Privacy Policy for MemoryPlugin
Effective date: August 31, 2025 • Last updated: August 31, 2025
Our Privacy Promise (TL;DR)
We know your content can be highly sensitive. We treat it with respect, aim to collect the minimum needed, and continually improve our protections. We do not sell your data. Ever.
- No data sales: We will never sell your personal data, under any circumstances.
- Your control: Background indexing is off by default and only activates if you turn it on. You choose what to store and can delete content any time.
- Security first: We use encryption in transit and at rest today, and we will adopt stronger protections as they become practical (for example, advanced privacy‑preserving techniques like homomorphic encryption if feasible).
- Respect by design: We design features to minimize data collection and restrict processing to what is necessary to provide the Service to you.
- Transparency: The sections below explain exactly what we collect, how we use it, and your rights.
Who We Are
Brand: MemoryPlugin. Company: Crestify Solutions Private Limited (India). Address: 19, Roshan Bungalow, Shirkay Layout, Raj Nagar, Nagpur, MH 440013. Contact: support@memoryplugin.com. This policy applies to the MemoryPlugin web app, APIs, browser extension(s), plugins/MCP, and related services (the "Services").
What We Collect
- Account data: name, email, authentication data (incl. OAuth such as Google), and settings/preferences. For purchases, we may receive billing details (e.g., billing name and address) from our payment partners.
- Payment data: Payments are processed by Creem and/or Gumroad. We do not store card numbers or CVV; providers handle payment credentials.
- Product content: user-submitted or user-enabled content ("Memories") and imports you explicitly enable from supported AI/chat tools (e.g., chat transcripts, titles, links, metadata). Content may include sensitive information only if you choose to include it.
- Background indexing (extension): when you turn ON the optional background indexing feature, the extension locally reads page content on supported AI/chat sites (currently claude.ai and chat.openai.com) to detect and capture chat content you interact with and sends it to our servers for storage and retrieval (RAG). The feature is OFF by default. You can pause, disable per site, or turn it off globally at any time. We do not index content without your permission and do not scrape unrelated sites.
- Device and network data: IP address, user agent, device/OS/browser information, and request metadata collected by our hosting and security infrastructure.
- Analytics and session replay: event analytics and session replay (with PII redaction) to improve product quality and support. These may associate events with a user ID or device ID.
- Error and performance telemetry: diagnostic data (e.g., stack traces) with PII scrubbing; events may be linked to a user ID for debugging.
- Cookies and similar technologies: used for authentication, preferences, analytics, and (if enabled) session replay.
How We Use Data
- Provide and improve the Services, including account management, authentication, RAG-based retrieval/search, and support.
- Process background indexing (if enabled by you) to store and index your chat content from supported sites for retrieval and features you request.
- AI processing with third-party providers to deliver features you request. We do not allow providers to use your data to train their models beyond providing the service.
- Ensure safety and security, detect/prevent fraud or abuse, and diagnose issues.
- Send transactional communications. Marketing/product updates are sent per your consent settings and applicable law.
- Comply with legal obligations and enforce our terms.
Legal Bases (EU/UK)
- Contract: to provide the Services you request (account, core features, RAG indexing you enable, support).
- Legitimate interests: product improvement, diagnostics, security/fraud prevention, and high-level analytics/session replay with PII redaction, balanced against your rights. You can opt out of non‑essential analytics as described below.
- Consent: marketing communications; non‑essential cookies/analytics/session replay for EU/UK users (disabled until consent); background indexing in the extension (explicit opt‑in).
- Legal obligation: tax/accounting and responding to lawful requests.
Cookies and Consent
In the EU/UK, we request consent before enabling non‑essential analytics and session replay. Until you consent, these remain disabled. Elsewhere, we use cookies for authentication and may use analytics and session replay to improve the Service. You can change preferences in product settings or via your browser.
Global Privacy Control (GPC) and Do Not Track: where technically feasible, we treat a valid GPC signal as an opt‑out of non‑essential analytics and advertising‑related tracking for that browser. We do not respond to legacy Do Not Track signals.
AI Processing and Background Indexing
We use AI providers including OpenAI, xAI (Grok), Google (Gemini), DeepInfra, and Voyage AI (primarily US regions) to process your content solely to provide features you request (e.g., summarization, retrieval, transformations). We do not sell your data and do not use it to train our own models beyond delivering the Services. For retrieval (RAG), we create indexes of your content to enable personalization for you. Background indexing presently supports claude.ai and chat.openai.com. You may disable background indexing at any time. When you delete content, it is removed from active indexes; it may persist in encrypted backups until rotation.
Data Sharing and Sub‑processors
We do not sell your personal information. We disclose data to service providers that help us operate the Services, under contractual confidentiality and security obligations:
- Hosting & infrastructure: Vercel (hosting/CDN/logs), Supabase (database/auth/storage), Zilliz/Milvus (vector database).
- Error monitoring: Sentry Cloud (PII scrubbing enabled).
- Analytics & session replay: PostHog Cloud and Microsoft Clarity (PII redaction enabled; may associate events with user/device IDs).
- Email & communications: Resend (transactional email), Loops.so (product updates/marketing), Crisp (support chat).
- Payments: Creem and/or Gumroad for checkout and billing. We do not store payment card details.
- Feedback/roadmap: Featurebase (feedback, changelog, roadmap; users may authenticate).
- AI providers: OpenAI, xAI Grok, Google Gemini, DeepInfra, Voyage AI (process user content to provide requested features).
We may also disclose information to comply with law, protect rights and safety, or in connection with a merger/acquisition.
International Transfers
We operate primarily in the United States and use US‑based vendors. For EU/UK users, we rely on Standard Contractual Clauses (SCCs) for transfers to third countries and, where applicable, vendor participation in the EU‑US Data Privacy Framework. See each vendor’s notice for details.
Security
We use encryption in transit and at rest, access controls (including 2FA availability), and logging of administrative access. While no system is perfectly secure, we work to protect your information. If we become aware of a data incident affecting your personal data, we will notify regulators within 72 hours where required and affected users without undue delay.
Retention and Deletion
- Product content: retained until you delete it or your account is closed. Deletions remove data from primaries promptly; it may remain in encrypted backups until overwritten during normal rotation (typically ≤30 days).
- Logs: infrastructure logs (e.g., IP, user agent) are retained by our hosting provider for approximately 30 days.
- Accounts: you can delete most content yourself; to delete your account, contact support. We aim to complete deletion/closure within 30 days.
- Legal/financial records: retained as required by law.
Your Rights
Depending on your location, you may have rights to access, correct, delete, port, or restrict/oppose certain processing, and to withdraw consent. To exercise rights, contact us at support@memoryplugin.com. We may verify your identity via login or email verification. We respond within 30 days for EU/UK (extendable where permitted) and 45 days for California (extendable where permitted).
Children’s Privacy
The Services are not for individuals under 18, and we do not knowingly collect personal data from minors. If we learn that a minor has provided personal data, we will delete it.
Law Enforcement and Legal Requests
We require valid legal process (e.g., subpoena, court order) to disclose user data. We limit our response to the scope of the request and, unless legally prohibited, will notify affected users before disclosure to provide an opportunity to contest the request.
Changes to This Policy
We may update this policy from time to time. Material changes will be reflected by updating the Last updated date on this page. Continued use of the Services after changes indicates your acceptance of the updated policy.
Contact
Crestify Solutions Private Limited
Address: 19, Roshan Bungalow, Shirkay Layout, Raj Nagar, Nagpur, MH 440013
Email: support@memoryplugin.com