Legal

Privacy Policy

Last updated: March 2026

1. Introduction

m3mory Inc. ("m3mory", "we", "us") respects your privacy. This policy explains what data we collect, how we use it, and your rights. We are a US corporation incorporated in Delaware.

2. Your Memories Are Private

This is our core commitment to you:

  • We never use your data to train AI models. Your memories, entities, conversations, and extracted knowledge are yours alone. They are never used to train, fine-tune, or improve any AI model, whether ours or anyone else's.
  • We never sell your data. Your data is never sold, licensed, rented, or shared with third parties for their commercial benefit. Full stop.
  • We never look at your data. All processing is fully automated. No human reviews, reads, or moderates your memory content. The only exception is if you explicitly request support assistance, or we are compelled by a valid court order under applicable law.
  • We make no judgments about your content. We do not monitor, moderate, filter, or make any decisions about your account based on the content of your memories. We are infrastructure, not a platform.
  • Your data is completely isolated. Every customer's data is isolated at the database level using row-level security. No customer can ever access another customer's memories. No shared indexes, no shared embeddings, no leakage.

3. Data We Collect

3.1 Account Data

  • Email address (for authentication and communication)
  • Name (if provided via OAuth)
  • OAuth provider identifiers (Google or GitHub user ID)
  • Billing information (processed by Stripe, we do not store card details)

3.2 API Data

Through the API, we process:

  • Conversation messages: Processed to extract memories and entities. Raw messages are processed in memory and are not stored.
  • Extracted memories: Facts, preferences, events, and relationships derived from conversations.
  • Entity data: Names, locations, organisations, and relationships identified in conversations.
  • Embeddings: Vector representations of memories for similarity search.

3.3 Usage Data

  • API call counts and timestamps
  • Token consumption per request
  • Error rates and response times
  • These are used for billing, monitoring, and service improvement (not model training)

4. How We Use Data

  • To provide the memory extraction and retrieval service
  • To authenticate you and secure your account
  • To bill your account accurately
  • To monitor and maintain service health and uptime
  • To communicate with you about your account, billing, and service updates

We do not use your stored memories to improve our retrieval engine, train models, build benchmarks, or for any purpose other than serving them back to you.

5. Third-Party Processors

We use the following third-party services to provide the Service:

  • OpenAI: Embedding generation and LLM inference for knowledge extraction. Data is sent via their API and is subject to OpenAI's enterprise data use policy (not used for training).
  • AWS: Infrastructure hosting in US and EU regions. SOC 2 certified.
  • Stripe: Payment processing. PCI DSS compliant. We never see or store your card details.
  • Google Cloud: Additional infrastructure provider. SOC 2 certified.

All third-party processors are bound by data processing agreements. Your data is only shared with them as strictly necessary to provide the Service.

6. Data Retention

  • Memories and entities: Retained for the duration of your subscription.
  • Account data: Retained until you delete your account.
  • Usage logs: Retained for 90 days for billing and debugging.
  • On deletion: All stored data is removed from live systems within 30 days of account deletion or data deletion request. This includes memories, entities, embeddings, and all derived data. Residual copies in encrypted backups are overwritten through standard rotation and are not individually accessible.

7. Your Rights

You have the right to:

  • Access: View and export your stored data at any time via the API or dashboard.
  • Delete: Delete specific memories, entities, or your entire account.
  • Export: Download your data in JSON format.
  • Rectify: Update or correct stored memories via the API.
  • Object: Object to processing by cancelling your subscription.
  • Portability: Receive your data in a structured, machine-readable format.

For GDPR, CCPA, or other data subject requests, email privacy@m3mory.ai. We will respond within 30 days.

8. Security

  • All data encrypted in transit (TLS 1.3) and at rest
  • API keys hashed using SHA-256 (we cannot see your full key after creation)
  • Row-level security at the database level for complete tenant isolation
  • Infrastructure hardened with firewalls, intrusion detection, and key-only SSH access
  • All infrastructure hosted on SOC 2 certified providers

9. Disclosure and Law Enforcement

We will not voluntarily disclose your data to any third party. We will only disclose data when compelled by a valid court order or legal process under applicable law, and only the minimum data required to comply. Where legally permitted, we will notify you before any disclosure. We comply with all mandatory reporting obligations under applicable law.

10. International Data Transfers

Data is processed in the United States and the European Union. Where data is transferred between regions, we ensure appropriate safeguards are in place in accordance with GDPR requirements, including standard contractual clauses where applicable.

11. Cookies

This website uses no tracking cookies and no analytics. We use localStorage for theme preference and currency display only. The dashboard uses session cookies for authentication. The API does not use cookies.

12. Children's Privacy

The Service is not intended for use by individuals under 18. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we will delete it.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or through the dashboard with at least 30 days' notice. The "last updated" date at the top of this page reflects the most recent revision.

14. Contact

Data Controller: m3mory Inc., USA.
Privacy enquiries: privacy@m3mory.ai
General enquiries: brian@m3mory.ai