Memoir

Privacy Policy

Last updated: February 25, 2026

1. What We Collect

When you use the Memoir browser extension, we collect:

  • Page URLs — the web addresses of pages you visit
  • Page titles — the title of each webpage
  • Page text content — the visible text on the page (up to 5,000 characters)
  • Domain names — extracted from the URL for filtering and organization
  • Visit timestamps — when you visited each page

2. What We Do NOT Collect

Memoir is designed with privacy in mind. We never collect:

  • Passwords or login credentials
  • Form data or text you type into fields
  • Credit card numbers or financial information
  • Content from banking, email, or authentication pages (excluded by default)
  • Cookies, local storage, or session data
  • Screenshots or images from pages
  • Browsing activity in incognito/private mode

3. How We Use Your Data

  • AI Summarization: Page text is sent to OpenAI's GPT-4o-mini to generate concise summaries. Only the text content is sent — no personal identifiers.
  • Search Indexing: Page content is indexed using PostgreSQL full-text search to enable natural language search.
  • Display: Your captured pages are displayed in your personal dashboard timeline.

4. Data Storage and Security

Your data is stored in a PostgreSQL database on our secure server. We use industry-standard security practices including encrypted connections (TLS/SSL), secure password hashing (bcrypt), and JWT-based authentication. Your data is never stored in plain text on disk.

5. Third-Party Services

We use the following third-party services:

  • OpenAI: For AI-powered page summarization. Only anonymized page text is sent — no user identifiers, emails, or personal data.
  • Resend: For transactional emails (password reset, account verification).

6. Data Retention

Captured page data is retained for as long as your account is active. We do not automatically delete your browsing history unless you request it. If your account is inactive for more than 12 months, we may send a reminder email before deleting the account and associated data.

7. Data Deletion

You can delete your data at any time:

  • Delete individual captured pages from the dashboard
  • Delete all captured pages from Settings
  • Delete your entire account and all associated data from Settings

When you delete data, it is permanently removed from our database within 24 hours.

8. Data Sharing

We do not sell, trade, or share your browsing data with any third parties. Your data is used solely to provide the Memoir service to you.

9. Cookies

The Memoir web dashboard uses a single httpOnly session cookie (memoir_token) for authentication. This cookie expires after 30 days of inactivity. We do not use tracking cookies, advertising cookies, or third-party cookies. Google Analytics (GA4) is used on the landing page only with anonymized data collection.

10. Your Rights

You have the right to:

  • Access — view all data we hold about you through the dashboard
  • Export — download all your captured pages and data
  • Delete — permanently remove any or all of your data
  • Correct — update your account information at any time
  • Restrict — configure exclusion rules to prevent capture on specific sites

These rights apply regardless of your location. If you are in the EU/EEA, these rights are provided in accordance with the General Data Protection Regulation (GDPR). If you are in California, these rights are provided in accordance with the California Consumer Privacy Act (CCPA).

11. Security Incident Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of discovering the breach, in accordance with applicable regulations.

12. Contact

For privacy-related questions or concerns, contact us at: privacy@swaa.life