Appearance

SELF Terms of Service

Last Updated: June 3, 2026
Version: 9.4.2

What SELF Is

SELF is your private and productive set of digital tools. Your content is encrypted client-side before it reaches our servers—you hold the keys, not us.

Beta Version

SELF is currently in beta. This means:

  • Features may change - We're actively developing and improving SELF
  • Performance may vary - Some features may not work perfectly yet
  • Feedback welcome - We value your input to help improve SELF
  • Use at your own risk - Beta software may have bugs or limitations

Progressive Web App (PWA)

SELF is available as a Progressive Web App. This means:

  • Installable - You can install SELF on your device like a native app
  • Offline capabilities - SELF can work offline for basic functions (planned feature)
  • Service workers - Background processes for caching and notifications (planned feature)
  • Cross-platform - Works on desktop, mobile, and tablet devices
  • Browser install - You can install from your browser without app store restrictions

We Cannot See Your Data (Zero-Knowledge Encryption)

This is the most important thing to understand about SELF:

  • ❌ We CANNOT read your stored AI conversation history (client-side encrypted in your Memory Bank)
  • ❌ We CANNOT see your memory bank entries
  • ❌ We CANNOT see your messages or any encrypted content
  • ❌ We CANNOT recover your data if you lose access to your passkey

All your data is encrypted in YOUR browser before it leaves your device. We store encrypted blobs that are mathematically impossible for us to decrypt. This is called zero-knowledge encryption.

Your Data Stays Yours

  • We don't sell or mine your data - No advertisers, no profiling, no tracking
  • Client-side encryption - All data encrypted in your browser using WebCrypto API (AES-256-GCM)
  • Recovery phrase-based encryption - Encryption keys derived from your 12-word recovery phrase using BIP39 (mnemonic to seed)
  • You can leave anytime - Export or delete everything anytime

You Can Always

  • Access your data - Export and decrypt your data anytime with your recovery phrase
  • Delete your account - We'll remove your username, node ID and subscription details immediately
  • Export everything - Download all your data before leaving
  • Update information - Update your username or payment details anytime

We Can't And Won't

  • Try and access your messages or files
  • Track your browsing for advertising, or build cross-site profiles from your activity
  • Link search to you - Connect-tier web search sends anonymous queries to a third-party provider only when you enable it; queries are not tied to your account
  • Lock you into our service

What You Can't Do

To keep SELF safe for everyone, please don't:

  • Share illegal content or use SELF for anything unlawful
  • Try to hack or interfere with our service or other users
  • Spam or harass other users through messaging features
  • Resell access to your SELF account

Your Content

Because your content is encrypted with keys only you hold:

  • You own everything you create, upload, or store in SELF
  • You're responsible for ensuring you have rights to any content you add
  • We never see it - your content stays in your Memory Bank
  • Keep it legal - don't store anything that violates laws

Intellectual Property

  • SELF software - We own the SELF application, interface, and core technology
  • Your content - You retain full ownership of everything you create using SELF
  • AI outputs - You own the results generated by customized SELF AI models within your Memory Bank
  • Open source - SELF uses open-source components under their respective licenses
  • No claims - We make no claims to your intellectual property or creative works

Security & Encryption

How We Protect Your Data

  • Client-side end-to-end encryption - All data encrypted in your browser using WebCrypto API (AES-256-GCM) before transmission
  • Zero-knowledge architecture - Server stores encrypted blobs and cannot decrypt your data
  • Recovery phrase-based encryption keys - Encryption keys derived from your 12-word recovery phrase using BIP39 (mnemonic to seed)
  • TLS encryption in transit - All data (even encrypted blobs) protected by HTTPS during transmission
  • Stripe payment security - All payment processing uses Stripe's PCI-compliant encryption and security protocols
  • Both tiers - Zero and Connect tiers use identical client-side E2E encryption for maximum privacy
  • No server access - Server cannot read your conversations, memories, or any encrypted content

App Permissions

SELF requests only the permissions necessary for core functionality:

  • File system access - To save and sync your documents and data locally
  • Network access - To connect to your Memory Bank and sync data
  • Notification permissions - To alert you about important updates or security issues
  • Optional: Camera/microphone - Only when you choose to upload media or use voice features
  • Core functionality works - SELF operates fully even if you deny optional permissions

Passkey Authentication & Recovery Phrase Encryption

SELF uses WebAuthn passkeys as the primary authentication method for secure, passwordless access. Email + OTP + Recovery Phrase is available as a secondary/recovery method:

