Privacy Policy

Effective Date: December 10, 2025
Last Updated: January 28, 2026

At MemoraSync, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use:

• Our website (www.memorasync.com)
• Our iOS and Android mobile apps
• Our APIs and integrations

(collectively, the "Service").

The Service is operated by MemoraSync, a sole proprietorship owned by Sudhir Kurup and based in Collierville, Tennessee, USA ("MemoraSync," "we," "us," or "our").

By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following categories of information:

1.1 Account Information

• Name – Collected during registration and stored in your user account. Used for account management, personalization, and service delivery. We do not use your name for advertising or tracking.
• Email Address – Used as your primary account identifier and for communication (verification emails, security notices, service updates). If you enable Multi-Factor Authentication (MFA), we will send verification codes to your email address to enhance account security. We do not use your email for advertising or tracking.
• Login Credentials – Passwords and authentication credentials are stored securely using industry-standard methods.
• Multi-Factor Authentication (MFA) – If you enable MFA, we will send 6-digit verification codes to your registered email address when you log in. These codes expire after 10 minutes. You may choose to trust your device for 30 days to skip MFA verification on trusted devices. Trusted devices are automatically revoked if you change your password or email address for security purposes.

We do not collect your phone number, physical mailing address, or social media handles for normal account usage.

1.2 Diary & Journal Content

• Diary Entries & Notes – Text, reflections, and other content you write.
• Goals & Habits – Names, descriptions, schedules, completion logs, and related metadata.
• Reminders – Reminder text, scheduled date/time, timezone, and status (Premium feature). Reminders are stored securely and can optionally be synced to your iOS calendar if you choose to enable this feature on mobile.
• Attachments (if supported) – Such as images or files you attach to entries.

These are encrypted using AES-256-GCM before storage and are only used to provide the Service (e.g., render entries, enable search, and generate summaries).

1.2.1 Clipped and Reference Content

MemoraSync offers a "Clip to MemoraSync" feature that allows you to save content from emails, notes, browser, or other sources for personal reference.

User-Initiated Only: Clipped or reference content is stored only when you explicitly choose to save it through the application or its extensions. MemoraSync does not automatically ingest, monitor, or access third-party services.

Stored Verbatim: Clipped content is stored exactly as you provide it, without review, modification, validation, or redaction by MemoraSync. We do not evaluate, summarize, or interpret the content you choose to clip.

May Include Sensitive or Third-Party Data: Clipped content may contain personal, financial, medical, copyrighted, or confidential information from third-party sources. MemoraSync does not determine the nature, sensitivity, or legality of such content. You are solely responsible for ensuring you have the right to store such content for personal use.

Search & AI Processing: Clipped content may be processed by automated systems, including semantic indexing and AI-powered search, solely to enable retrieval and recall for your personal use. This processing occurs within your private account environment and does not result in public disclosure.

No Verification or Responsibility: MemoraSync does not verify the accuracy, legality, ownership, or appropriateness of clipped content and is not responsible for any consequences arising from its storage or use. Content originating from third-party sources remains subject to the terms and policies of those sources.

1.3 Device / Event / Calendar Data

If you choose to connect external devices or calendars, we may collect:

• Device/Event Data from connected devices (e.g., smartwatch, EV, speaker, smart ring, scale, etc.), such as steps, workouts, or usage events, where supported.
• Calendar Data, such as event titles, start/end times, and metadata from linked calendars (e.g., Google, Outlook, Apple). This data is used to build your personal memory timeline and provide context. Calendar data can be integrated from both web-based calendar providers and directly from your mobile device's calendar app (if you have a MemoraSync Plus subscription or higher). You can always integrate all calendars from the web interface regardless of your subscription tier.

You control whether these integrations are connected or revoked.

1.4 Location Data

When you create diary entries or when explicitly allowed by you, we may collect:

• GPS coordinates (latitude/longitude)
• Location accuracy and timestamp
• IP-based location information

Location data is used to provide contextual information for your entries (e.g., where an event happened). Location data can be disabled in your device's settings. We do not use location data for advertising or tracking.

