Your thoughts
stay yours.

Your messages are securely stored on our servers so our AI can process them into organized, insightful notes — then delivered to YOUR Obsidian vault on YOUR device.

Only AI reads your messages. No human staff member ever accesses your content. This storage enables continuous pattern recognition, relationship tracking, and the deep context that makes your vault genuinely useful.

You own your vault and can delete all data from our servers at any time.

All data is encrypted in transit using TLS 1.3. When processing, data is encrypted at rest using AES-256.

API keys and credentials are stored using industry-standard secret management with hardware security modules (HSMs).

Your messages are encrypted from the moment they leave WhatsApp to the moment they arrive in your vault.

Pro tier includes full HIPAA compliance for clinical and enterprise use. We sign Business Associate Agreements (BAA) and maintain SOC 2 Type II certification.

For therapists and healthcare providers: your client data is handled with the same rigor as electronic health records.

Contact us at hipaa@mysecondbrain.app for enterprise compliance needs.

One click in your settings erases all data from our systems—permanently and irrevocably. No 30-day hold, no archives, no backups retained.

Your Obsidian vault remains untouched because it's on YOUR device. We just forget you ever existed.

You control the off-switch. Always.

We comply with GDPR, CCPA, and other major privacy regulations. You have full rights to:

• Access all data we hold about you
• Export your data in portable format
• Request complete deletion
• Restrict processing
• Object to automated decisions

Data requests processed within 48 hours, typically same-day.