Privacy Policy
Understand how Memory Chat secures, utilizes, and protects your personal data. We are committed to absolute transparency and your privacy rights.
Last updated:
This privacy policy outlines how Memory Chat ("we", "us", or "our") systematically collects, processes, and safeguards your personal data when you use memorychat.app (the "Website"). We advise reviewing this policy regularly for any updates.
1. Data Controller Information
MemoryChat is the data controller responsible for your personal information.
- Website: https://memorychat.app
- Contact Email: privacy@memorychat.app
2. What Data We Collect
2.1 Information You Provide Directly
When you interact with our Website, you may provide us with the following information:
| Type | Purpose |
|---|---|
| Email address | When joining our waitlist |
| Name | Optional, when signing up |
| Platform preference | Android, Windows, or both |
| Feedback and suggestions | Through our feedback widget |
| Chat conversations | When using Gleap support |
2.2 Information Collected Automatically
We automatically collect certain information when you visit our Website:
| Type | Purpose |
|---|---|
| Device information | Browser type, operating system |
| IP address | For rate limiting and geolocation |
| Page views and clicks | To understand site usage |
| Scroll depth | 25%, 50%, 75%, 100% tracking |
| Session recordings | With input fields masked for privacy |
| JavaScript errors | To improve site stability |
2.3 Information from Third Parties
For business visitors, we may receive additional information:
| Type | Purpose |
|---|---|
| Company identification | For B2B visitors via RB2B |
| Firmographic data | Company name, industry, size |
3. How We Collect Data
Forms and Direct Input
Information you voluntarily submit through forms, such as the waitlist signup or Gleap widget.
Automatic Collection
Data collected through analytics tools and tracking scripts when you browse the Website.
Browser Storage
We use localStorage and sessionStorage for preferences and functionality.
4. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Analytics & performance monitoring | Legitimate Interest (Art. 6(1)(f)) |
| B2B visitor identification | Legitimate Interest (Art. 6(1)(f)) |
| Waitlist signup & email communication | Consent (Art. 6(1)(a)) |
| Customer support via chat | Contract performance (Art. 6(1)(b)) |
| Security & fraud prevention | Legitimate Interest (Art. 6(1)(f)) |
5. Third-Party Services
We use the following third-party services to operate our Website. Each service has its own privacy policy:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| PostHog | Product analytics and session recording | Page views, clicks, sessions | US |
| Brevo | Email marketing and waitlist | Email, name, platform preference | EU (France) |
| RB2B | B2B visitor identification | IP address, browser fingerprint | US |
| Gleap | Support chat, feedback collection, roadmap, and updates | Chat messages, feedback text, ratings, and visitor info | EU |
| ipapi.co | IP geolocation | IP address | Global |
| Google Fonts | Web fonts | Font requests, referrer | Global CDN |
6. Cookies & Local Storage
Essential Storage
These are necessary for the Website to function and do not require consent:
| Name | Type | Purpose | Duration |
|---|---|---|---|
theme | localStorage | Stores your theme preference (dark/light) | Persistent |
languagePreference | localStorage | Stores your language setting | Persistent |
mc:scroll:transfer:v1 | sessionStorage | Preserves page progress while switching languages | 15 seconds |
mc:scroll:restore:v1 | sessionStorage | Restores page position after a page refresh | 15 seconds |
Analytics Cookies
These help us understand how visitors use our Website:
| Name | Type | Purpose | Duration |
|---|---|---|---|
ph_* (PostHog) | Cookie | Session identification for analytics | 1 year |
Third-Party Cookies
Set by our third-party service providers:
| Name | Type | Purpose | Duration |
|---|---|---|---|
RB2B cookies | Cookie | B2B visitor session tracking | Session |
Gleap cookies | Cookie | Support widget session management | Session |
7. Data Retention
We retain your data for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Waitlist emails | Until you unsubscribe |
| Analytics data | 90 days |
| Session recordings | 30 days |
| Chat transcripts | Per Gleap policy |
| Geo cache data | 24 hours |
| Rate limit data | Session-based |
8. Your Rights
GDPR Rights (EU/EEA Residents)
Under the General Data Protection Regulation, you have the following rights:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
CCPA Rights (California Residents)
Under the California Consumer Privacy Act, you have the following rights:
- Right to know what personal data is collected
- Right to know if your data is sold or disclosed
- Right to say no to the sale of personal data
- Right to delete your personal data
- Right to non-discrimination for exercising your rights
How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@memorychat.app. We will respond to your request within 30 days.
9. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including the United States and the European Union. When we transfer data internationally, we rely on the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-US Data Privacy Framework for transfers to certified US organizations
- Adequacy decisions where applicable
10. Security Measures
We implement appropriate technical and organizational measures to protect your personal data:
- HTTPS/TLS encryption for all data transmission
- Server-side API key protection (keys never exposed to browsers)
- Rate limiting to prevent abuse
- Input masking in session recordings
- Honeypot fields for bot protection
- CORS headers for API security
11. Children's Privacy
Our Website is not directed at children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@memorychat.app, and we will take steps to delete the information.
12. Policy Updates
We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you by posting a notice on our Website and updating the "Last updated" date at the top of this policy. We encourage you to review this policy periodically.
13. Contact Information
If you have any questions about this privacy policy or our data practices, please contact us:
- Privacy inquiries: privacy@memorychat.app
- General support: support@memorychat.app