1.5 Mobile App Data (iOS/Android)

When using our mobile apps, we may collect:

• Device Information – Device model, operating system version, app version
• Device Identifiers – Unique app-specific identifiers (e.g., an app-generated UUID) for authentication and device management
• User ID – Your account ID used to associate your device and app data with your account
• Usage Analytics – Aggregated and anonymized data about feature usage and app performance to improve the Service
• Crash & Diagnostic Logs – Used to improve app stability; typically anonymized and not used for advertising or tracking

1.6 Technical & Log Data

We may collect:

• IP address
• Browser type and settings
• Referring/exit pages
• Page views and clickstream data
• Timestamps and request logs

IP addresses may be linked to your account for security, fraud prevention, and troubleshooting.

2. Mobile App Permissions

Our mobile applications may request the following permissions:

• Location – To attach location context to your entries (optional; can be disabled).
• Calendar – To integrate calendar events from your device's calendar app into your memory timeline (optional; requires MemoraSync Plus subscription or higher; can be disabled in settings). On iOS, if you enable the optional reminder-to-calendar feature (Premium), we may also write reminder events to your iOS calendar. You control this feature and can disable it at any time.
• Network Access – To sync data with our servers and enable secure backups.
• Notifications – To send diary reminders, habit prompts, or account alerts (optional; can be disabled in settings).

Permissions are requested only when needed and may be revoked at any time in your device settings. Revoking permissions may limit some features but does not prevent core diary usage.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service (diary, goals, habits, search, recall, integrations)
• Encrypt, store, and sync your data across devices
• Generate summaries, insights, and memory recall suggestions (including AI-based features)
• Improve performance, reliability, and usability of the Service
• Monitor and enhance security and prevent fraud
• Communicate with you about your account, updates, and important changes
• Comply with legal obligations

We do not sell your personal information to advertisers, data brokers, or ad networks. We do not use your data for targeted advertising or cross-app tracking.

3.1 Derived Insights

We may process your entries and connected device data to generate optional summaries, reflections, or insights for your personal use within the Service. These insights are derived from your data and are not shared with third parties.

You may choose whether to enable or view such insights, and they can be disabled at any time.

3.2 Semantic Processing & Personal Data Handling

MemoraSync may process user-provided content using automated systems to enable features such as semantic search and memory recall. These systems are designed to distinguish between sensitive personal identifiers and general contextual information. Personally identifiable information is protected using additional safeguards and is not exposed or reused outside the user's private memory environment.

3.3 Automated Summaries & Insights

MemoraSync may use AI-powered systems to automatically generate summaries, insights, and reflections from your diary entries, goals, habits, and connected device data. These automated summaries are created for your personal use and reflection only. They are not medical, psychological, legal, financial, or professional advice.

You control whether these automated summaries are generated or displayed, and you may disable them at any time through your account settings. Automated summaries may be inaccurate, incomplete, or outdated, and you should not rely on them for critical decisions or professional advice.

3.4 Voice & Audio Features

MemoraSync offers optional voice-based features, including speech-to-text transcription and automated voice responses.

When you use these features, audio input may be processed by trusted third-party service providers (such as OpenAI) solely to provide transcription or voice responses.

Audio data is used only to deliver the requested functionality and in accordance with this Privacy Policy. MemoraSync does not use your audio input to train its own models.

4. Legal Basis for Processing (GDPR / CCPA)

Where applicable (e.g., EU/EEA residents, California residents), we process personal data based on:

• Your consent, such as when you sign up, connect devices, or enable certain features
• Performance of a contract, to provide the Service you requested
• Legitimate interests, such as improving security and user experience
• Legal obligations, when necessary to comply with law or enforce our agreements

5. Third-Party Service Providers & Integrations

We may use third-party service providers to process data on our behalf in order to provide certain features of the Service.

We may share limited data with trusted third parties that help us operate the Service, such as:

• Cloud hosting and infrastructure providers
• Email delivery services
• Analytics and performance monitoring tools
• Payment processors (for web-based subscriptions)
• AI and machine learning service providers (e.g., OpenAI) for features such as text-to-speech, AI chat responses, and automated summaries
• Calendar providers and device vendors that you connect (e.g., Google, Apple, smartwatch providers, EV platforms)

These third parties are bound by confidentiality or data processing agreements and may only use data to perform services on our behalf or to provide their own service to you when you explicitly authorize the integration.

iOS Calendar Integration (Reminders Feature): If you are a Premium user and choose to enable the optional reminder-to-calendar feature on iOS, MemoraSync may create calendar events in your iOS calendar app based on reminders you set in the app. This integration is optional and can be disabled at any time in your device settings or within the app. Calendar events created by MemoraSync are stored locally on your device and managed by Apple's Calendar app. We do not access, read, or modify other calendar events beyond those created by MemoraSync.

