Privacy policy

Memento AI, a Delaware corporation (“Memento AI,” “Company,” “we,” “us,” or “our”), respects your privacy and is committed to safeguarding any information we collect from or about you. This privacy policy, as aamended from time to time (“Privacy Policy”), outlines our practices regarding the data we collect when you use our device, website, applications, and services (collectively, the “Services”) for non-professional purposes or services, as intended. The Service includes the features and capabilities of a web interface powered by AI technology. Data that may be relatable, from sources we collect, to an identifiable living natural person is referred to herein as “personal information” or “personal data” or “PI.”  

Memento AI seeks to comply with general principles of privacy, many of which have been reduced to laws in various jurisdictions. We comply fully with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and any applicable U.S. state privacy laws. This Privacy Policy is a statement of principles and does not opt Memento AI into any jurisdiction not otherwise applicable to it; Memento AI reserves all rights to object to the application of any law to it as appropriate, and this Privacy Policy does not create in third parties any rights of enforcement.

Memento AI seeks to provide secure and confidential Services to its users, some of which might be defined under local law as personal information or personal data.  Our goal is to collect and process only sufficient data to perform our Services safely, efficiently, and securely; to communicate with persons about our Services; and to retain PI that has not been anonymized or aggregated only as long as required for our business purposes. Data is deleted pursuant to the retention policies set forth herein.

1. Data Controller

For the purposes of the GDPR (General Data Protection Regulation), Memento AI is a “data controller,” meaning We are the party responsible for deciding the purposes and means of processing “personal information,” as defined by the GDPR.

2. Personal Data Collected

While using Our Services, we may ask you to provide us with certain PI that can be used to contact or identify You. The Company collects only sufficient information to provide its Services and, in some instances, to communicate with a person or to process their PI, as well as to monitor operations and prevent abuse, and to ensure system security and functionality. Personally identifiable information may include information You have provided, information received from Your use of the Services, and information received from other sources.

The Services and personal information collected are not intended for use by You for health-related purposes or services. We do not use, process, store, or share any data collected through this technology for the purpose of providing health-related advice, diagnoses, treatments, services, or any other health-related purposes. The Services are not designed or intended to be used to support or replace professional medical care.

The Services and personal information collected are not intended for use by You for legal-related purposes or services. We do not use, process, store, or share any data collected through the Services for the purpose of providing legal advice or services. The Services are not designed or intended to be used to support or replace professional legal advice or services.

The Services and personal information collected are not intended for use by You for financial or real estate-related purposes or services. We do not use, process, store, or share any data collected through the Services for the purpose of providing professional financial or real estate services. The Services are not designed or intended to be used to support or replace professional financial or real estate services.

We do not process sensitive information. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Data You Provide:

Through the use of the Services or the creation of an account, we may collect data and personal information from You directly. This data can include, but is not limited to:

• Name;

• Phone number;

• Email address;

• Username and account credentials;

• Content shared via the online or mobile platform that includes chat communications and uploaded images, and recordings;

• Content (and related information) that is captured and recorded when using Our products and Services, such as video or audio recordings, images, comments, and other data collected from the product’s surrounding environment;

• Any other communication information, such as social media accounts or physical billing addresses;

• Financial information, such as transaction information, and in some cases, our customers’ payment information, is provided to a third-party fiat payment provider.  Fiat payment information is not received by the Company;

• Biometric data, such as facial recognition, voice recognition, and any other information given by the user; and

• Any other information you provide.

By using the Services, you understand that the Device is passively recording your surroundings, including video and audio content that may contain personal information that is inappropriate, illegal, or unethical to collect. Privacy and video surveillance laws in your jurisdiction may apply to your use of Our products and Services. You are solely responsible for ensuring that you comply with all applicable laws when you use our products or Services. Capturing, recording, or sharing video or audio content that involves other people, or capturing other people’s facial feature information, may unlawfully affect their privacy rights. Memento AI will endeavor to filter inappropriate content out of its data collection, but You agree that Memento AI will not be held liable in any civil or criminal legal action that may arise from the content collected from the monitoring and recording.

Please note that if you are an employee of the Company, a contractor or vendor to the Company, or a third-party provider, your personal information may be used in connection with your employment contract or your contractual relationship, whichever applies, and is governed by policies related to those contracts and not by this Privacy Policy.  Please refer to any applicable Company contracts, policies, or manuals.

Data Received from Use of the Services:

We and our third-party vendors, which include Google Analytics, may use cookies, web beacons, and other tracking technologies to collect information about the computers or devices (including mobile devices) you use to access the Services. As described further below, we may collect and analyze information, including but not limited to:

• Identifiers: We collect limited data from IP addresses, including general geodata, from users. We also collect email addresses or similar information from our customers, as well as the type of device you are using and its operating system, your browser type and version, and other characteristics and information about your device and browser; your preferred language; the location of an access point you access while using the websites or Services; the GPS or wireless technology on your device; the date and time of your visit; any searches you conduct on our site; areas of our site that you visited; the length of time of your visit; and the number of times you visit our site.

