Privacy Policy

Last updated: November 2, 2025

1. Introduction

Welcome to Memoria ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Memoria, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password
  • User Context: Professional role, industries, goals, communication preferences, expertise areas, learning topics, languages, interests, and special needs
  • Project Information: Project names, descriptions, tech stacks, goals, key people, links, and context notes
  • Chat Data: Messages you send to AI models and the responses you receive

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, interactions
  • Device Information: Browser type, operating system, IP address
  • API Usage: AI model used, token counts, timestamps

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Memoria service
  • Personalize AI responses based on your context
  • Manage your account and authentication
  • Process and route your messages to AI providers (OpenAI, Anthropic, Google)
  • Improve our service and develop new features
  • Monitor usage and prevent abuse
  • Communicate with you about service updates
  • Comply with legal obligations

4. Data Sharing and Third Parties

4.1 AI Service Providers

We share your context and chat messages with third-party AI providers to deliver our service:

  • OpenAI: For GPT-5o responses
  • Anthropic: For Claude Sonnet 4.5 responses
  • Google: For Gemini 2.5 Flash responses

Each provider has their own privacy policy and data handling practices. Your data sent to these providers is subject to their respective terms.

4.2 Other Third Parties

We may share data with:

  • Hosting Providers: Vercel (hosting), Supabase (database)
  • Authentication: Google (for OAuth login)
  • Legal Requirements: When required by law or to protect our rights

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Passwords are hashed using bcrypt
  • Data is encrypted in transit (HTTPS/TLS)
  • Database is encrypted at rest
  • Access controls and authentication required for all operations
  • Regular security updates and monitoring

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal compliance.

Archived projects are retained until you permanently delete them or close your account.

7. Your Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), you have the following data protection rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limited processing of your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing of your data
  • Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us using the information in Section 11.

8. Cookies and Tracking

We use essential cookies for authentication and session management. These are required for the service to function.

We do not use third-party advertising or tracking cookies.

9. Children's Privacy

Memoria is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

12. Legal Basis for Processing (GDPR)

We process your data based on:

  • Consent: When you create an account and provide your context
  • Contract: To provide the services you requested
  • Legitimate Interest: To improve our service and prevent fraud
  • Legal Obligation: To comply with applicable laws
← Back to Home