Privacy Policy
Effective date: [[EFFECTIVE_DATE]] Last updated: [[EFFECTIVE_DATE]]
This Privacy Policy explains how [[LEGAL_ENTITY_NAME]] (“Memini”, “we”, “us”) collects, uses, shares, and protects personal data when you use the Memini AI mobile application and related services (the “Service”). Memini is a personal-memory assistant: you save notes, voice, images, and documents, which we turn into searchable “memories” and let you query through an AI chat assistant.
0. Who we are & how to contact us
- Data controller: [[LEGAL_ENTITY_NAME]], [[REGISTERED_ADDRESS]], [[COUNTRY_OF_INCORPORATION]].
- Privacy contact: privacy@meminiai.com (or support@meminiai.com).
- EU/EEA representative (GDPR Art. 27): [[EU_REP_NAME_AND_ADDRESS]].
- UK representative (UK GDPR Art. 27): [[UK_REP_NAME_AND_ADDRESS]].
- Data Protection Officer: [[DPO_CONTACT]].
1. Scope
This policy applies to the Memini AI app on iOS and Android and our backend. It does not cover third-party services you connect (e.g. Google Calendar, Notion) or third-party app stores, which have their own policies.
2. Quick summary
| What we store | Your account info, the memories/notes/chat you create, voice recordings (converted to text), images you upload (for text extraction), and content you choose to import from connected services. |
| Why | To provide the memory + AI assistant features you ask for, run your subscription, secure the Service, and communicate with you. |
| AI processing | Your content is processed by us and by third-party AI providers to generate responses, transcribe voice, read text from images, and organize your memories. |
| We do not sell your data | We do not sell your personal data and do not use it for cross-context behavioral advertising. |
| Your control | You can access, export, correct, and delete your data, and delete your account at any time. |
| Sensitive content | You decide what to put in. Please avoid entering others’ data or highly sensitive details unless you intend to. |
3. Personal data we collect
You provide / we generate as you use the Service:
- Account data: email address, display name, password (stored only as a salted hash), and—if you sign in with Apple or Google—the identifier and email/name those services return. Country code.
- Your content (“memories”): notes, journals, and documents you create or upload; their derived text, summaries, and embeddings; and facts/patterns our background processing derives from them.
- Chat: the messages you exchange with the AI assistant.
- Voice: audio you record for voice capture, which we transcribe to text. See §4 and §13.
- Images & files: images you upload (we extract text via OCR) and files you import; stored media.
- Imported content (only if you connect an integration): events from your Google Calendar, pages from Notion, and similar. This can include information about other people (e.g. event attendees, collaborators). (Email import is not enabled in this version.)
- Subscription data: your plan/tier and subscription status and identifiers from the app stores / our payments processor. We do not receive or store your payment card number.
- Usage & device data: feature-usage events, last-active time, app/device push notification token, and IP address and request logs (used for security and rate-limiting).
Anonymous/preview use: if you use Memini before creating an account, we store your preview content on a device-scoped anonymous profile, which you can later convert to a full account.
4. How we use your data and our legal bases (GDPR/UK GDPR)
| Purpose | Data | Legal basis (Art. 6) |
|---|---|---|
| Provide the memory + AI assistant (store, search, transcribe, OCR, embed, generate answers) | Account, content, voice, images, chat | Performance of a contract (Art. 6(1)(b)) |
| Special-category content you enter (e.g. health, beliefs) processed by AI/sub-processors | Your content/voice | Explicit consent (Art. 9(2)(a)) — see §5 |
| Import content from services you connect | Integration data | Consent (Art. 6(1)(a)); imported third-party data: legitimate interests (Art. 6(1)(f)) |
| Run subscriptions and billing | Subscription data | Contract (Art. 6(1)(b)) |
| Secure the Service, prevent abuse, rate-limit | Usage, IP, logs | Legitimate interests (Art. 6(1)(f)) |
| Send service emails (verification, reset, security notices) | Contract / legitimate interests | |
| Push notifications you opt into | Push token | Consent (Art. 6(1)(a)) |
| Product analytics (if/when enabled) | Usage | Consent, opt-in, off by default |
US users: we process the above to provide and secure the Service you request; see §12 for your rights.
5. Sensitive / special-category data
Because Memini is a free-text and voice product, the content you save may contain special-category data under GDPR Art. 9 (e.g. health, religious or political beliefs, sexual orientation, ethnicity). Memini cannot pre-filter this content. Where you choose to enter such content, we process it— including transmitting it to our AI sub-processors—on the basis of your explicit consent, which we ask for in the app. You can withdraw consent by deleting the content or your account; withdrawal does not affect prior processing. Please avoid entering other people’s sensitive data without a lawful reason.
6. AI and automated processing
We use AI to generate chat responses, transcribe voice, extract text from images, organize your memories, and—through a background “memory processing” cycle—derive summaries, facts, and patterns from your content to improve recall. You are interacting with an AI system, which can produce inaccurate or incomplete output. We do not use this processing to make decisions that produce legal or similarly significant effects about you under GDPR Art. 22. We and our AI sub-processors do not use your content to train generalized/foundational AI models. See §7 for who processes your data.