• Log Information. Information that is generated by your use of the Website or our Services that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information (such as country of origin), system activity, and any internal and external information related to pages that you visit, including the full Uniform Resource Locator (URL) clickstream to, through, and from our website or app, including date and time; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page. We may collect similar information, such as your device type and identifier, if you access the Website or our Services through a mobile device. We use this information to ensure that the Service functions properly.

When you use the Device, you will, by using those Services, be allowing Memento AI to collect data from your surroundings, which may include but is not limited to biometric information, biometric data, facial recognition, voice and audio recordings, and images and videos of the things around you.

Most web browsers automatically accept cookies, but your browser may allow you to modify your browser settings to decline cookies if you prefer. If you disable cookies, you may be prevented from taking full advantage of the Services, because the Services may not function properly. As we adopt additional technologies, we may also gather additional information through other methods.

When you use the Services, we may collect general technical information (such as a general location inferred from an IP address, geolocation data if enabled by you, and device identifiers).

Data Received from Other Sources: We may at times receive information from Our partners, such as security partners and marketing vendors, who help make the function of Our Services secure and optimal for potential customers.

We or our Service Providers may access and collect information from mobile device IDs (including general non-specific device location), cookies, web beacons, and other similar technologies to provide and personalize the Services and features of the Services for you across sessions. This may include counting the number of users that have visited our website, the top pages on the website visited by users, and top referring sources. Please see our Cookie Policy for more information.

3. How Personal Data is Used and Shared

We specifically note that the Company does not sell data to third parties to perform marketing or profiling. We may use personal data for the following purposes:

• To provide, administer, and maintain our Services (for example, to respond to your questions for Memento AI);

• To personalize the Services for You based on both the web Services and the Device Services;

• To use voice, image, and camera services from the Device Services to assist in enhancing custom AI interaction;

• To improve and develop our Services and conduct research;

• To communicate with you, including to send you information about our Services and events;

• To analyze, improve, modify, customize, and measure the Services, which include the training of our artificial intelligence and machine learning models;

• To prevent fraud, illegal activity, or misuse of our Services, and to protect the security of our systems and Services;

• To conduct Data Protection Impact Assessments (DPIAs) in accordance with the GDPR for high-risk processing activities to identify privacy risks proactively and implement appropriate mitigation measures; and 

• To comply with legal obligations, including those under the GDPR, CCPA, and any other relevant privacy laws, and to protect the rights, privacy, safety, or property of our users, Friend, or third parties 

We may also aggregate or de-identify personal data so that it no longer identifies you and use this information for the purposes described above, such as to analyze the way our Services are being used, to improve and add features to them, and to conduct research. We will maintain and use de-identified information in de-identified form and not attempt to re-identify the information, unless required by law.

We seek to limit third-party contractors’ use of data provided by us to them in connection with assisting with providing our services, such as payment purposes, by contractual provisions aimed at solely serving the purposes of the Company and its customers.

As noted above, we may use data and personal information you provide us to improve our Services. For example, the data you provide may be used to train the models that power Memento AI.

4. Disclosure of Personal Data

The Company will not disclose any of its users’ (including end-users, as applicable personal information to a third-party, except: (a) to the extent that it believes is or may be required to do so pursuant to any applicable laws, rules or regulations; (b) if there is a duty to disclose; (c) if our legitimate business interests require disclosure; (d) in line with our Terms of Service; (e) safety and security, (f) business changes (such as merger, acquisition, bankruptcy, dissolution, reorganization, asset or stock sale, or other business transaction), (g) with Service Providers to assist in providing, delivering or improving the services, or (h) at your request or with your consent or to those described in this Privacy Policy.

Your personal data may be disclosed in the following circumstances:

• Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose personal data to vendors and service providers, including any vendors or service providers used to audit our Device and Services. Pursuant to our instructions, these parties will access, process, or store personal data only in the course of performing their duties to us.

• Business Transfers: If we are involved in any business transaction such as reorganization, bankruptcy, merger, acquisition, or other sale of Company assets (collectively, a “Transaction”), your personal data may be disclosed in the diligence and negotiation process with counterparties and transferred to a successor or affiliate as part of that Transaction.

• Advertising and Analytics: While We do not engage in advertising as of the date of this Privacy Policy, we may choose to do so in the future, and it will be necessary to disclose some of your information to advertising and analytics partners who service advertisements on our behalf. These parties may use cookies and tracking technologies to allow Us to analyze data about content created, shared, and available, and to target content for You specifically according to your interests and online activity.

