { "error": "..." }; avoid including user PII in error messages.

4. Export and Delete

  • Export: GET /api/users/me/export (auth required) returns goals, tasks, and memory in JSON. See API.md.
  • Delete: POST /api/users/me/delete (auth required, body { "confirm": "DELETE_ACCOUNT" }) deletes user and cascades all data. See API.md. Optional: set USER_DELETE_CONFIRM_TOKEN env to customize the token.