7. How we share your data — sub-processors
We share personal data only with service providers (“sub-processors”) that process it on our instructions to run the Service, under contracts (DPAs) that require confidentiality, security, and no use of your data to train their own foundational models. Our current sub-processors are listed at meminiai.com/sub-processors. Categories include:
- AI / model providers (chat generation, speech-to-text, image text-extraction, embeddings) — via an AI gateway with provider routing restricted to vetted hosts;
- Cloud hosting and storage (application, databases, media object storage);
- Subscription management;
- Push notifications;
- Transactional email;
- Identity sign-in (Apple/Google) and services you connect (Google Calendar, Notion).
We may also disclose data to comply with law, enforce our terms, or protect rights and safety, and in a merger/acquisition (with notice). We do not sell your personal data and do not share it for cross-context behavioral advertising.
8. International data transfers
We and some sub-processors are located outside your country, including in the United States. Where we transfer personal data out of the EEA/UK/Switzerland, we rely on appropriate safeguards: the EU-US / UK / Swiss Data Privacy Framework where the recipient is certified, and/or the European Commission’s Standard Contractual Clauses (and the UK IDTA/Addendum) together with a transfer impact assessment. We route AI processing only through hosts in the United States or the EEA and do not route EEA/UK user content to providers in jurisdictions without an adequate safeguard. Contact us for a copy of the relevant safeguards.
9. Data retention
- Account & content: retained while your account is active.
- Account deletion: when you request deletion, we mark the account for deletion and permanently erase it after a 7-day grace period (you can cancel within that window). Erasure covers your memories, chats, vault data, uploaded media, integration credentials, and subscription records.
- Voice audio: raw audio is deleted promptly after transcription; we retain the transcript as a memory (which you can delete).
- Security logs / tokens: short-lived (e.g. reset codes ~10 minutes; refresh sessions ~30 days).
- Backups: residual copies in encrypted backups are overwritten on our standard backup cycle.
10. How we protect your data
- Encryption in transit (TLS) to all services.
- A dedicated, encrypted PII vault: structured identifiers we detect (e.g. emails, phone numbers, payment-card numbers, IBANs) are encrypted with AES-256-GCM using per-user keys that are derived on demand and never stored, so one user’s data cannot be decrypted with another’s key.
- Strict per-user data isolation at the database layer (row-level security).
- Hashed passwords, device-bound session tokens, and replay protection.
No method of transmission or storage is 100% secure, but we work to protect your data and will notify you and regulators of a breach where required (within 72 hours to the lead supervisory authority).
11. Your rights (EEA / UK / Switzerland)
You have the right to access, rectify, erase, restrict, and object to processing, to data portability, and to withdraw consent. To exercise them:
- In-app: Settings → Privacy (export your data; delete your account), or
- Web: meminiai.com/delete-account (request account deletion without signing in), or
- Email: privacy@meminiai.com.
We respond within one month. You may also lodge a complaint with your supervisory authority (and with our lead authority, [[LEAD_SUPERVISORY_AUTHORITY]]).
12. Your rights (United States — California and other states)
We do not sell your personal information and do not share it for cross-context behavioral advertising. Depending on your state (e.g. California, Colorado, Connecticut, Virginia, and others), you may have the right to: know/access, delete, correct, obtain a portable copy, and opt out of targeted advertising, sale, or certain profiling; and to not be discriminated against for exercising rights. Sensitive personal information (which can appear in your content/voice) is used only to provide the Service.
- Submit a request: in-app Settings, meminiai.com/delete-account, or privacy@meminiai.com; authorized agents may submit on your behalf with proof of authorization. We verify requests via your account.
- Global Privacy Control: we honor recognized opt-out preference signals (GPC) where required.
- Categories collected/disclosed: identifiers, account info, your content (which may include sensitive categories), commercial/subscription info, usage/internet activity, and approximate location inferred from IP — disclosed to the sub-processor categories in §7 for those purposes.
13. Consumer health data (Washington, Nevada, Connecticut)
If you enter or our features infer health-related information, that may be “consumer health data” under laws such as the Washington My Health My Data Act. We collect and process such data only to provide the Service you request and with your consent, do not sell it, and share it only with the sub-processors in §7 to deliver the Service. You can withdraw consent and delete this data as in §11.
Voice & biometrics: we send your voice recordings to a speech-to-text provider only to produce a transcript. We do not create, use, or store voiceprints or other biometric identifiers, and raw audio is deleted promptly after transcription. (Relevant to laws such as the Illinois BIPA.)
14. Children
Memini is not directed to children. You must be at least 16 years old (or the age of digital consent in your country, if higher) to use the Service. We do not knowingly collect data from children below that age; if you believe a child has provided us data, contact privacy@meminiai.com and we will delete it.
15. Cookies & local storage
The mobile app uses on-device storage to keep you signed in and remember preferences. We do not use advertising cookies. If we add product analytics in the future, it will be opt-in and controllable in Settings, and this policy will be updated first.
16. Changes to this policy
We will update this policy as the Service evolves and notify you of material changes in-app or by email before they take effect. The “Last updated” date shows the current version.
17. Contact
Questions or complaints: privacy@meminiai.com / support@meminiai.com. EU/UK residents may also contact our representatives in §0.