Data handling.
What data flows where, how it's classified, how long it's kept, and which third-party APIs touch it. Covers SOC2 P2 and GDPR Art.30 records of processing.
Version 1.0 · Effective: 2026-04-24 · Owner: Seamus Waldron
Overview
Hydrate captures Claude Code session transcripts, extracts facts using an LLM, stores those facts locally, and injects them back into future sessions. For Free and Pro tiers, all data stays on your machine. For Enterprise (SiteEngine AI), all data stays on the customer's infrastructure. Sedasoft does not receive or process session content from any tier.
Free and Pro tier: local-only data flow
Developer workstation
│
├── Claude Code (session transcript JSONL)
│ │
│ ↓ Stop hook (claude-capture)
├── hydrate-server (port 49849, localhost only)
│ │
│ ├── Transcript stored: ~/.hydrate/hydrate.db (AES-GCM encrypted)
│ │
│ ├── scrubber.Redact() - secrets stripped before any processing
│ │
│ ├── (Pro) Fact extraction → OpenAI API (gpt-4o-mini)
│ │ Data sent: session narrative (post-scrub)
│ │ Data received: extracted fact strings
│ │
│ ├── (Pro) Embedding → OpenAI API (text-embedding-3-small)
│ │ Data sent: session narrative text
│ │ Data received: 1536-float vector
│ │
│ └── Facts + vectors stored: ~/.hydrate/hydrate.db
│
│ ↑ UserPromptSubmit hook (claude-context)
└── Context injection → Claude Code additionalContext
All local reads from SQLite - no network call at inject time Third parties that touch user data (Free / Pro)
OpenAI
Pro only, for fact extraction (gpt-4o-mini) and embedding (text-embedding-3-small).
Governed by OpenAI's Data Processing Addendum. No training on API data.
Users provide their own API key (BYOK). Alternative: configure a local LLM endpoint to avoid any data leaving the machine.
Cloudflare
CDN for gethydrate.dev (static assets only). Licence key validation for Pro tier
Only the licence token is transmitted, no session content.
Enterprise tier: SiteEngine AI
Developer workstation │ │ (Enterprise: hooks point at siteengine_ai, not localhost) ↓ siteengine_ai API (customer infrastructure) │ ├── PostgreSQL RAG DB - embeddings, entities, RAPTOR summaries ├── PostgreSQL Conversation DB - sessions, facts, messages └── Dgraph - knowledge graph
Enterprise data stays entirely within the customer's own infrastructure. No session content transits Sedasoft servers. The siteengine_ai binary runs on customer-owned hardware. For on-premise deployments, the customer is both data controller and processor.
Third parties for Enterprise
OpenAI or Anthropic
Customer-configured LLM API for extraction and generation. The customer's own DPA applies. Sedasoft is not a party to this relationship.
Cloudflare
Documentation and licensing CDN only. No session content.
Data classification
| Data type | Classification | Location | Exits machine? |
|---|---|---|---|
| Session transcript (raw JSONL) | Restricted | ~/.hydrate/hydrate.db | No |
| Post-scrub narrative (text) | Restricted | Sent to OpenAI (Pro only, with DPA) | Yes (Pro only) |
| Extracted facts | Confidential | ~/.hydrate/hydrate.db | No |
| Embedding vectors | Internal | ~/.hydrate/hydrate.db | No (computed externally, stored locally) |
| Session summaries | Confidential | ~/.hydrate/hydrate.db | No |
| Licence key | Internal | ~/.hydrate/config.yaml, Cloudflare licensing | Yes (licence token only) |
| Usage / token counts | Internal | ~/.hydrate/hydrate.db | No |
Restricted Contains personal or sensitive developer data. Encrypted at rest. Minimum access.
Confidential Business-sensitive. Not shared externally without authorisation.
Internal Operational data. Shared internally as needed.
Retention
| Data type | Default retention | User control |
|---|---|---|
| Extracted facts | Ebbinghaus decay curve; facts weaken without reinforcement over ~180 days | hydrate facts forget <id> for individual facts; hydrate delete for all |
| Session transcripts | 90 days (configurable) | hydrate delete --sessions |
| Session summaries | 90 days (same as sessions) | Deleted with sessions |
| Embedding vectors | Lifetime of the associated fact or session | Deleted with parent record |
| Dashboard statistics | 30 days rolling | Cleared on delete |
| OpenAI API data (Pro) | Per OpenAI's Data Processing Addendum | Subject to OpenAI's retention controls |
GDPR Art.30 record of processing
Controller
Seamus Waldron / Sedasoft Ltd, United Kingdom
Processor (Pro)
OpenAI, Inc. (fact extraction and embedding). Sub-processors: Microsoft Azure, AWS (see openai.com/policies/sub-processors).
Purpose
AI memory augmentation for developer productivity tools
Legal basis
Contract (terms of service) / legitimate interest
Data subjects
Developers using Claude Code who have installed Hydrate
Personal data categories
Developer-generated session transcripts (may contain personal data incidentally; scrubber runs before storage)
Third-country transfers
US (OpenAI, Pro only), covered by Standard Contractual Clauses per OpenAI DPA
Retention
Facts: Ebbinghaus decay, full deletion on hydrate delete. Sessions: 90 days default, configurable.