  • Primary method: Passkey - WebAuthn passkey authentication (Face ID/Touch ID/fingerprint) for fast, secure login. Email verification uses a normalized lookup-only hash. An encrypted copy of your email (AES-256-GCM) is stored in our database for operational communications.
  • Secondary/Recovery method: Email + OTP + Recovery Phrase - Available as fallback for scenarios where passkeys are unavailable.
  • Email privacy - Plaintext email is never returned by APIs. We store a lookup-only email hash and an encrypted copy of your email (AES-256-GCM, stored in our database). Admin tools show masked email only.
  • Recovery phrase privacy - Recovery phrase never transmitted to server. Encryption keys derived client-side only using BIP39 (mnemonic to seed).
  • Passwordless security - No passwords required. OTP codes expire after 10 minutes, single-use only.
  • Passkeys - WebAuthn passkeys are the primary authentication method (biometric support via Face ID/Touch ID/fingerprint)
  • Encryption key derivation - Encryption keys derived from 12-word recovery phrase using BIP39 (mnemonic to seed). Recovery phrase is required for encryption key derivation on all devices.
  • Recovery phrase backup - 12-word recovery phrase is the universal backup method. Recovery phrase is shown once during onboarding and cannot be recovered if lost. Securely backup your recovery phrase.
  • Multi-device sync - Same recovery phrase provides same encryption keys on all devices (deterministic BIP39 key derivation).
  • Recovery limits - If you lose your recovery phrase, we cannot decrypt your data. You may still regain account access via passkey or Email + OTP if you control your email, but your encrypted data remains inaccessible without the recovery phrase. Securely backup your recovery phrase.

Vulnerability Reporting

Found a security issue? We want to hear from you:

  • Security vulnerabilities - Report code and security issues to security@self.app (see Bug Bounty program). For all other enquiries use Settings → Contact Us
  • Responsible disclosure - We'll acknowledge reports within 48 hours and work with you on fixes
  • Security updates - Critical security patches are released immediately and pushed to all users
  • No penalties - Good faith security research is welcomed and protected

Third-Party Services

Memory Bank Definition

Your Memory Bank uses client-side end-to-end encryption for all tiers on single-tenant bare metal PostgreSQL in the EU:

  • Both Tiers – All data is encrypted client-side in your browser using WebCrypto API (AES-256-GCM) before transmission to PostgreSQL. Server stores encrypted blobs and cannot decrypt your data. Encryption keys are derived from your 12-word recovery phrase using BIP39 (mnemonic to seed).
  • Data Export – Both tiers can export their complete decrypted data anytime via Privacy page. Your conversations and memories are decrypted in your browser and available for download in JSON format.
  • Recovery Phrase Backup – Your 12-word recovery phrase is the ONLY way to decrypt your encrypted data. There are no recovery codes or recovery kits. These would be security backdoors. Encryption keys are derived from your recovery phrase using BIP39. If you lose your recovery phrase, your data cannot be recovered. SELF cannot help you recover lost recovery phrase access due to zero-knowledge architecture. We encourage you to securely backup your recovery phrase (shown once during onboarding, cannot be recovered if lost).

Service Dependencies

  • Service availability depends on frontend CDN delivery, EU-based infrastructure providers, and Stripe billing
  • Performance may vary based on CDN delivery, single-tenant bare metal backend infrastructure, and dedicated EU GPU hardware conditions
  • Data sovereignty is maintained through zero-knowledge encryption, Memory Bank isolation, and EU-based single-tenant bare metal infrastructure
  • Payment security - Payments use Stripe's certified infrastructure
  • Frontend reliability depends on third-party CDN hosting of static assets (JS, CSS, HTML)
  • Backend reliability depends on EU-based single-tenant bare metal infrastructure
  • AI processing reliability depends on dedicated GPU infrastructure in EU data centers

Frontend Delivery (CDN)

  • SELF uses a third-party CDN for frontend hosting and global delivery of static assets (JS, CSS, HTML)
  • The CDN delivers public application files only — not your encrypted user content
  • We are not responsible for CDN service interruptions or changes
  • CDN providers may change over time; these terms will be updated accordingly

EU Infrastructure

  • SELF backend API, database, encrypted Memory Bank, messaging, mail, and signaling run on single-tenant bare metal servers in the EU
  • Encrypted attachments and mail blobs use dedicated EU object storage (S3-compatible); content remains client-side encrypted
  • AI text and image processing uses dedicated (non-shared) GPU hardware in EU data centers
  • Infrastructure providers operate systems only and cannot decrypt your zero-knowledge encrypted content
  • Providers may change over time; these terms will be updated accordingly
  • When your account is deactivated, associated storage is permanently deleted per our retention policy

