Privacy Policy

Effective Date: March 23, 2026

Memory Log ("we," "our," or "us") is an AI-powered cognitive fitness tool that helps you keep your memory sharp through daily journaling and personalized recall quizzes. This Privacy Policy explains how we collect, use, and protect your information when you use our website, mobile applications, and related services.

1. Information We Collect

Account Information: When you sign in with Google or Apple, we receive your name and email address. If you use Memory Log as a guest, we generate an anonymous identifier — no personal information is collected for guest accounts.

Journal Entries: The text you write in Memory Log, including daily journal entries and any questions you ask. This is the core content you provide to the service.

Knowledge Graph: From your journal entries, our AI extracts entities (people, places, organizations) and their relationships to build your personal knowledge graph. This data is derived from your journal entries and stored in your account.

Quiz Data: Your quiz scores, streaks, and performance history from the daily recall quizzes generated from your journal content.

Todo Items: Tasks and action items extracted by AI from your journal entries (e.g., when you write "I need to..." or "I should...").

Video Transcriptions: If you use the video summary feature, transcriptions of video content you submit for summarization.

Payment Information: If you upgrade to Memory Log Pro, payment is processed by Stripe. We do not store your credit card number, expiration date, or CVV. Stripe provides us with a transaction record and subscription status.

Analytics Data: We collect usage data such as which features you use, how often you visit, and general interaction patterns. This data is collected through Google Analytics and PostHog.

Push Notification Tokens: If you enable notifications, we store a device token through Firebase Cloud Messaging to send you daily quiz reminders.

Biometric Authentication: If you enable Face ID or Touch ID, biometric data is processed entirely on your device by the operating system. We never receive, transmit, or store your biometric data.

Device Information: General device and browser information collected automatically through analytics services for aggregate usage analysis.

2. How We Use Your Information

AI Processing: To extract knowledge from your journal entries, generate personalized recall quizzes, and provide daily cognitive fitness insights.
Service Delivery: To maintain your account, knowledge graph, quiz history, and subscription status.
Notifications: To send daily quiz reminders and service updates (with your consent).
Analytics: To understand how people use Memory Log so we can improve the service. Analytics data is aggregated and not used to identify individual users.
Security: To protect against unauthorized access, fraud, and abuse.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Consent: When you submit journal entries for AI processing, you consent to that processing. You can withdraw consent by deleting your account.
Contract Performance: Processing necessary to provide the Memory Log service, including subscription management.
Legitimate Interest: Analytics and security measures that help us improve and protect the service, balanced against your privacy rights.

4. AI Processing Disclosure

How We Use AI to Process Your Journal Entries

When you write a journal entry, it is sent to Google's Gemini API for processing. Here is exactly what happens:

Your journal text is sent to Google's servers to extract people, places, and facts, and to generate personalized quiz questions.
We use the paid Gemini API tier. Under Google's API Terms of Service, your data submitted through the API is not used to train Google's AI models.
Google may retain API data for up to 30 days for safety and abuse monitoring purposes, after which it is deleted.
Your journal entries are processed in real-time and are not stored by Google beyond the retention period described above.

For more details, see Google's Gemini API Terms of Service.

5. Third-Party Services

We use the following third-party services to operate Memory Log:

Service	Purpose	Data Shared
Google Gemini API	AI processing of journal entries	Journal text, questions
Firebase Authentication	User sign-in (Google, Apple, anonymous)	Name, email, auth tokens
Firebase Firestore	Data storage	All account data
Firebase Cloud Messaging	Push notifications	Device tokens
Google Analytics	Usage analytics	Anonymized usage events
PostHog	Product analytics	Usage events, user ID
Stripe	Payment processing	Payment details (handled by Stripe)

Each third-party provider processes data in accordance with their own privacy policies and data processing terms.

6. International Data Transfers

Memory Log's data is stored and processed on servers in the United States through Google Cloud (Firebase) infrastructure. If you are accessing Memory Log from outside the United States, including from the European Economic Area, your data will be transferred to and processed in the United States.

These transfers are governed by Google's Data Processing Terms and Standard Contractual Clauses (SCCs), which provide appropriate safeguards for the protection of your personal data as required by GDPR.

7. Data Sharing

We do not sell your personal data. We do not share your data with advertisers or data brokers. Your journal entries are never used for advertising purposes.

We share data only with the third-party service providers listed above, solely for the purposes of operating Memory Log. We do not share your data with any other parties except when required by law.

8. Data Retention & Deletion

Your data is retained for as long as your account is active. If you wish to delete your account and all associated data, please email us at it@moblize.it. We will delete your account data within 30 days of receiving your request.

Analytics data collected through Google Analytics and PostHog is retained according to those services' standard retention policies and is not linked to your account after deletion.

9. Your Rights

For users in the European Economic Area (GDPR):

Access: Request a copy of your personal data.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your data ("right to be forgotten").
Data Portability: Request your data in a machine-readable format.
Restriction: Request that we limit how we process your data.
Object: Object to processing based on legitimate interest.

For users in California (CCPA):

Right to Know: Request information about the categories and specific pieces of personal data we collect.
Right to Delete: Request deletion of your personal data.
Right to Opt-Out: We do not sell personal data, so this right does not apply.
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please email it@moblize.it. We will respond within 30 days.

10. Children's Privacy

Memory Log is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at it@moblize.it and we will promptly delete that data.

11. Security

We take reasonable measures to protect your personal data, including:

All data is transmitted over HTTPS (encrypted in transit).
Firebase security rules restrict data access to authenticated users and their own data.
Authentication is handled through industry-standard OAuth 2.0 (Google and Apple sign-in).
Payment processing is handled entirely by Stripe, a PCI-compliant payment processor.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users and relevant authorities in accordance with applicable law. This includes notification to the FTC (for US users) and relevant supervisory authorities (for EU users) within the timeframes required by law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through an in-app notification. The "Effective Date" at the top of this policy will be updated to reflect the date of the most recent changes.

14. Contact Us

If you have questions about this Privacy Policy, your personal data, or want to exercise any of your rights, please contact us at:

Email: it@moblize.it