HologramHologram
Legal

Privacy Policy

How 2060 OÜ collects, uses, and protects your data across the Hologram Messaging App, Hologram Agentic Cloud, and our websites.

Effective Jan 14, 2024 · Last updated April 23, 2026

This Privacy Policy explains what information 2060 OÜ ("2060.io", "we", "us") collects when you use the Hologram services, how we use it, and the rights you have over it. It applies to:

  • The Hologram Messaging App (iOS, Android, desktop)
  • Hologram Agentic Cloud — our hosted personal-agent service (Free, Pro, and Business plans)
  • The hologram.zone and 2060.io websites
  • Any related SDKs, APIs, and developer tools

If you run Hologram on your own infrastructure (self-hosted, open source), this policy does not apply — you act as the data controller.

1. Who we are

The data controller is 2060 OÜ, a private limited company registered in Estonia, with its registered office at Ahtri tn 12, 10151 Tallinn, Estonia. You can reach us through our contact form for any privacy-related question or to exercise your rights.

2. The two Hologram privacy models

Hologram is built around two very different data models. Understanding which one applies to you determines what we store about you.

2.1 Hologram Messaging App — local-first, no online account

The Hologram Messaging App is a self-custody application. We do not create an online account when you install it. Your profile, contacts, conversations, and verifiable credentials are created and stored locally on your device, under your exclusive control.

What stays on your device

  • Your chosen display name and optional profile picture
  • Your contacts and connections
  • Your verifiable credentials (in a ciphered software enclave)
  • Your message history

What transits through our infrastructure

To deliver end-to-end encrypted messages to devices that are temporarily offline, we operate relay servers. These servers handle:

  • End-to-end encrypted message payloads (which we cannot decrypt)
  • Randomly generated authentication tokens, keys, and push notification tokens — the minimum technical material needed to route messages

We cannot read your messages, your credentials, your contacts, or the content of your calls.

How to delete your data from the App

Because no online profile is created, you can delete everything associated with your Hologram App account simply by deleting the App from your device. Any queued encrypted messages on our relay infrastructure are discarded after delivery or expiry, typically within a few days.

2.2 Hologram Agentic Cloud — hosted personal-agent service

When you sign up for Hologram Agentic Cloud (Free, Pro, or Business), you create an online account so we can host your personal AI agent and its state. This is a hosted service, and we process more information than we do for the App.

Account data

  • Email address
  • Password hash (we never store passwords in plain text)
  • Display name, optional avatar
  • Your decentralised identifier (DID) on the Verana network

Billing data (Pro and Business only)

  • Billing name, country, and tax information
  • Payment tokens from our payment processor (we do not store raw card data)
  • Invoice history

Agent state

  • Agent configuration (name, instructions, connected MCPs)
  • Conversation history and persistent memory
  • RAG corpora you upload (documents, notes, knowledge bases)
  • Credentials you choose to present through your agent
  • Generated content (text, images, voice notes, where enabled)

Operational telemetry

  • Authentication and session logs
  • Error reports and performance metrics
  • LLM usage metering (tokens consumed, model selected) — for billing and quota enforcement

Your right to export and delete

You can export all of your Hologram Agentic Cloud data at any time from your account settings, in a machine-readable format.

You can permanently delete your Hologram Agentic Cloud account and all associated agent state at any time from your account settings. Permanent deletion removes your agent configuration, conversations, memory, RAG corpora, and generated content from our systems. We retain a minimal record of billing transactions where legally required (Estonian accounting law typically mandates seven years for invoices).

3. What we collect on our websites

On hologram.zone and 2060.io we collect the minimum needed to run the site:

  • Anonymised traffic statistics (page views, referrers, approximate region)
  • A consent record when you accept or reject cookies
  • Information you voluntarily submit through contact forms, demo requests, or newsletter subscriptions

We do not sell or rent your personal information to third parties, ever.

4. How we use your information

We use the data above to:

  • Provide, operate, secure, and improve the Hologram services
  • Deliver end-to-end encrypted messages and host your personal agent
  • Authenticate you and protect your account
  • Bill you accurately (Pro and Business)
  • Send you transactional notifications (service updates, security alerts, invoices)
  • Send you marketing communications (only if you have opted in; you can opt out at any time)
  • Detect, prevent, and respond to fraud, abuse, and security incidents
  • Comply with applicable law

We do not use your agent conversations, your messages, or your uploaded RAG corpora to train third-party foundation models.