Memory Bank Lifecycle

Your Memory Bank follows this lifecycle:

  • Creation - Storage is created when you first use SELF (available for both Zero and Connect tiers)
  • Isolation - Your storage is completely isolated from other users' data
  • Runtime - Storage holds your conversations and AI processes them securely
  • Encryption - All data is encrypted at rest on single-tenant bare metal infrastructure in the EU
  • Automatic deletion - Storage and all data are permanently deleted when you deactivate your account
  • No recovery - Once deleted, storage data cannot be recovered

SELF Chain Validator Infrastructure

  • SELF Chain operates on a fully decentralized, browser-based validator model. Every user runs their own fully validating blockchain node directly in their browser.
  • Validators construct blocks, validate transactions, and participate in consensus entirely client-side. All blockchain operations occur in your browser with full client-side encryption.
  • Validator keys are derived from your recovery phrase and never leave your device. Your browser is a full node with complete blockchain functionality.
  • Prize draw coordination runs on EU single-tenant bare metal infrastructure. Coordinators have no access to validator keys or blockchain operations.
  • Prize draw coordination may be temporarily unavailable if backend services are interrupted.

AI Model Processing

  • SELF uses SELF AI models on dedicated GPU infrastructure in EU data centers
  • Live prompts are processed to generate responses; stored conversation history remains client-side encrypted in your Memory Bank
  • Memory Bank conversation history is stored as client-side encrypted blobs; the server cannot decrypt your content
  • No data sharing with model providers - Your conversations and AI interactions are not used to train third-party models
  • No model training - We do not use your conversations to train models
  • Model performance and availability depend on dedicated EU GPU infrastructure

Web Search Services (Connect Tier)

  • Availability - Connect tier only (including the 3-day free trial); not available on Zero
  • Anonymous queries - Search and URL retrieval queries are sent to third-party providers without linking them to your SELF account or identity
  • Search results are provided "as-is" and we do not guarantee their accuracy or completeness.
  • We are not responsible for the content or accuracy of search results from third-party sources.
  • Service availability depends on third-party infrastructure and may be temporarily unavailable.

Search Service Limitations

  • Third-party dependency - Search services depend on external providers
  • No guarantees - We do not guarantee the accuracy, completeness, or reliability of search results
  • User responsibility - You are responsible for evaluating and verifying information from search services
  • Service interruptions - Search services may be unavailable due to third-party issues
  • No liability - We are not liable for decisions made based on search results
  • Content changes - Search provider behavior may change without notice

Stripe Payment Processing

  • SELF uses Stripe for secure payment processing and subscription management
  • During signup, we use Stripe's fraud detection (Stripe Radar) to verify payment methods
  • Stripe may analyze transaction patterns and geographic data for fraud prevention
  • We do not store IP addresses or payment details on our servers; IPs may be used briefly for login security
  • Your use of payment services is subject to Stripe's Terms of Service
  • For more information about Stripe's security practices, visit docs.stripe.com/security
  • For detailed information about Stripe's privacy practices, visit stripe.com/privacy-center

SELF Chain Prize Draw Program

SELF Chain operates a promotional prize draw program where users earn entries through validator participation. This is a Category 4 promotional game under Queensland's Charitable and Non-Profit Gaming Act 1999.

Program Duration and Token Allocation

  • Program duration - The prize draw and referral rewards program runs for 48 months (4 years) from launch
  • Token allocation - User Adoption pool: 125,000,000 SELF (125M SELF), covering prize draws and early adopter rewards over the User Adoption unlock schedule

Prize Draw Overview

  • No purchase necessary - Free Zero tier users are eligible to participate
  • Entry mechanism - 1 entry per vote (typically about 1 per minute while your node is active). When your node is active, you're casting votes in the blockchain. Each vote earns you 1 prize draw entry.
  • Vote rounds - Votes happen once per round (~60s). If you're reconnecting you may miss a round and won't earn an entry for it.
  • Prize tiers - Daily (5,000 SELF), Weekly (50,000 SELF), Monthly (200,000 SELF)
  • Cryptographically verifiable randomness - Winners selected via cryptographically verifiable randomness (verifiable on-chain)
  • Age requirement - Must be 18 years or older to participate

