Privacy Policy

This Privacy Policy describes how Memsy (“we,” “us,” “our”) collects, uses, and protects information in connection with our organizational memory API and related services (“Services”). It applies to operators and developers who access the Services directly.

If you are an end user of an application built on Memsy, your data is governed by the privacy policy of the operator who built that application. We process end user data only on behalf of and under the instruction of our operators.

2.1 Account Information: When you register, we collect:

• Name
• Email address
• Organization name

2.2 API Usage Data: We collect technical data to operate and secure the Services, including:

• API request logs (endpoints called, timestamps, response codes)
• Volume and frequency of memory operations
• Error and performance metrics

2.3 Customer Data: We store and process interaction data that you submit to the Services to build and maintain your organization's memory index. This includes any content, messages, or contextual data you send through our API. You control what you submit.

2.4 Communications: If you contact us, we retain the content of that communication and your contact details.

We use the information we collect to:

• Provide, operate, and maintain the Services
• Authenticate and authorize API access
• Monitor for abuse, security threats, and policy violations
• Communicate with you about the Services, including important notices and updates
• Comply with applicable legal obligations

We do not use your Customer Data or organizational memory to train, fine-tune, or improve any machine learning model.

4.1 Ownership: You retain full ownership of all Customer Data you submit. We do not claim any rights over it.

4.2 Processing: We process Customer Data solely to provide the Services — extracting, structuring, storing, and retrieving organizational memory on your behalf.

4.3 No Sale: We do not sell, rent, or share your Customer Data with third parties for their own purposes.

4.4 Operator Responsibilities: If you are an operator deploying Memsy within a product or organization, you are responsible for obtaining all necessary consents and providing required disclosures to individuals whose interactions you submit to the Services.

We do not sell personal information. We may share information only in the following circumstances:

• Infrastructure providers: We use third-party services to host and operate the platform. These providers access data only as necessary to deliver their services to us and are bound by confidentiality obligations.
• Legal requirements: We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of Memsy or others.
• Business transfers: In connection with a merger, acquisition, or sale of assets, data may be transferred to the successor entity. We will notify you before your data becomes subject to a materially different privacy policy.

Account information is retained for the duration of your account. API usage logs are retained for up to 90 days for security and operational purposes.

Customer Data and your organization's memory index are retained for as long as your account is active. You may request deletion of specific memories or your entire memory index at any time by contacting hello@memsy.io or through the API. We will delete your data from active systems within 30 days of your request.

Upon account termination, all Customer Data is deleted from active systems within 30 days.

We implement reasonable technical and organizational measures to protect your data against unauthorized access, disclosure, loss, or alteration. All data is encrypted in transit using TLS.

No system is completely secure. You are responsible for maintaining the security of your API keys and access credentials.

Subject to applicable law, you may:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that inaccurate information be corrected
• Deletion: Request deletion of your account and associated data
• Portability: Request an export of your memory index in a machine-readable format
• Objection: Object to certain processing activities

To exercise any of these rights, contact us at hello@memsy.io. We will respond within 30 days.

9.1 GDPR: If you are located in the European Economic Area or United Kingdom, you have rights under the General Data Protection Regulation, including the right to lodge a complaint with your local supervisory authority. Our lawful basis for processing your account information is contract performance. Our lawful basis for processing Customer Data you submit is your instructions as a data controller. To request a Data Processing Addendum (DPA), contact hello@memsy.io.

9.2 CCPA: If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

Data may be stored and processed in the United States or other countries where our infrastructure providers operate. By using the Services, you acknowledge that your data may be transferred to and processed in countries with different data protection standards than your own.

The Services are not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us at hello@memsy.io and we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated by email with at least 14 days' notice before the updated policy takes effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights:

Email: hello@memsy.io