Privacy Architecture

A technical explanation of how Perpetual protects your data — by design, not by promise.

Core Principle

Perpetual is built on zero-knowledge architecture. We cannot leak, sell, or lose your data because we never have it. Your conversations exist only in your browser's memory. The moment you close the tab, they are gone — permanently and irreversibly.

How Data Flows

Step-by-Step Request Lifecycle

  1. 1
    You type a message

    Your message is stored in React state in your browser. It is never written to localStorage, sessionStorage, cookies, or any persistent browser storage.

  2. 2
    Message sent to our API

    Your browser sends the message to our API endpoint via HTTPS. The connection is encrypted in transit using TLS 1.3.

  3. 3
    API forwards to Anthropic

    Our API receives the message, attaches the system prompt, and forwards it to Anthropic's Claude API. Our server does not write the message to any database, log file, or analytics system.

  4. 4
    Claude processes and responds

    Anthropic processes the message and streams a response. Anthropic's API data policy states that API inputs and outputs are not used for model training.

  5. 5
    Response streamed to your browser

    The response is streamed directly back to your browser and added to React state. The HTTP request completes and our server discards all context.

  6. 6
    You close the tab

    React state is destroyed. The conversation ceases to exist anywhere in the world. There is no undo.

What IS Stored

To operate as a business, we do store some information:

  • Account information — Your email address and authentication credentials for your Perpetual account.
  • Subscription and billing data — Payment information processed by Stripe. We do not store credit card numbers.
  • Usage metadata — Session count and timestamps (not content). This helps us provide review reminders.

What is NOT Stored

  • Conversation messages, inputs, or outputs — never
  • Asset inventory data, dependency maps, or recovery playbooks
  • Any description of your Bitcoin holdings, wallets, or security setup
  • Chat analytics, message content analysis, or AI interaction logs
  • Private keys, seed phrases, passwords, or any authentication secrets (the AI actively rejects these)

The Three Safety Nets

Perpetual is designed with defense in depth. No single failure can compromise your security.

1

The AI Refuses Secrets

The system prompt explicitly instructs the AI to reject private keys, seed phrases, passwords, PINs, and recovery codes. If a user attempts to share a secret, the AI immediately stops them, warns them, and redirects to metadata-only descriptions. Even if this safeguard fails, the next two layers protect you.

2

We Store Nothing

Even if a secret accidentally appears in a conversation, it is never written to any persistent storage. Our API is a stateless pass-through. Messages exist only in memory for the duration of the HTTP request, then are garbage collected. No database, no logs, no analytics on conversation content.

3

Metadata Only by Design

The entire workflow is designed around metadata: what exists, where it is, how it connects. You describe your setup using labels, categories, and locations — never actual secrets. Even a complete transcript of your session would not contain information sufficient to access your Bitcoin.

Third-Party Data Handling

Anthropic (Claude AI)

  • We use Anthropic's Claude API to power the AI assistant.
  • Anthropic's API data policy explicitly states that API inputs and outputs are not used for model training.
  • We are actively pursuing zero-retention API access for additional privacy guarantees.
  • All data transmitted to Anthropic is encrypted in transit via TLS.

Vercel (Hosting)

  • The application is hosted on Vercel's edge network.
  • Standard web server logs (IP addresses, request timestamps) may be collected by Vercel as part of infrastructure operation. These do not contain message content.

Stripe (Payments)

  • Payment processing is handled entirely by Stripe. We do not store credit card numbers.
  • Stripe is PCI DSS Level 1 certified.

Our Commitment

We believe privacy is not a feature to be toggled — it's an architectural decision that must be made from day one.

Perpetual was founded in Switzerland, where data protection is not just regulation — it's culture. We chose to build a system where we cannot access your sensitive data, rather than one where we promise not to. We believe this is the only honest approach for a product that handles Bitcoin inheritance planning.

← Back to home