the privacy law.
Seven rules govern what the org-brain remembers about you. They're locked — not settings, not policies that drift. The boundary is always visible, and it never works in the dark.
- R1
What you ask is yours. What you tell the brain belongs to the org.
Reads are private; writes are public. Queries and block-reads are member-private by default — no feed, screen, or admin view shows who asked what. Writes, says, and attests are public acts within their scope.
- R2
Patterns only surface when the crowd is big enough to hide you.
Aggregates are k-anonymized (k ≥ 5). Topic-level signals appear only above threshold; small teams cannot be de-anonymized by arithmetic.
- R3
The org sees what's missing — never who went looking.
The gap signal is a topic and a count, never the querier.
- R4
Curiosity about locked thoughts is protected.
Access requests are visible ONLY to the permission holder who can grant them — never in feeds or org views.
- R5
Agents work in the open; humans think in private.
Agents are work product; humans are cognition. Agent cognitive events are org-visible by default — but an agent operating inside your private scope inherits your privacy.
- R6
If this org ever audits, everyone knows. Silent surveillance is never built.
Audit mode exists, never silently — DEFAULT OFF (locked). When an org turns it on, every member sees “this org audits query logs”.
- R7
Your name fades from the logs after 30 days.
Identity decays from logs in 30 days (locked): raw identified query logs roll into anonymous aggregates. Outcome events — attested, worked, failed — keep their author permanently; those are public acts that feed reputation.