5. Large language models and third-party AI providers

When you use your personal agent on Hologram Agentic Cloud, your prompts and agent context are processed by a large language model (LLM). The specific provider depends on your plan and your chosen model:

  • Free — A basic LLM tier hosted by 2060.io, with a monthly quota
  • Pro and Business — A selection of models from providers such as OpenAI, Anthropic, Google, DeepSeek, Groq, or models self-hosted by us or by you

When a third-party LLM provider is used, your prompt is transmitted to that provider under their API terms. We select providers that contractually commit not to train their models on your API inputs, but you should review their policies if this matters to you.

If you prefer that your data never leaves your device or a chosen infrastructure, the Business plan supports self-hosted and air-gapped LLMs, and the open-source Hologram stack lets you run the entire service yourself.

6. MCP integrations and third-party services

You can connect your personal agent to third-party services through MCP (Model Context Protocol) servers — for example, calendars, email, contacts, or social networks. When you authorise such a connection:

  • You consent to your agent sharing the relevant context with that service under its terms
  • We store the connection metadata and any access tokens needed to re-establish the integration
  • We do not read or copy the content exchanged through the integration, except where strictly necessary to route it to your agent

You can revoke any integration at any time from your account settings.

7. Decentralised identifiers, credentials, and the Verana network

Hologram uses decentralised identifiers (DIDs) and verifiable credentials. DIDs and credential-schema references may be published to the Verana Verifiable Public Registry, a public blockchain network. By design, data written to a public registry is public and permanent. We never write personal information (name, email, message content) to the registry — only pseudonymous identifiers, schema references, and trust-registry entries that you or your organisation explicitly publish.

Trust resolution and Proof of Trust checks that your agent performs against other parties' DIDs are recorded locally in your agent state, not on a public ledger.

8. How we share your information

We do not sell or rent your personal data. We share it only in the following cases:

  • Service providers (processors) — cloud hosting, payment processing, email delivery, error monitoring, LLM inference providers. They are bound by contract to process data only on our instructions and to safeguard it.
  • Third-party services you connect — via MCP, you direct us to share specific context with them
  • Legal obligations — to comply with an applicable law, regulation, legal process, or enforceable governmental request
  • Enforcement — to investigate violations of our Terms of Service
  • Safety — to prevent or address fraud, security, or technical issues, or to protect the rights, property, or safety of our users or the public
  • Business transfer — if we are involved in a merger, acquisition, or asset sale, your data may be transferred under the same protections

9. International transfers

We are based in the European Union (Estonia). Some of our service providers are located in the United States, Canada, or other countries. When we transfer personal data outside the EEA, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards.

10. Data retention

  • Hologram App relay data — encrypted message payloads are kept only until delivered or expired, typically a few days
  • Hologram Agentic Cloud agent state — retained for as long as your account is active; deleted permanently when you delete your account, except for the minimum legally mandated retention for invoicing
  • Authentication and security logs — retained for up to twelve months
  • Billing records — retained as required by Estonian accounting law (typically seven years)
  • Website analytics — anonymised and retained up to twenty-six months
  • Marketing consent records — retained until you withdraw consent

11. Security

We use industry-standard measures to protect your data: end-to-end encryption for messages, encryption at rest and in transit for Cloud, ciphered software enclaves for credentials, least-privilege access control, regular audits, and on-call incident response. No system is perfectly secure; you play a critical role by keeping your device, your passwords, and your recovery material safe.

12. Your rights

Under the EU General Data Protection Regulation and equivalent laws, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict or object to certain processing
  • Portability — receive your data in a commonly used, machine-readable format
  • Withdraw consent at any time, without affecting the lawfulness of prior processing
  • Lodge a complaint with your national data-protection authority (in Estonia, the Andmekaitse Inspektsioon)

For Hologram Agentic Cloud users, rights (i), (iii), and (v) are supported directly from your account settings ("Export my data" and "Delete my account"). For all other requests, contact us.

13. Children

Hologram is not intended for children under 17. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

14. Cookies

Our websites use a minimal set of cookies: strictly necessary cookies for session and security, and, with your consent, analytics cookies to measure usage. See our Cookie Policy for details, or manage your preferences through the cookie banner or your browser settings.

15. Changes to this policy

We may update this Privacy Policy as our services evolve or as the law changes. When we do, we will update the "Updated" date above and, for material changes, notify you through the App, Cloud dashboard, or by email. Your continued use of the services after an update constitutes acceptance of the revised policy.

16. Contact

  • Privacy questions and rights requests: contact us
  • Abuse, security, or IP reports: contact us
  • Postal: 2060 OÜ, Ahtri tn 12, 10151 Tallinn, Estonia

Effective as of Jan 14, 2024. Last updated April 23, 2026.