Trust & security

How Calmara handles your data, in checkable detail. Last updated July 2026. Questions or vulnerability reports: support@calmara.app.

Where your data lives

The Calmara application and its PostgreSQL database run on Railway in the EU (region europe-west4, Netherlands), as of July 2026. You can optionally self-host the knowledge and memory database on your own PostgreSQL via a Docker bundle — in that case your notes and facts live on infrastructure you control, and Calmara's servers read and write to it on your behalf.

How an AI request flows

Calmara has no shared cloud AI keys. Every AI feature runs one of two ways:

  • Local model (zero egress): your browser talks directly to your own Ollama or LM Studio endpoint. The prompt never reaches Calmara's backend or any cloud provider.
  • Bring your own key: your request goes to api.calmara.app, structured identifiers (email addresses, phone numbers, card and ID numbers, IP addresses) are redacted, and the call goes to your chosen provider under your own API key and contract.

Calmara never uses your data to train models, and because AI runs on your key or your machine, there is no pooled Calmara account at any AI provider for your data to sit in.

Encryption and authentication

  • TLS on every connection; the Android app additionally pins the api.calmara.app certificate chain.
  • Integration tokens (Google, Microsoft, Todoist) and your AI provider keys are encrypted at rest with AES-256-GCM.
  • Authentication is handled by Auth0; Calmara never sees or stores your password.

Subprocessors

  • Railway — application and database hosting (EU, europe-west4)
  • Auth0 — authentication
  • PowerSync — offline-first knowledge sync
  • Sentry — error monitoring
  • Plausible — cookieless analytics, EU-hosted
  • Creem / Lemon Squeezy — payment processing (they see billing details, never your content)
  • Trigger.dev — background jobs (payloads carry record IDs only, no personal content)
  • Your chosen LLM provider — only if you configure a cloud key; under your account, not ours

Your controls

  • Auditable AI memory: per-fact revision history, provenance, and a pending-review queue — nothing is remembered without approval.
  • AI activity log: every tool call an assistant makes against your account, with the full input.
  • Auto-reschedule log: every task the nightly scheduler moved, from which date to which.
  • Retract or permanently delete any individual fact (retraction keeps history; deletion erases the record).
  • Schema-versioned GDPR export (Article 20) free on every tier, and full account deletion (Article 17) with cascading erasure of your memory store.

What we don't have yet

Calmara is a young product from a one-person company and does not yet hold a SOC 2 report. This page exists to answer the same diligence questions in the open instead: where data lives, who touches it, how it's encrypted, and how you leave. If your evaluation needs something this page doesn't answer, email support@calmara.app and you'll get a direct answer from the person who built it. For the regulated-professional configuration specifically, see Calmara for regulated professionals.