How Sery treats your data

We're a network, not a store.

Sery is a privacy-respecting data network. Your files stay on the machines where they live. Sery cloud coordinates between them — identity, catalog, routing, sharing — but never holds file contents, ever. This page enumerates what we cannot see, what we know, and how to verify each claim against the open-source code.

Verify in source (AGPL-3.0)See the pricing
Where your bytes live · what crosses the line

Your machines

MacBook · work
Local + S3 · 12,847 files
Desktop · home
Local + Drive · 8,109 files
NAS
Local + SFTP · 47,233 files
File contents stay here. Always. Sery cloud cannot read them.
catalog only
raw files

Sery cloud

Coordination layer

Identity, catalog, query routing, sharing — never file contents.

Filenames + paths
Schemas (column names + types)
Workspace key + machine list
SQL queries (routed back to machine)
File bytes
Document content
Cell values (raw)
Turn the network off? Every local feature still works. The structural property is the product.
TLS in transit · OS keychain at restVerify in source

Zero file collection

Raw file contents stay on your machines and in the storage you connect (S3, Drive, SFTP, etc). There is no upload, no backup, no embedding-of-contents. Architecturally, not just by promise.

Credentials in your OS keychain

AWS keys, Drive OAuth tokens, SFTP passwords — all stored in your OS's native credential store. We never see them. Pre-flight tests them on save so a typo never persists.

No backdoor, no remote wipe

The desktop app respects your OS file permissions. We have no remote read of your local index, no kill switch, no way to alter your local data.

What we cannot see

By architecture, not by promise. These categories are out of reach of Sery cloud regardless of your settings.

Your files

Raw file contents stay on your machines and are never uploaded to our servers, in any mode of the product.

Verify in source· scanner.rs · sery-link

Your local index and per-file profiles

The column-aware search index, file profiles, and cached query results live in a local SQL store on your machine. We have no remote read of that store.

Verify in source· scan_cache.rs · sery-link

Your storage credentials

AWS access keys, Drive OAuth tokens, SFTP passwords — all stored in your OS's keychain on disk, never on our servers. Sery cloud has no read access to them. Pre-flight checks happen on your machine, against your storage.

Verify in source· remote_creds.rs · sery-link

Your disk

Sery Link only reads the folders you explicitly configured for indexing. It doesn't traverse the rest of your file system, doesn't access system keychains beyond what you granted, and respects your OS file permissions.

Verify in source· watcher.rs · sery-link

Each link points at the file that implements the constraint. File-level for now — line-specific permalinks land when we tag releases with stable commit SHAs (ROADMAP F32).

What we know about your network

Once you create a Sery.ai account and connect a machine, this is the surface area we can observe. Equally important to be explicit about.

  • That a machine exists (via its machine-generated ID).
  • Which workspace each machine belongs to.
  • Whether each machine is currently online.
  • The names and schemas of the files you indexed — not their contents.
  • Approximate file sizes and last-modified timestamps.
  • When AI queries originated from each machine, for the 30-day retention window.

If your use case requires even this much to stay private, you can run Sery Link without a Sery.ai account at all — the universal data gateway (browse, preview, profile, search across every connected source) runs fully offline and requires no sign-in.

Who we share data with

Every service we route data through, what each one receives, and where they process it. The full enumeration lives in the DPA we send B2B customers; this is the public summary.

Sub-processorPurposeWhat they receive
AnthropicLLM inference for the managed AI tier (zero-retention configured)Question text, heuristically-redacted column metadata, answer text
Voyage AIEmbedding generation for column metadata (semantic search)Column names + types, dataset descriptions; no row-level data
StripePayment processing for paid plansBilling contact, payment method, invoice history
Hosting + email + loggingOperational infrastructureAccount/workspace records, transactional emails, request logs
Storage credentials don't appear here. AWS keys, Drive OAuth tokens, SFTP passwords — all stored in your OS keychain on disk. Sery cloud never sees them; the cloud agent reaches your data through a private tunnel to your local Sery Link, which runs the storage call from your machine.

Need a signed Data Processing Agreement (DPA) for procurement? Email [email protected].

Verify the claims yourself

The Sery Link desktop application is open-source under AGPL-3.0. Every claim above is implemented in code you can audit, fork, or run disconnected from our cloud entirely.

Desktop app source

The file scanner, the query router, the auth modes — all on GitHub under AGPL-3.0.

github.com/seryai/sery-link

Disconnected mode

Run the AGPL desktop with no cloud connection. Local features work; the network simply isn't there.

See the README

Network status

Per-component health for the Sery network plus incident history. Network-operator-style transparency.

See live status

The three operational-trust pillars: /status (per-component health + incident history), the "Verify in source" links above (each claim → AGPL source file), and /audits (annual independent third-party verification — first audit targeted Q4 2026). All three are public, dated, and version-controlled in the website repo.

What happens if Sery goes down

An honest answer to the question every privacy-conscious user asks before adopting infrastructure: what's my fallback?

If Sery cloud has an outage

The desktop app degrades gracefully. Local search, column profiles, file watching, and your local index keep working. Cloud-dependent features (Sery-managed AI, cross-machine search, sharing) pause until the network's back. Queued queries retry on reconnect; nothing is lost.

If Sery the company shuts down

The desktop app is AGPL-3.0 — yours forever. It keeps working with all local features. Use the catalog export (linked below) to keep a portable copy of your indexed metadata. The disconnected-OSS path is the structural disaster plan: it doesn't require us to be alive.

If your hardware dies

Your files are on your machines, not ours — recovery is whatever backup story you already use (Time Machine, Backblaze, etc.). For the indexed catalog, /privacy → Download workspace catalog gives you a portable JSON snapshot. Re-attaching to a new install is forthcoming.

The thing that makes this credible: Sery never stores your files. The worst case for our customers in any disaster scenario is "the convenience layer goes away." The data layer (your files, on your machines) was never ours to lose.

Legal documents

The full text behind the summaries above. These are the documents your security or compliance team will want to read.

Privacy PolicyTerms of ServiceCookie PolicyData Processing Agreement (sent on request)

One more way to verify: try it.

Install Sery Link, leave it disconnected from the network, and verify the claims yourself with the local audit log. Then turn the network on if you want unlimited managed AI and 5 invited machines on one bill.

Download Sery LinkSee pricing