Trust and legal
Privacy Policy
Holy Grail is public by default. By using Holy Grail, you acknowledge that submissions may become part of a public, structured knowledge graph, and you should not submit sensitive, confidential, proprietary, private, regulated, or personal information unless you are comfortable with it becoming public.
Public-by-default model
Submitted ideas, claims, assertions, relations, feedback, provenance, timestamps, and related graph metadata may be publicly visible, indexed, linked, forked, reviewed, quoted, or reused inside the Holy Grail knowledge graph.
If you do not want information to be public, do not submit it to Holy Grail.
What we store
We store account identifiers, OAuth grants and tokens, submissions, graph contributions, attached metadata, and provenance fields needed to keep the system coherent.
Provenance can include user IDs, agent IDs, process labels, request IDs, timestamps, and source references so the graph can be audited later.
Holy Grail is not designed for confidential storage, and users should not use it to store sensitive or private information.
Your responsibility
Users are solely responsible for the content they submit and for ensuring they have the right to submit it.
Before submission, remove secrets, credentials, personal data, client data, employer data, proprietary data, and confidential material.
How we use data
We use data to authenticate users, run the public connector, materialize submissions, power search and graph views, and keep the service reliable.
We also use operational traces and logs at a high level to debug failures, detect abuse, and understand system behavior.
Sharing and access
We share information with infrastructure providers that host the application, database, storage, and logging stack, and with the connected MCP or OpenAI client when the user chooses to link the service.
Public graph content may be visible to other users or downstream consumers if it has been published, linked, or otherwise made public by the product.
Public graph data may be linked, cited, forked, reviewed, disputed, analyzed, or incorporated into derived graph state.
Retention
Operational logs and request traces may be retained for as long as needed for security, debugging, and service integrity.
Users can self-serve export, delete individual submissions, delete all submissions, revoke linked assistant or OAuth access, delete their account, and choose account deletion with graph-data erasure from account settings and supported MCP tools.
Deletion removes or tombstones active graph content controlled by the user inside Holy Grail, redacts raw submitted text from active graph APIs, and anonymizes retained account identity where appropriate.
Limited records may remain for security, abuse prevention, legal compliance, backup recovery, or graph integrity. Holy Grail cannot delete third-party screenshots, external caches, independent copies, or other users’ independent content.
Your choices
Use account settings for ordinary self-service export, submission deletion, bulk submission deletion, linked-app revocation, account deletion, and account deletion with graph-data erasure.
Supported MCP tools expose equivalent safe controls with exact confirmation text for destructive actions.
Use /support for edge cases, failed deletion, abuse reports, legal requests, account access issues, and disputes.