Mortar logoMORTAR

Legal Center

Privacy Policy

Last Updated: February 21, 2026

1. Introduction

Mortar Systems, Inc. ("Mortar", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, CLI agents, and related services. We design our software to operate with "metadata-only" visibility where possible, ensuring that your core intellectual property remains private.

2. Data We Collect

Account Information

We collect identifiers such as name, email address, organization name, and billing details required to maintain your service account.

Metadata & Artifacts

Our agents process API specifications (OpenAPI, GraphQL, Protobuf), change IDs, and deployment telemetry. This data is used to calculate compatibility scores and enforce release policies.

Usage Data

We collect diagnostic data regarding CLI command execution, platform interactions, and system performance to improve our deterministic kernel.

3. How We Use Data

  • To provide and maintain the release authority layer.
  • To generate compatibility scores and audit logs.
  • To prevent breaking changes in distributed environments.
  • To comply with legal obligations and enforce our terms.
  • To develop and test new safety features and policy models.

4. Data Sovereignty & Choice

Mortar supports multiple deployment models. For Sovereign tier customers, processing occurs within your private infrastructure. In this model, Mortar Systems, Inc. has zero visibility into your specifications or metadata. For Hosted customers, data is isolated in customer-specific logical partitions.

5. Your Rights (GDPR/CCPA)

Depending on your location, you may have rights to access, correct, delete, or port your personal data. Mortar provides tools within the Organization Console to export audit logs and manage user data. For specific requests, contact our Data Protection Officer at privacy@mortar.systems.

6. Security

We implement administrative, technical, and physical safeguards designed to protect your data. This includes TLS 1.3 encryption for all transit and AES-256 for all stored artifacts.