This policy explains what data Iconia processes, why, and the controls you have. Iconia is infrastructure that sits between your application and an AI model provider. We are designed to hold as little as possible and to keep every customer's data isolated.
Your email, a hashed password, plan, and API key metadata (a hashed key and a display prefix — never the full key).
The policies, knowledge, and rules your agents write through the gateway. This is stored in a per-tenant, isolated store and used only to serve your requests.
Timestamps, latency, tokens saved, items injected, and cache state — used for your dashboard, billing, and abuse prevention. We do not retain full request/response bodies beyond what is required to serve the request.
If you bring your own provider key, your relationship with the model provider stays yours. Iconia validates your tenant, injects memory, screens the request, and forwards using your credentials. Your key is used to forward and is not exposed to other tenants.
Memory persists until you delete it. Deleting your account permanently removes your account, keys, plan, usage records, and your entire memory store. Backups are retained on a rolling window (default 72 hours) and age out automatically.
Data is tenant-isolated, integrity-checked, and backed up hourly to isolated storage with a tested restore path. See the Security page for detail.
Questions about privacy or a data request: contact us.