We are not responsible for the privacy practices of third-party services you choose to connect. You should review their privacy policies for more information.

6. Data Retention & Deletion

We retain your personal data only as long as necessary to:

• Provide the Service and maintain your account
• Fulfill legal, accounting, or reporting requirements
• Resolve disputes and enforce our agreements

Account Deletion

When you delete your MemoraSync account, your data is immediately removed from active systems and becomes inaccessible to you. Your account is permanently deactivated, integrations are disconnected, and all data is marked for deletion.

30-Day Retention Window

For safety, fraud prevention, and accidental deletion recovery, we retain encrypted copies of your data for up to 30 days after your deletion request. During this period, your data is not visible, not processed, and not accessible to anyone. If you change your mind within this window, you may contact support to request account recovery.

90-Day Backup Purge

Encrypted system backups may still contain fragments of your data. These backups are automatically overwritten and purged within 90 days. After this period, no copies of your data remain in any form.

Premium Feature Data Retention (Grace Period)

If you have an active premium subscription that expires or is cancelled, we may retain premium feature data (such as calendar events, semantic search embeddings, smart device data, AI interactions, reminders, and related premium content) for up to 31 days after the end of your billing period as a courtesy. This grace period allows you to resubscribe without losing your premium data. After this period, premium feature data will be automatically deleted. This retention is provided as a courtesy and may be modified or discontinued at any time.

Note on iOS Calendar Events: If you enabled the reminder-to-calendar feature and calendar events were created in your iOS calendar, those events will remain in your iOS calendar even after your Premium subscription expires or is cancelled. You can manually delete these events from your iOS calendar at any time.

Irreversible Deletion

When the retention and backup windows expire, your data is permanently and irreversibly deleted from all systems. Once premium data has been permanently deleted, it cannot be recovered.

Analytics and History

After account deletion, we may retain anonymized or aggregated information that does not identify you personally (for example, counts of entries or general usage statistics) in order to understand and improve how people use MemoraSync. This information cannot be linked back to you.

Fraud and Abuse Prevention

In certain cases, such as fraud, abuse, security concerns, or legal disputes, we may retain limited information (such as a hashed identifier of your email address) during registration or after account deletion when necessary to prevent misuse of the Service, enforce our Terms, or comply with legal obligations. This information is stored securely, is access-restricted, and is not used for marketing or analytics.

You may contact us at support@memorasync.com if you have questions about this deletion process.

7. International Transfers

If you access the Service from outside the United States, your data may be transferred to and processed on servers located in the United States or other countries. We take steps to ensure appropriate safeguards are in place in accordance with applicable laws.

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data ("right to be forgotten")
• Request data portability
• Restrict or object to certain processing
• Opt out of non-essential cookies or analytics (where applicable)

To exercise these rights, contact us at support@memorasync.com with the subject line: "Data Privacy Request."

We may need to verify your identity before fulfilling your request.

9. Children's Privacy

Our Service is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children in these age groups.

If we learn that we have collected personal information from a child in violation of this Policy, we will delete that information promptly. If you believe this has occurred, please contact us immediately.

10. Apple App Store Privacy (iOS)

For users of our iOS app:

• This Privacy Policy is accessible without login or account creation.
• We disclose data collection categories in the App Store's "App Privacy" section.
• Location data is collected only when you create entries (if enabled) and is used solely to provide context for those entries.
• We do not track users across apps and websites owned by other companies.
• You may request deletion of your account and associated data at any time by contacting support@memorasync.com.

11. Data Protection & Security

We use a combination of technical and organizational measures to protect your data, including:

• AES-256-GCM encryption for diary content before storage
• HTTPS encryption for data in transit
• Access controls and authentication mechanisms
• Limited access to production systems
• Regular monitoring and security updates

However, no system can be 100% secure. You use the Service at your own risk, and you are responsible for maintaining the security of your devices and login credentials.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Effective Date" at the top of this page
• Post the revised Policy on our website

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact:

MemoraSync
Email: support@memorasync.com
Website: www.memorasync.com
Location: Collierville, Tennessee, USA