Memoris1. Controller
For data protection purposes, the controller is the Memoris operator identified in our Terms of Service.
2. Our privacy position
Memoris is not an advertising business. We do not sell or rent personal data. We do not use conversation data for advertising. We do not use third-party advertising cookies or data-broker tracking.
Primary product data is stored in European cloud infrastructure. Private conversations are linked to your account and are processed only as described in this policy.
3. What we process
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Account and authentication data: user id, verified email, display name where available, Firebase identifiers, account lifecycle data | Sign-in, account continuity, security, support | Contract; legitimate interests in security | While the account is active, then limited records as needed for security, disputes, or legal obligations |
| Conversation text: messages, generated replies, summaries, timestamps, presence identifiers | Provide private conversation history, context, continuity, safety, and abuse prevention | Contract; legitimate interests in safety and service integrity | While the account is active, unless deletion is requested or retention is required for legal or security reasons |
| Voice input transcript | Convert optional user voice input into text and send it as a conversation message | Contract | Stored as conversation text; the user audio itself is deleted after transcription |
| User voice audio input | Transcribe voice input | Contract | Deleted after transcription; Memoris does not keep user audio input |
| Generated presence audio and media references | Provide generated voice replies, story audio, suggested-question audio, images, and public presence media | Contract for private features; legitimate interests for public presence delivery | Stored or cached while needed to provide the feature and manage cost/reliability |
| Suggested-question cache | Generate and cache public presence answers and audio by presence, question, and locale | Legitimate interests in reliability, cost control, and public feature delivery | Until the source presence changes or the cache is no longer needed |
| Payment and subscription data | Start Stripe Checkout, reconcile subscription status, manage billing access, prevent fraud and chargebacks | Contract; legal obligations; legitimate interests | Kept for the periods required for accounting, tax, payment disputes, and fraud prevention |
| Analytics and product usage data | Understand reliability and usage patterns without advertising profiling | Legitimate interests in operating and improving the service | Kept only as long as needed for product and reliability analysis |
| Logs, security, and error data: IP address, request metadata, device/browser signals, errors, security events | Reliability, debugging, abuse prevention, incident response, legal compliance | Legitimate interests; legal obligations where applicable | Kept for limited operational periods unless needed for security, disputes, or legal obligations |
| Support and privacy requests | Respond to requests and keep an audit trail of rights handling | Legal obligations; legitimate interests | As long as needed to handle the request and show compliance |
4. AI processing and voice features
To generate replies, summaries, suggested-question responses, and audio, relevant prompts, messages, presence context, generated outputs, and voice prompts may be processed by AI, transcription, and text-to-speech providers.
If you use voice input, your audio is sent for transcription and deleted after transcription. The transcript becomes part of your conversation history like a typed message. Generated presence audio, including voice replies and suggested-question audio, may be stored or cached as audio URLs so the feature can be replayed without regenerating it.
AI systems can generate inaccurate, fictional, or synthetic content. We may process prompts, replies, and safety signals to detect abuse, enforce our terms, protect users, and maintain the service.
5. Service providers
We share limited data with service providers only where necessary to operate Memoris. These include providers for European cloud hosting, AI generation, transcription, text-to-speech, authentication, payment processing, security, email or support, error reporting, and privacy-friendly analytics.
Current key providers include Firebase for authentication, Stripe for payments, Cloudflare infrastructure and workers for AI-related processing, Umami for analytics, and Sentry/Bugsink-compatible error reporting. These providers process data for the services they provide and are not permitted to use Memoris data for advertising on our behalf.
We may also disclose data where required by applicable law, court order, or regulatory authority, or where reasonably necessary to protect users, the platform, or third parties.
6. International transfers
Memoris is operated from Europe and stores primary product data in European cloud infrastructure. Some providers may process limited data outside the European Economic Area, the United Kingdom, or Switzerland when necessary for AI generation, transcription, payment, authentication, security, analytics, or support.
Where such transfers occur, we use appropriate safeguards required by applicable law, such as standard contractual clauses or other recognized safeguards.
7. Cookies and local storage
Memoris uses Firebase authentication storage, email-link local storage, a locale preference cookie, privacy-friendly analytics, and error reporting needed to operate and secure the service. See our Cookie Policy for details.
8. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, object to, restrict, or request deletion of personal data we hold about you. To exercise these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law.
We may retain limited data where necessary for security, fraud prevention, payment reconciliation, accounting, legal compliance, dispute handling, or the defense of legal claims.
If you are located in the European Economic Area, you also have the right to lodge a complaint with your national data protection authority. In Belgium, the supervisory authority is the Data Protection Authority / Autorite de protection des donnees / Gegevensbeschermingsautoriteit.
9. Security
We implement technical and organizational measures appropriate to the risks involved, including Firebase authentication, HTTPS transport, abuse monitoring, access limitation, and data minimization. No system is entirely secure, but we design Memoris to reduce unnecessary exposure and keep private account content private.
10. Changes
We may update this policy from time to time. Material changes will be published on the site before they take effect.
11. Contact
For privacy-related requests and questions, use the address below.