• Government Authorities or Other Third Parties: We may share your personal data, including information about your interaction with our Services, with government authorities or other parties as necessary in compliance with the law (i) if required to do so, or in good faith belief that action is necessary, to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.

• Transfers Directed or Permitted by You: We may disclose personal data about you to certain other third parties at your direction or with your consent or permission.

• Cookies: To enable our systems to recognize your browser or device and to provide and improve our services, we use cookies and similar technologies. For more information about how we use them, how you can control them, and your choices regarding interest-based advertising and targeted advertising, please see our Cookie Policy.

Non-Identifiable Data: In addition, where allowed by applicable law, we may use and disclose information that is not in a personally identifiable form for any purpose. If we combine information that is not in personally identifiable form with information that is identifiable (such as combining your name with your geographical location), we will treat the combined information as personal information as long as it is combined.

5. Retention

We will retain personal data we process on behalf of our users for as long as needed to provide the Service to our customers, subject to our compliance with this Privacy Policy and any relevant customer agreements. When we consider that personal information is no longer necessary for the purpose for which it was collected, we will delete such information or remove any details that will identify you, or we will securely destroy the records. However, we may need to maintain records for a significant period of time (after you cease being our user).

For example, we may keep your data for longer than 5 years if we cannot delete it for legal, regulatory, or technical reasons. We may further retain and use this personal data as necessary, including but not limited to:

• complying with our legal obligations (including in defense or pursuit of a legal claim),

• maintaining accurate accounting, financial, and other operational records,

• resolving disputes, and

• enforcing our agreements.

Also, the personal information we hold in the form of recorded information, if any, by telephone, electronically, or otherwise, will be held in line with local regulatory requirements (i.e., 5 years after our business relationship with you has ended or longer if we have legitimate interests (such as handling a dispute with you)). If you have opted out of receiving marketing communications, we will hold your details on our suppression list so that we know you do not want to receive these communications.

6. Your Rights

Depending on where you live, you may have certain statutory rights in relation to your personal data. For example, depending on your jurisdiction, you may have the right to:

• Know what personal information we collect, use, share, or sell;

• Access your personal data and information relating to how it is processed;

• Delete your personal data from our records;

• Update or correct your personal data;

• Request information about the categories of personal information we collect or disclose about you and the purposes for collecting and disclosing such information;

• Transfer your personal data to a third party (right to data portability);

• Restrict how we process and disclose your personal data;

• Request human review of significant automated decisions;

• Withdraw your consent—where we rely on consent as the legal basis for processing at any time;

• Object to how we process your personal data, including for direct marketing purposes;

• Lodge a complaint with your local data protection authority;

• Revoke your consent for the processing of your information

You can exercise some of these rights through your Memento AI account. If you are unable to exercise your rights through your account or to contact our data protection officer, please submit your request to admin@mymemento.io.

A note about accuracy: Services like Ours generate responses by reading a user’s request and, in response, predicting the words most likely to appear next. In some cases, the words most likely to appear next may not be the most factually accurate. For this reason, you should not rely on the factual accuracy of output from our models.

7. Children

Memento AI does not expect, nor does it knowingly permit, the use of Company services by children under 18. We do not, by our Terms of Service, permit anyone under 13 or 16 if they are a resident of the EEA to use the Services, and we do not knowingly collect personal data from children under 13. If you have reason to believe that a child under 13 has provided personal data to Memento AI through the Services, please email us at support@mymemento.io. If you are a parent or guardian and become aware that a minor has accessed our services, please contact us directly at support@mymemento.io. We will investigate any notification and, if appropriate, delete the personal data from our systems and close the account.

8. Security

Our platform uses cloud services or CDNs that might process and retain data and your personal information in different jurisdictions other than your primary location, including in the United States and elsewhere in the world. By using our Services, you are deemed to agree that your personal information may be transferred to, stored, and handled as described in this Policy.

We seek to take reasonable measures to protect your personal information in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction.  However, it is not possible to guarantee 100% security or confidentiality of information you provide to us.  If you have reason to believe that your interactions with us are no longer secure, please contact admin@mymemento.io immediately.

9. Breach Notification Protocols

In case of a data breach involving personal information:

• Under GDPR: We will notify supervisory authorities within 72 hours after discovery and the affected individuals promptly if their rights are impacted.

• Under HIPAA: We will notify affected individuals within 60 days after discovery; breaches involving more than 500 individuals will also be reported promptly to authorities as required by law. 

10. Regional Privacy Disclosures and Rights

Some regions require additional or specific disclosures and afford users with additional or different rights.

