1. Who we are

OneLamp is operated by Saho Labs, Inc. (“OneLamp”, “we”, “us”). OneLamp is a universal context layer: you connect your apps, services, and knowledge once, and any AI agent can retrieve that context through our MCP server and REST API. This policy describes how we handle personal data as the data controller.

2. Information we collect

We collect the following categories of data:

Account data. Email address, display name, and authentication metadata. You can sign in with GitHub, Google, Apple, or email and password.
Your context. The repos, docs, APIs, tools, and notes you choose to connect, and the context graph we build from them — including structure, embeddings, and metadata used to retrieve it. This is your data; we process it to provide the service.
Connection credentials. Tokens and keys you authorize so we can read the sources you link (for example, an OAuth token for a repository). Credentials are stored encrypted and used only to build and refresh your context.
Developer & API data. API key metadata (we store only a hash of each key, never the raw secret) and the queries your agents make against your context.
Usage & device data. Log data, IP address, approximate location, and product-analytics events used to operate and improve the service.

3. How we use your data

To create and secure accounts and authenticate sign-ins.
To capture, structure, index, and serve your context graph to the agents you connect.
To provide the MCP server and REST API and enforce rate limits.
To maintain security, prevent abuse, and debug the service.
To communicate with you about security and service updates.
To comply with legal obligations and enforce our Terms of Service.

We do not train models on your context. OneLamp is a retrieval layer, not a generation layer — the default query path returns a ranked context pack, with no LLM on the path.

4. Legal bases

Where the GDPR or similar laws apply, we rely on: performance of a contract (operating the context layer), legitimate interests (security, abuse prevention, product improvement), consent (optional analytics), and compliance with legal obligations.

5. How we share data

We share personal data only as needed to run the service:

With the agents you connect. When you link an AI client, your context is served to it at your direction. You control which clients are connected.
Service providers. Cloudflare (hosting, storage, edge compute, and email delivery) and product-analytics providers, each under contractual data-protection terms.
Legal & safety. When required by law, or to protect the rights, safety, and property of users and the public.
Business transfers. In connection with a merger, acquisition, or sale of assets, subject to this policy.

We do not sell your personal data.

6. Data retention

We keep your context and account data for as long as your account is active. You can export your context graph or delete your account at any time; on deletion we remove your context and revoke stored connection credentials, retaining only limited records required for legal and security purposes. Hashed API keys are retained until revoked.

7. Security

We use industry-standard safeguards including encryption in transit, encrypted connection credentials, hashed API keys, per-user isolation, scoped access, and rate limiting. No method of transmission or storage is perfectly secure, but we work to protect your data and to notify you of material incidents as required by law.

8. International transfers

OneLamp runs on a global edge network, so your data may be processed in countries other than your own, including the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for cross-border transfers.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your data, to object to or restrict certain processing, and to withdraw consent. OneLamp is portable by default — you can export your entire context graph at any time. To exercise these rights, email legal@onelamp.ai. You may also lodge a complaint with your local data-protection authority.

10. Children

OneLamp is not directed to children under 18, and we do not knowingly collect their data. If you believe a minor has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice.

12. Contact

Saho Labs, Inc. — privacy questions: legal@onelamp.ai.

This page is provided for general information and does not constitute legal advice. Questions? Email legal@onelamp.ai.