the short version
sol pbc makes open source software. we don't sell your data — and we never will. today we don't host or collect anyone's data either; when that changes (with paid services on the way), this policy will say exactly what we do, with the same legal protections built into the corporate charter. the no-sale promise isn't just a promise: it's a binding legal covenant in our articles of incorporation, enforceable against the company forever.
this is a short privacy policy because we have almost nothing to disclose today. when your business model is open source software and your corporate charter prohibits data monetization, there isn't much to say.
who we are
sol pbc is a Colorado public benefit corporation. our benefit purpose, as filed with the Colorado Secretary of State, is to advance digital self-determination by providing open-source, privacy-respecting tools and services that enable individuals to directly collect and gain insight from their personal data.
sol pbc has one director: jeremie miller, the founder. the company can only be acquired by a successor that is legally bound to preserve a substantially equivalent benefit purpose and that assumes covenants no less protective than Article 8. acquisition by an entity that wouldn't honor these protections is not permitted. these constraints are in the articles of incorporation and cannot be weakened — see the amendment lock below.
contact: contact us
what sol pbc makes
sol pbc develops two open source projects:
- solstone — an AI co-brain that experiences your screen and audio along with you, processes it locally with AI, and gives you a searchable knowledge graph of your digital life. it runs on your hardware. your data stays on your device.
- vit — a developer capability network built on AT Protocol. developers and AI agents discover, share, and remix software capabilities through a decentralized social network.
sol pbc does not currently offer hosted services. both products run on your own infrastructure. sol pbc has no access to your data.
what data does sol pbc collect?
from solstone and vit: nothing
solstone and vit are open source software that runs on your hardware. sol pbc receives no data from your use of these products — no telemetry, no analytics, no crash reports, no usage data. the software works entirely offline from sol pbc.
the source code is public. you can verify this yourself.
from solpbc.org: almost nothing
when you visit solpbc.org, our hosting provider — Cloudflare — collects standard edge server logs (IP address, pages visited, browser type, timestamp). this is inherent in how the web works. Cloudflare's collection and handling of these logs is described in the Cloudflare privacy policy under "end users."
sol pbc does not access these logs for analytics or any other purpose. we don't use Google Analytics, tracking pixels, cookies, or any other tracking technology on solpbc.org.
from email: what you send us
if you email jer@solpbc.org, we receive your email. we use it to respond to you. we don't add you to mailing lists, share your email with anyone, or use it for marketing.
what sol pbc will never do
these aren't policies — they're binding covenants in our articles of incorporation and bylaws. while the founder serves as a director, any amendment requires his personal written consent (a right that cannot be delegated). after he ceases to serve, amendments are permitted only to strengthen these protections or to comply with mandatory law to the minimum extent strictly required. weakening amendments are foreclosed forever.
throughout this section, user data refers to what is legally defined in Article 8 as Customer Data — any data, information, content, record, output, or inference concerning a user or derived from such data, including de-identified, anonymized, aggregated, pseudonymized, or encrypted forms.
- never sell, license, sublicense, or lease user data — including anonymized, aggregated, or de-identified data. most privacy laws allow companies to share "de-identified" data freely. Article 8 closes that gap entirely. (Articles of Incorporation, Article 8, Section 8.3(a)(1))
- never use data for advertising, profiling, or behavioral targeting — user data can only be used to provide the service to the person who generated it, including through service providers strictly necessary to provide, secure, or support that service. no analytics vendors, no tracking pixels, no behavioral profiles — no exceptions. (Articles, Section 8.3(b))
- never weaken these protections, even if acquired — any merger, acquisition, or transfer of control is conditional: the successor must be legally bound to preserve a substantially equivalent benefit purpose and must assume covenants no less protective than Article 8. shareholders and former shareholders are third-party beneficiaries with direct enforcement rights that survive the transaction. (Articles, Section 8.5)
- always pursue the strongest practical encryption and access controls — encryption in transit and at rest, least-privilege access, and ongoing design toward end-to-end encryption, customer-held keys, secure enclaves, and confidential computing — architectures that minimize and, where reasonably practicable, eliminate operator access to plaintext data. (Bylaws, Article III, Section 3.1)
- always resist government data demands — resist disclosure to the maximum extent permitted by law, notify the affected user if legally allowed, and pursue architectures that make compelled disclosure technically infeasible. (Bylaws, Article III, Section 3.2)
these covenants bind the company, the founder, and any successor.
your rights
you have rights over your data regardless of where you live:
- access — ask us what personal data we have about you
- correction — ask us to fix inaccuracies
- deletion — ask us to delete your data
- portability — get a copy in a portable format
since sol pbc doesn't currently host user data, these rights primarily apply to any email correspondence you've had with us.
to exercise any right: contact us. we'll respond within 30 days.
vit and AT Protocol
vit is built on AT Protocol, a decentralized protocol where most data is public by design. when you publish a capability, vouch for a skill, or follow someone on vit, that data flows across the AT Protocol network to relays and indexers operated by many different parties.
sol pbc's privacy commitments apply to data on sol pbc's infrastructure. once data is published to the AT Protocol network, sol pbc cannot delete copies from other servers. this is how decentralized protocols work — it's a feature of the architecture, not a limitation of our commitment.
if sol pbc operates a relay or PDS for vit, we collect only what the protocol requires to function. no additional tracking, analytics, or data collection.
solstone and recording laws
throughout this site we describe what solstone does as observing along with you. when those observations include audio of a conversation, wiretapping and consent statutes call that recording — the term used in this section, because it is the term used in the laws.
solstone observes your screen and, when configured to do so, records audio. if you use solstone, you are responsible for complying with recording-consent laws in your jurisdiction. some states and countries require all parties to a conversation to consent to recording.
sol pbc doesn't record anything — you do, on your own hardware. we recommend informing others in advance when audio recording is active during conversations.
when sol pbc offers hosted services
sol pbc does not currently host user data. when we do offer hosted services in the future, this policy will be updated with:
- exactly what data we collect and why
- who processes it (named providers, not categories)
- how it's encrypted
- how to export and delete your data
- jurisdiction-specific rights (CPA, CCPA, GDPR)
we will notify users before any hosted service launches and publish the updated policy at least 30 days in advance. the covenants described above apply to all future services — they are structural, not service-specific.
changes to this policy
if we change this policy, we will:
- update this page with a clear summary of what changed
- update the changelog below
the covenants in the articles of incorporation and bylaws cannot be weakened through a policy update — see the amendment lock described above.
changelog
| date | change |
|---|---|
| 2026-05-01 | hosting attribution corrected: solpbc.org is served by Cloudflare Workers only — the prior reference to GitHub Pages reflected an earlier deployment and was no longer accurate. linked to the Cloudflare privacy policy for the edge server logs Cloudflare collects from visitors. |
| 2026-05-01 | updated to reflect the amendment and restatement of Article 8 (CO SOS Doc. 20261537456) and the adoption of restated bylaws. acquisition language updated to reflect that change of control is conditional (mission-aligned successors only, with covenants no less protective). amendment-lock language updated to reflect the new strengthening-only rule outside the founder's stewardship. operational-agent succession references removed; succession now flows through the Successor Designator mechanism in Article 8 §8.4. |
| 2026-03-29 | initial publication |
this privacy policy reflects the binding covenants in sol pbc's articles of incorporation and bylaws. the covenants are the authority — this policy describes them in plain language. if there is ever a conflict between this policy and the articles or bylaws, the articles and bylaws govern.
questions? get in touch.