Privacy Policy
Last updated: February 27, 2026
1. Information We Collect
Account Information
When you create an account, we collect your email address and a hashed password. You may optionally provide your name, age range, and goal preferences.
Conversation Data
We store your chat messages, extracted memories, conversation summaries, and AI-generated responses to provide the persistent memory experience.
Life OS Data
Habit trackers, journal entries, notes, lists, and voice memo transcriptions are stored to power your Life OS dashboard and enable AI tool calling.
Usage Data
We track daily credit usage, feature interactions, and basic analytics to improve the Service. We use PostHog for product analytics.
Payment Information
Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status but never your card details.
2. How We Use Your Data
- To provide and personalise the Service (AI memory, identity evolution, heartbeat messages)
- To process payments and manage subscriptions
- To improve the Service through aggregate, anonymised analytics
- To send you product-related communications (weekly reviews, heartbeat notifications)
- To comply with legal obligations
3. What We Do NOT Do
- We do not sell your personal data to third parties
- We do not use your conversations to train AI models
- We do not share your content with other users
- We do not serve advertisements
4. Third-Party Processors
| Provider | Purpose | Data Shared |
|---|---|---|
| Groq | AI inference (LLM and speech-to-text) | Message content sent for processing (not stored by Groq) |
| Supabase | Database and file storage | All application data (encrypted at rest) |
| Stripe | Payment processing | Email, subscription details |
| Vercel | Application hosting | Request logs, performance metrics |
| PostHog | Product analytics | Anonymised usage events |
| Replicate | Avatar image generation | Text description for image generation |
5. Data Retention
Conversation messages are archived after 90 days. Memories and summaries are retained for the lifetime of your account. You can export or delete all your data at any time. See our Data Retention Policy for details.
6. Your Rights
You have the right to:
- Access — Download a copy of all your data
- Rectification — Update or correct your data
- Erasure — Delete your account and all associated data
- Portability — Export your data in a machine-readable format (JSON)
- Objection — Opt out of non-essential data processing
To exercise any of these rights, visit your account settings or email privacy@memopal.com.
7. Cookies
We use essential cookies for authentication (HTTP-only session cookies). We use PostHog for analytics, which may set cookies. You can manage cookie preferences via the cookie consent banner.
8. Security
All data is encrypted in transit (TLS) and at rest. Passwords are hashed using bcrypt. Authentication uses HTTP-only cookies with JWT tokens. We follow security best practices but cannot guarantee absolute security.
9. Children's Privacy
MemoPal is not intended for children under 13. We do not knowingly collect data from children under 13. If we discover such data, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification.
11. Contact
For privacy-related inquiries, contact us at privacy@memopal.com.