Myelin

Privacy Policy

Last updated: March 17, 2026

1. Introduction

Myelin (“we”, “us”, “our”) provides procedural memory infrastructure for AI agents. This Privacy Policy explains how we collect, use, and protect information when you use our website and services.

2. Data We Collect

We collect the following categories of data:

  • Account information: Email address and authentication credentials when you create an account.
  • Session traces: Tool calls, inputs, and outputs generated by AI agents using our MCP server, as submitted through the API.
  • Workflow data: Markdown-based workflows extracted from successful agent sessions, including step descriptions and tool call patterns.
  • Usage data: API call counts, workflow match statistics, and general service usage metrics.

3. How We Use Your Data

  • To provide and improve the Myelin service.
  • To extract workflows from successful agent sessions and surface them at runtime via the MCP protocol.
  • To evaluate sessions with categorical verdicts and track usage statistics.
  • To communicate with you about your account and our service.
  • To detect and prevent abuse or unauthorized access.

4. Data Storage

Your data is stored in Supabase-managed PostgreSQL databases. All data is encrypted at rest and in transit. We retain session traces and workflow data for as long as your account is active. You may request deletion of your data at any time.

5. Third-Party Services

We use the following third-party services to operate Myelin:

  • Supabase: Authentication and database hosting.
  • Vercel: Website and API hosting.
  • Fly.io: Backend API and background worker hosting.
  • Stripe: Payment processing and billing management.
  • LLM providers: We use large language models to evaluate session outcomes and extract workflows. Session traces are sent to these providers for processing. We do not use your data to train third-party models.

6. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

7. Your Rights

You have the right to:

  • Access the data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data and account.
  • Export your workflows and session data in a machine-readable format.

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, we will delete your data within 30 days, except where we are required by law to retain it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the service.

10. Contact

If you have questions about this Privacy Policy, open an issue on GitHub.