← Back to Eterna

Privacy Policy

Last updated: April 22, 2026

1. Introduction

Eterna ("we," "our," or "us") operates the website at eterna.uno and the Eterna personality-profile service. This policy explains what data we collect, why, how long we keep it, and the rights you have over it.

It is written to comply with the EU General Data Protection Regulation (GDPR) and applies to all users regardless of location.

2. Data Controller

Eterna is the data controller for the personal data described in this policy.

Email: privacy@eterna.uno
Website: eterna.uno

3. Data We Collect

3.1 Account data (from Google sign-in)

When you sign in with Google we receive your name, email address, and profile picture URL from Google. We use these to identify your account and show them back to you in the app.

3.2 Content you upload

To build your profile, you can upload:

  • AI conversation exports (e.g. ChatGPT or Claude JSON)
  • Screenshots and images (PNG, JPG, WebP)
  • Pasted text (activity logs, watch history, notes, etc.)
  • Other files you choose to attach

These files may contain personal or sensitive information. We store them under your account in object storage, process them to produce a personality profile, and delete them when you delete the source or reset your data.

3.3 Derived profile data

From your uploads, our backend produces structured artifacts: a summary, wiki-style pages, and intermediate "batches" and agent-run metadata. These are stored in our database and associated with your account.

3.4 Waitlist data

If you are not yet admitted to the beta, we store your email address on a waitlist so we can invite you when a slot opens.

3.5 Technical and usage data

We receive standard server-log data (IP address, user agent, timestamps) and, if you consent, anonymous analytics about how you use the site. See section 10.

4. Automated Processing and Profiling

Eterna's core function is automated: a language-model agent reads your uploaded content and produces a personality profile (summary, interests, context). This constitutes automated processing under GDPR Article 22.

The output is descriptive — it is not used to make legal or similarly significant decisions about you. You can delete any source, correct or forget specific facts (Settings → Forget / Correct), or reset everything (Settings → Reset All Data) at any time.

To perform this processing, your uploaded content and derived text are sent to third-party large-language-model providers (see section 6). We do not use your data to train foundation models.

5. Legal Bases for Processing

  • Contract — to operate your account and produce the profile you asked us to build (Art. 6(1)(b)).
  • Consent — for optional analytics cookies and, where applicable, marketing communications (Art. 6(1)(a)).
  • Legitimate interest — to secure the service, prevent abuse, and improve it (Art. 6(1)(f)).
  • Legal obligation — where we are required to retain or disclose data (Art. 6(1)(c)).

6. Sub-processors and Data Sharing

We do not sell your personal data. We share it only with the following categories of service provider, under data-processing agreements:

  • LLM providers — we send uploaded content and derived text to third-party model providers (e.g. OpenAI, Anthropic) to produce your profile. Providers may change over time; we select providers that offer zero-retention or equivalent data-handling terms where available.
  • Authentication — Google handles sign-in (OAuth); we receive the fields listed in section 3.1.
  • Hosting, database, and storage — infrastructure providers that host the application, database, and uploaded files.
  • Analytics — Google Analytics, loaded only if you accept analytics cookies.
  • Legal — where required by law, court order, or to protect our rights.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy continuing to apply.

Some of these providers are based outside the European Economic Area. Transfers rely on Standard Contractual Clauses or equivalent safeguards under GDPR Chapter V.

7. MCP API Keys (Outbound Sharing You Control)

In Settings you can create API keys that let external AI tools (for example, Claude Desktop or other MCP clients) read your profile from Eterna. A tool that holds a valid key can retrieve your profile data until you revoke the key.

You control this sharing: you create the key, you pick which tools receive it, and you can delete the key at any time in Settings → MCP API Keys.

8. Data Retention

  • Uploads and profile — kept until you delete the source, reset your data, or close your account.
  • Account data — kept while your account is active; deleted on request.
  • Waitlist — kept until you are admitted or you ask us to remove you.
  • Server logs — up to 30 days for security and debugging.
  • Analytics — up to 26 months.
  • Support emails — up to 3 years.

9. Your Rights Under GDPR

You can exercise most rights directly in the app, and the rest by emailing privacy@eterna.uno. We respond within 30 days.

Access & portability

Request a copy of your data in a machine-readable format.

Rectification

Use Settings → Correct, or email us.

Erasure

Delete a single source on the Dashboard, wipe everything via Settings → Reset All Data, or ask us to delete your account.

Forget specific facts

Settings → Forget lets you request removal of particular information from your profile.

Restrict or object

Ask us to pause processing, or object to processing based on legitimate interest.

Withdraw consent

Change analytics or marketing choices in the cookie banner at any time.

10. Cookies and Tracking

We use the minimum cookies needed to run the site, plus optional analytics:

  • Essential — session cookies for authentication and CSRF protection. Always on.
  • Analytics — Google Analytics. Only loaded after you accept analytics cookies.
  • Preferences — remember your cookie choices and UI settings.

You can change your choices any time from the cookie banner at the bottom of the page.

11. Security

We apply standard safeguards including:

  • TLS in transit and encryption at rest for uploads
  • Access tokens and API keys are stored as hashes, not in clear
  • Role-based access to production data
  • Regular updates of dependencies and base images

No system is perfectly secure. If we discover a breach that affects your personal data, we will notify you and the relevant supervisory authority as required by Art. 33–34 GDPR.

12. Children

Eterna is not intended for anyone under 16. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

13. Changes to This Policy

We may update this policy as the product evolves. Material changes will be announced in-app or by email to active users. The "Last updated" date at the top of this page always reflects the current version.

14. Complaints and Contact

If you have a concern, please contact us first at privacy@eterna.uno — we'd like the chance to fix it.

You also have the right to lodge a complaint with your local EU data-protection authority.

Email: privacy@eterna.uno
Subject: "Privacy request" or "Data subject request"