We monetize the orchestration tier. We never monetize the training tier. Every privacy claim on this page ties back to a real path in the codebase, not a brochure.
THE FOUR PROMISES
These are not aspirations. They are contractual posture and technical constraint. We do not have the systems to do these things, and we never intend to build them.
Your prompts route to models. They are not stored beyond delivery, not fed back into any training pipeline, and not aggregated into datasets we sell or share.
Knowledge Node files (PDFs, DOCX, XLSX, CSV, JSON, Markdown) live in object storage scoped to your organization. We retrieve them at runtime, never index them for anyone else.
Chains, open loops, agent meta memories, and the entire MCIR 2.0 envelope are yours. We persist them so your AI Workers improve over time , not so we improve our models.
Metering data drives your bill and our infra. It is not packaged into segments, not sold to third parties, and not used to train ranking or routing models for anyone else.
HOW IT IS ENFORCED
Trust on the marketing page is worthless. Each row below points at the file or product surface where the constraint is implemented.
Every request lands in the audit ledger as a SHA-256 hash of the prompt , not the prompt itself. The raw content is gone the moment your response streams back.
Knowledge Node uploads land in object storage with your organization as the only read principal. Cross-tenant retrieval is structurally impossible.
One endpoint dumps every chain, open loop, agent meta memory, and outcome event for your account. Open schema, documented protocol, no proprietary lock-in.
Hit delete and your memory graph, knowledge files, and conversation history are removed from primary stores and downstream replicas. We do not keep shadow copies.
@hitheo/sdk, @hitheo/telegram, @hitheo/whatsapp, and @hitheo/mcp are open source. Trust comes from the diff log, not the marketing page.
CONTROLS YOU CAN USE TODAY
Bayesian decay applies automatically. Hard floors on user-declared facts. Regulated entries (e.g. eligibility) require human approval and revalidation.
Every memory carries source, confidence, freshness, and last-verified metadata. Visible in the Memory Console. Editable. Auditable.
Route to your own model in the Routing Studio. Bring your own vector store. We orchestrate , we do not require you to surrender your stack.
Audit trail signed and tamper-evident. SOC 2 alignment. GDPR-aligned data handling. Memory Pack rules opt in to industry-specific compliance defaults.
FREQUENTLY ASKED
Only for the duration of the request. We route to the model that answers, we never persist the raw prompt body, and we never feed any prompt into training. The audit ledger keeps a SHA-256 hash so a compliance team can verify exact match without reading the content.
We route only to providers whose enterprise contracts disable training-on-input by default (OpenAI, Anthropic, Google, fal.ai, Venice). Provider lists and terms are public. If you require a stricter posture, the Routing Studio lets you pin to a specific provider or your own self-hosted model.
Yes. The destructive delete in Settings purges your memory graph, knowledge files, conversation history, and audit hashes from primary and replica stores. There is no “shadow copy” retained for our benefit.
Yes. One endpoint returns every chain, open loop, agent meta memory, and outcome event for your account in a documented schema. No vendor lock-in.
Hashed audit entries live in our primary database, retained for your account's retention window. The hash is the proof; the content is yours and goes through the storage controls above.
No. We monetize the orchestration tier (per-token pricing with a transparent margin) and the platform tier (skills, workflows, channels). We do not have, and have never had, a training-on-customer-data business model.
Get your API key in 30 seconds. Memory, governance, your data , yours.