Privacy Policy

Last updated: February 2, 2026

1. Information We Collect

Account Information

  • Email address (via Google OAuth)
  • Name (as provided by Google)
  • Google account identifier

Usage Data

  • API request metadata (timestamps, token counts, model used)
  • Memory storage metrics
  • Billing and payment information (processed by Stripe)

Memory Data

  • Content you store through the MemoryRouter API
  • Embeddings generated from your content
  • Memory metadata (creation time, access patterns)

2. How We Use Your Information

  • Provide the Service: Store, retrieve, and inject memories into your AI requests
  • Billing: Track usage and process payments
  • Improve the Service: Analyze aggregate usage patterns (never individual content)
  • Security: Detect and prevent abuse, fraud, and unauthorized access
  • Communication: Send important service updates and billing notifications

3. What We Do NOT Do

  • We do NOT use your stored memories to train AI models
  • We do NOT sell your data to third parties
  • We do NOT read or access your memory content except for debugging with your permission
  • We do NOT share your API keys with anyone
  • We do NOT log the content of your AI requests or responses

4. Data Storage & Security

  • Memory data is stored on Cloudflare's global infrastructure
  • All data is encrypted in transit (TLS 1.3) and at rest
  • Memory contexts are isolated per API key — no cross-contamination
  • API keys are hashed and never stored in plaintext
  • We use Cloudflare Workers for edge computing with no cold starts

5. Third-Party Services

We use the following third-party services:

  • Cloudflare: Infrastructure, CDN, and Workers runtime
  • Stripe: Payment processing (we never see your full card number)
  • Google OAuth: Authentication
  • Vercel: Dashboard hosting

Your AI API keys are sent directly to providers (OpenAI, Anthropic, etc.) — we proxy requests but do not store your keys beyond your encrypted configuration.

6. Data Retention

  • Active memories: Retained as long as your account is active
  • Deleted memories: Permanently removed within 30 days
  • Account deletion: All data removed within 30 days of request
  • Usage logs: Retained for 90 days for billing and debugging
  • Billing records: Retained as required by law

7. Your Rights

You have the right to:

  • Access: View all data we store about you via the dashboard
  • Delete: Remove any or all memories via the API or dashboard
  • Export: Download your data in standard formats
  • Correct: Update your account information
  • Object: Opt out of non-essential data processing

8. Government & Law Enforcement

We will NOT voluntarily share your data with any government agency. We will only comply with valid legal process (subpoenas, court orders) after legal review. We will notify you of any requests for your data unless legally prohibited from doing so.

9. Children's Privacy

MemoryRouter is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this policy periodically. We will notify users of significant changes via email or dashboard notification. Continued use after changes constitutes acceptance.

11. Contact Us

For privacy concerns or data requests: [email protected]