Prize Draw Terms Summary

  • Entries - Earned automatically through validator votes (1 entry per vote, typically about 1 per minute while your node is active). Votes happen once per round (~60s). If you're reconnecting you may miss a round and won't earn an entry for it.
  • Eligibility - Open to all SELF users 18+ where permitted by law
  • Winner notification - Winners notified via in-app alert within 24 hours
  • KYC verification required - Winners must complete KYC (Know Your Customer) verification before prizes can be claimed. We will send instructions when sending you an in-app alert if you win.
  • Prize delivery - Prizes credited within 7 days of successful KYC verification; pre-TGE prizes claimable after Token Generation Event and KYC verification
  • Unclaimed prizes - Winners have 3 months to claim; unclaimed tokens are burned
  • Record keeping - All draw records retained for 5 years (Queensland requirement)
  • Full terms - Complete Prize Draw Official Rules available in-app (SELF Wallet > Prize Draw)

Early Adopter Program (First 100,000 Users Only)

  • Subscriber bonus - First 100,000 users receive 100 SELF/month (Connect tier only) as lifetime benefit
  • Referral bonus - First 100,000 users receive 100 SELF/month per verified referral as lifetime benefit
  • Program end - After user #100,000, subscriber and referral bonuses are no longer available
  • Prize draws continue - All users (including those joining after 100k) remain eligible for prize draws

Billing and Payments

Subscription Plans

  • SELF Zero (Free) - Memory Bank with client-side E2E encryption. 5 messages/day and seamless cross-device sync via recovery phrase (same phrase = same keys on all devices).
  • SELF Connect (USD $20/month via Stripe, 3-day free trial) - Memory Bank with client-side E2E encryption (same zero-knowledge security as Zero tier). Enhanced features include 100 messages/day, anonymous live web search, voice input, and AI personality customization.

Data Export and Recovery

  • Both Tiers – You can export your complete decrypted data anytime via Settings. Your conversations and memories are decrypted in your browser and available for download in JSON format.
  • Data Recovery – Your 12-word recovery phrase is required to decrypt and recover your data. There are no recovery backdoors (no recovery codes or kits). Encryption keys are derived from your recovery phrase using BIP39 (client-side only, never transmitted to server). Both tiers use client-side E2E encryption. Lost recovery phrase = permanent data loss (zero-knowledge architecture means SELF cannot recover your data). Securely backup your recovery phrase (shown once during onboarding, cannot be recovered if lost).

Payment Terms

  • Billing cycle - Monthly subscriptions renew automatically
  • Payment due - Charged immediately upon signup and each renewal
  • Failed payments - Service suspended after 7 days, cancelled after 30 days
  • Price changes - 30 days notice for existing subscribers

Refunds and Cancellation

  • Cancel anytime - No long-term contracts or cancellation fees
  • Immediate access - Use your paid features until the end of your billing period
  • No partial refunds - Subscriptions are billed monthly in advance
  • Refund exceptions - Technical issues preventing service use (use Settings → Contact Us)

Data Retention After Cancellation

  • Data export - Before deleting your account, you can download your conversations and memories anytime via Privacy. When your account is deleted, the data no longer exists.

Service Limitations

What We Can't Promise

  • 100% uptime - Services may be unavailable due to maintenance or technical issues
  • Perfect performance - Speed and responsiveness depend on many factors beyond our control
  • Bug-free experience - We fix issues quickly but can't guarantee zero bugs
  • Third-party reliability - Infrastructure providers and Stripe issues may affect your experience

When Things Go Wrong

  • Planned maintenance - We'll give advance notice when possible
  • Unexpected outages - We'll work to restore service as quickly as possible
  • Data loss prevention - Your data is backed up, but you should also keep your own backups
  • Security incidents - We'll notify you promptly of any issues affecting your data

Force Majeure

We are not liable for service interruptions caused by events beyond our reasonable control, including:

  • Natural disasters - Earthquakes, floods, fires, or other natural events
  • Infrastructure failures - Major outages by CDN providers, EU infrastructure providers, or Stripe
  • Government actions - Regulatory changes, sanctions, or internet restrictions
  • Cyber attacks - Large-scale attacks on internet infrastructure
  • Pandemics - Public health emergencies affecting global infrastructure

During force majeure events, we will work to restore service as soon as reasonably possible and keep you informed of our progress.

