Transparency

We believe you should know exactly what happens with your data. This page explains how Lianas processes, stores, and protects your information.

Our approach to privacy

Lianas is built with a Swiss-first, privacy-by-design philosophy. By default, all AI processing runs on Infomaniak's sovereign infrastructure in Switzerland, subject to Swiss data protection law, one of the strictest in the world.

We don't sell your data. We don't use it for training. Your conversations, your memory, your context: they belong to you.

What happens when you send a message

Here is the path your data takes, step by step:

  1. You send a message: text or voice. If voice, the audio is sent to the STT (speech-to-text) provider for transcription.
  2. Context is retrieved: the server queries the Context Engine to find relevant memories about you. Embeddings are computed locally with BGE-M3 and never leave the server.
  3. The LLM generates a response: your message, along with relevant context, is sent to the language model. By default, this is Infomaniak's Mistral Small, hosted in Switzerland.
  4. The response is returned to you: streamed token by token. The conversation is saved in the database for your history.
  5. Memory is updated: the Context Engine extracts relevant facts from the conversation and stores them for future sessions.
  6. Voice output (optional): if TTS is enabled, the response text is sent to the TTS provider for audio synthesis.

What is stored and where

Server (Swiss infrastructure)

  • Account information (email, hashed password)
  • Conversation history (messages, titles, timestamps)
  • Context graph (entities and relations, your long-term memory)
  • Encrypted API keys (if you use BYOK, stored with Fernet encryption)
  • User settings (voice preferences, provider choices)

Your browser / desktop app

  • Session token (JWT, expires automatically)
  • UI preferences (localStorage)

External services (default configuration)

In the default configuration, no data leaves sovereign or local infrastructure. Voice synthesis (Kokoro) and web search (SearXNG) run on our own servers, embeddings are computed locally, and the language model and speech-to-text run on Infomaniak in Switzerland. Your data transits to an external service only when you configure your own provider key, covered below.

Additional external providers (with BYOK)

  • When you configure your own API key, messages and/or audio are sent to that provider

Bring Your Own Key (BYOK)

Lianas lets you connect your own API keys for different providers. This gives you flexibility, but it also means your data will transit to those providers' servers. Here's what you should know:

  • OpenAI / OpenRouter: your messages and context summaries are sent to their API for LLM processing.
  • ElevenLabs: response text is sent for voice synthesis.
  • Tavily: search queries are sent for web search results.
  • Infomaniak: data stays within Swiss infrastructure regardless.

When you configure a BYOK provider, the UI will clearly indicate that data is being sent outside Swiss infrastructure. You accept that provider's privacy policy by using their service. Your API keys are encrypted at rest with Fernet encryption and are never logged or exposed.

Swiss sovereign infrastructure

By default, Lianas uses Infomaniak as its AI provider. Infomaniak is a Swiss company operating data centers exclusively in Switzerland. This means:

  • Data is processed and stored under Swiss law (Federal Act on Data Protection, FADP)
  • No data transfer to the US or other jurisdictions with weaker protections
  • Infomaniak is ISO 27001 certified and uses 100% renewable energy
  • AI models are hosted locally, no external API calls

The embeddings engine (BGE-M3) runs entirely on our own server. Your context vectors are computed locally and never sent to any external service, regardless of your provider configuration.

What you can control

You have full control over your data at all times. Here's what you can do from the app:

  • Context graph: visualize everything Lianas knows about you as an interactive graph
  • Delete individual facts: remove specific entities or relations from your memory
  • Wipe all memory: erase your entire context graph in one action
  • Delete conversations: remove individual conversations from your history
  • Export conversations: download your conversations as markdown files
  • Choose your providers: switch between providers or remove your API keys at any time
  • Delete your account: remove your account and its data from settings

Coming soon: full data export (JSON).

Your rights under GDPR

As a user, you have the following rights regarding your personal data:

Right of access

View your context graph and conversation history directly in the app.

Right to rectification

Edit or delete individual facts in your context graph.

Right to erasure

Wipe your memory, delete conversations, or delete your account from settings.

Right to portability

Export your conversations as markdown. Full data export coming soon.

The full detail of what we collect, why, and for how long is in the privacy policy. For any data-related request, contact us at contact@aurioa-tech.com.