Additional State Disclosures:

Some regions' privacy laws require specific disclosures. The following table provides additional information about the categories of personal data we collect and how we use and disclose that information. You can read more about the personal data we collect and where we collect it from in “Personal Data Collected” above, how we use personal data in “How Personal Data is Used and Shared” above, and how we retain personal data in “Security” and “Retention.”

Depending on where you live and subject to applicable exceptions, you may have the following privacy rights in relation to your personal data:

• The right to know information about our processing of your personal data, including the right to access your personal data, often in a portable format;

• The right to request deletion of your personal data;

• The right to correct your personal data;

• The right to block or suppress the processing of your personal information;

• To obtain your personal information that we have collected and reuse it elsewhere; and

• The right to be free from discrimination relating to the exercise of any of your private rights.

We do not “sell” personal data or “share” personal data for cross-contextual behavioral advertising, and we do not process personal data for “targeted advertising” purposes (as those terms are defined under state privacy laws). We also do not process sensitive personal data for the purpose of inferring characteristics about a consumer.

Additional GDPR Rights:

For those users that live in the European Economic Area (EEA) or Switzerland, or the UK, you have the following rights to object:

• Object to our processing of your personal data for direct marketing at any time.

• Object to how we process your personal data when our processing is based on legitimate interests. 

The GDPR also requires data controllers to tell you about the legal basis they rely on for using, sharing, or disclosing personal data. Our legal grounds for processing Your data are below. 

11. Cookies

When you use our products and Services, we may make use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (collectively, “Cookies”) on your computer or other devices used when engaging with us. We use Cookies to help us recognize you as a customer, collect information about your use of our products and Services, better customize our Services and content for you, and collect information about your computer or other access devices to ensure our compliance with our legal obligations. We may receive reports based on the use of Cookies from third-party Service Providers on an individual as well as an aggregated basis. For more information, including the information on how you may disable these technologies, please see our Cookie Policy.

12. Lawful Basis for Processing

As required by the GDPR, we legally process data when You have given Us or our Service clear consent to process your personal information. Other processing of data is lawful due to the following bases:

13. Exercising Your Rights

Although we have not appointed an official Group Data Protection Officer, you may request to exercise your applicable access, rectification, cancellation, and/or objection rights by submitting a request through info@mymemento.io.

Please note that certain information may be exempt from requests under applicable law. For example, we may retain certain information for legal compliance and to secure our Services. We may need certain information in order to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services.

We hope to address any questions or concerns you may have. Certain people may have the right to complain to their local Data Protection Authority. For a list of some such authorities, please contact your local authority.

14. Verification

In order to protect your personal data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete personal data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional personal data for verification. If we cannot verify your identity, we will not be able to honor your request.

15. Authorized Agents

You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us. Authorized agent requests can be submitted to info@mymemento.io.

16. Appeals

Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights. To appeal a decision, please send your request to info@mymemento.io.

17. Data Transfers

Memento AI currently processes data in the United States of America. By use of our Services or Devices you are deemed to consent to such usage; if you do not consent to such usage, do not use our Services or Devices.

While data protection law varies by country and these countries may not offer the same level of data protection as your home country, we apply the protections described in this Privacy Policy to your personal data regardless of where it is processed. To the extent that we transfer your personal information outside of the EEA and UK, we will use reasonable efforts to ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016 and the UK Data Protection Act 2018. By using the Services, you consent to the collection, processing, maintenance, and transfer of your personal information in and to the United States where the privacy laws may not be as comprehensive as those in the country where you reside or are a citizen.

18. Links to Third-Party Sites

If you reach our platform(s) via a third-party platform, please see the privacy policy of the third party because Memento AI does not manage or control independent businesses, nor their customers or service providers. Prior to accessing our Services and once you leave our site, you are governed by the other site’s own privacy policy. The Services may also contain links to third-party websites or services. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information by third parties will be subject to the privacy policies of the third-party websites or services and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties before providing information to them.

19. Accessibility

If you have a problem reading or accessing information or materials on the Website or regarding our Services, please inform us at info@mymemento.io.

20. Changes to Privacy Policy

Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices, are taken into consideration, as well as that it remains abreast of the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Policy.

If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and other places we deem appropriate. You consent to these changes by continuing to use our Services or Devices.

21. Severability

In the event that any one or more of the provisions of this Privacy Policy should be invalid, illegal, or unenforceable in any respect, the validity, legality, and enforceability of the remaining provisions contained herein shall not in any way be affected or invalidated.

22. Contact

Please contact Us at support@mymemento.io if you have any questions or concerns not already addressed in this Privacy Policy or wish to exercise any privacy rights outlined above. Our Data Protection Officer can be contacted at admin@mymemento.io.