Security Updates & Maintenance

  • Security patches - We provide prompt updates to fix any security vulnerabilities
  • Third-party updates - We monitor and update dependencies when security fixes are available
  • Automatic notifications - Critical security updates are pushed to users via our in-app notification system
  • Supply chain monitoring - We continuously monitor our infrastructure providers and Stripe for security updates

Removing SELF

Since SELF is a Progressive Web App (PWA), you can remove it anytime:

  • From your device - Remove the PWA from your device's app list or home screen
  • Browser data - Clear your browser's local storage and cache for SELF
  • Account closure - Use the Settings > Legal page in the app to request account closure and data deletion
  • Data export - Export your data before removing via Settings > Legal page

Important Disclaimers

Use SELF At Your Own Risk

While we work hard to make SELF reliable and secure:

  • SELF is provided "as is" - We can't guarantee it will meet all your specific needs
  • Your business decisions - Any choices you make based on SELF outputs are entirely your responsibility
  • Third-party issues - We're not responsible for problems caused by infrastructure providers or Stripe
  • Data safety - While we protect your data, you should maintain your own backups

Limitation of Liability

To the maximum extent permitted by law:

  • No liability for indirect damages - We're not responsible for lost profits, data, or business opportunities
  • Maximum liability - Our total liability is limited to the amount you paid us in the past 12 months
  • Legal protection - This protects both you and us from unreasonable legal costs
  • Your local laws - Some jurisdictions don't allow these limitations, so they may not apply to you

Account Termination

When We May Terminate Your Account

We may suspend or terminate your account if you:

  • Violate these terms - Breach any of our terms of service
  • Illegal activity - Use SELF for unlawful purposes
  • Security threats - Attempt to hack or compromise our systems
  • Payment issues - Repeated failed payments or fraudulent activity
  • Abuse - Harassment or harmful behavior toward other users

Termination Process

  • Notice - We'll give you reasonable notice before termination (except for serious violations)
  • Data export - You can export your data before termination
  • Appeal process - Use Settings → Contact Us to dispute termination decisions
  • Account data deletion - Your account data will be deleted within 30 days of account termination (separate from trial cancellation policies above)

We May Update These Terms

  • To clarify existing policies
  • Comply with legal requirements
  • But we will never change these terms to reduce your privacy, sell your data, or add tracking without your consent

Legal Stuff (The Necessary Parts)

General

  • These terms are governed by Australian law, where SELF Technology Pty Ltd is incorporated
  • We prefer to resolve issues directly with you, and if needed, disputes will be handled through binding arbitration
  • If any part of these terms is found invalid, the rest remains in effect
  • SELF is intended for users 18 years or older. We do not knowingly collect data from users under 18
  • By using SELF, you agree to these terms. If you don't agree, please don't use our service
  • The SELF Token is offered via SELF Technology Ltd, Intershore Chambers, Road Town, Tortola, British Virgin Islands, VG1110, (BVI IBC Number 2169550)

International Data Transfers

  • Primary location - Australia (SELF Technology Pty Ltd)
  • AI processing - Dedicated GPU infrastructure in EU data centers
  • Backend API hosting - Single-tenant bare metal servers in the EU
  • Frontend delivery - Static frontend assets delivered via a third-party CDN
  • Payment processing - Stripe (US-based payment processor)
  • Legal framework - Australian Privacy Principles with GDPR-equivalent protections
  • Transfer safeguards - Standard contractual clauses or other appropriate mechanisms with Stripe where applicable. Encrypted Memory Bank storage uses EU-based single-tenant bare metal infrastructure.
  • User data - Remains encrypted in your Memory Bank on single-tenant bare metal infrastructure in the EU
  • AI data residency - AI processing uses dedicated EU-based GPU infrastructure

Legal Basis for Processing (EU Users)

  • Contract performance - Processing necessary to provide SELF services
  • Legitimate interests - Service optimization and security
  • Consent - For optional features and communications

Data Retention

  • Account data - Retained while your account is active
  • Memory Bank data - Automatically deleted when your subscription is deactivated
  • Payment data - Retained by Stripe as required by law
  • Error logs - Retained for 30 days for debugging purposes

Contact Us

The SELF team will never DM you or reply to DMs. To contact us, create a free account at self.app, then open Settings → Contact Us to submit partnership proposals, job enquiries, support requests, or anything else. When the team respond, it will appear in your in-app Alerts.

For app bugs use Settings → Bugs. For feature ideas use Settings → Ideas. To report security vulnerabilities email security@self.app (Bug Bounty program).

Mail: SELF Technology Pty Ltd, 194 Varsity Parade, Varsity Lakes, Queensland 4227, Australia