Friend in the Cloud
Gintoz0
FITC NEWS
Beatrice Research Hub is live    •    Augustus SPIN upgrade complete    •    Group Strategy Chat now available    •    New Knowledge Packs available    •    Super Beatrice upgraded with PDF support    •    Hub is live    •    Beatrice Research Hub is live    •    Augustus SPIN upgrade complete    •    Group Strategy Chat now available    •    New Knowledge Packs available    •    Super Beatrice upgraded with PDF support    •    Hub is live    •    Beatrice Research Hub is live    •    Augustus SPIN upgrade complete    •    Group Strategy Chat now available    •    New Knowledge Packs available    •    Super Beatrice upgraded with PDF support    •    Hub is live
What's New

Legal Documents

Friend in the Cloud - hosted natively on app.friendinthecloud.com

📚
Terms
🔒
Privacy Policy
📜
Transparency
⚠️
Disclaimer
🔍
RAG Policy
🤖
AI Policy

Privacy & Transparency

Last updated: 28 May 2026

What we encrypt

Your conversations and what your companion remembers about you are encrypted at rest with per-user keys held in our key management service. Access for service operation is multi-party authorized and audit-logged.

Specifically, the following are encrypted with a key unique to your account:

  • The full content of every message in every conversation you have with any companion
  • The title of every saved conversation
  • The notes your companion banks about you in long-term memory (relational memory)

You'll see a brown banner at the top of your Library reminding you of this — clicking it brings you here.

About AES-256-GCM

AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) is the encryption cipher we use to protect your conversations and what your companion remembers about you. It's the cipher U.S. government agencies, banks, and major cloud providers rely on for sensitive data — the same cipher that powers HTTPS connections across most of the internet.

The cipher itself provides two mathematical guarantees with a single key unique to your account:

  • Confidentiality — the encrypted bytes look like random noise to anyone without the key.
  • Authenticity — any tampering with the encrypted bytes is detected on decryption and the data is rejected. You can't be served modified content masquerading as your own.

The "256" refers to the key length in bits — a number so large that no computer, today or in any foreseeable future, could try every possible key by brute force. AES-256-GCM is "symmetric," meaning the same key encrypts and decrypts; this is appropriate because access to your data should be controlled, not distributed.

Important distinction. AES-256-GCM is the cipher protecting your data at rest. It is mathematically strong — the limits on confidentiality are not in the cipher, they are in who holds the keys. As described in the "Legal requests" and "What's coming" sections below, the key to your data is currently held by us in our key management service so that we can operate the service for you. The roadmap moves toward an architecture where only you hold the key.

What we don't encrypt

Some data is intentionally not encrypted because it needs to be usable for the platform to function. We are transparent about what these are:

  • Your email address and password hash — needed for sign-in and account recovery
  • Your subscription tier and billing state — needed to gate features
  • Public profile fields you choose to share (display name, tagline, location) — by your design, these are publicly visible
  • Audit logs of platform operation — needed for security and debugging
  • Metadata about your conversations (when started, which companion, which folder) — needed for the Library to work

Legal requests

FITC complies with valid legal orders. Under our current encryption architecture, FITC can technically decrypt user content if compelled by a valid order. We do not voluntarily share user content with third parties, and we do not sell user data.

We're building toward an end-state where only you hold the key to your data — in which case FITC will not be able to decrypt user content under any compulsion. That work is in progress.

What's coming

Our roadmap moves toward end-to-end encryption where only you hold the key. Under that architecture:

  • Your encryption key never leaves your browser
  • FITC literally cannot read your conversations or memory notes
  • You will hold a recovery phrase — losing it means we cannot recover your data either
  • An optional FITC backup of your key will be available if you choose, with the trade-off documented clearly

We do not put a specific calendar date on this work because doing it right matters more than doing it fast. We will update this page when it ships.

Annual transparency report

Starting in 2027, FITC will publish an annual transparency report covering:

  • The number and types of legal orders we received
  • How we responded to each
  • Any material changes to our encryption posture
  • Any incidents involving user data

The first annual report will be published around 27 May 2027, covering the period from the launch of our encryption infrastructure (May 2026) forward. Until then, we have not received any legal orders to report on, and our encryption posture is exactly as described above.

Questions

If you have questions about how your data is handled, or concerns about a specific situation, contact us at support@friendinthecloud.com.

Questions? Email support@friendinthecloud.com

Buy FITC a Coffee
Friend in the Cloud is built with love and a lot of late nights. Free accounts cost us real money to run — if you can, please pay it forward. And if FITC has helped you in any way, a coffee goes a long way towards keeping the lights on and the features coming.