Privacy Policy

1. Who We Are

Rememory AI (“we”, “us”, “our”) operates the photo restoration platform at rememoryai.com, based in the Republic of Seychelles. We act as the data controller for personal information collected through the Service.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@rememoryai.com or via our contact page.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

• Your name and email address (used for authentication and communication).
• Authentication method (email/password, or third-party sign-in via Google or Apple).
• Account preferences and notification settings.

2.2 Uploaded Photographs

When you use Rememory AI, you upload one or more photos for restoration. We collect and temporarily process the image files you submit, along with any associated metadata (e.g., file name, upload timestamp, and the restoration parameters you choose).

2.3 Payment & Billing Information

Rememory AI does not store your payment card details. All payment processing is handled by Paddle.com Market Limited, our Merchant of Record. Paddle collects and retains billing information (card details, billing address, transaction history) in accordance with Paddle's Privacy Policy. We receive only a confirmation of payment status, your Paddle customer ID, and basic billing metadata (e.g., plan type, transaction ID) necessary to fulfil your order.

2.4 Usage & Analytics Data

When you use the Service, we automatically collect:

• Pages visited, features used, and actions taken within the app.
• Device type, browser, operating system, and approximate geographic region.
• Session duration and engagement metrics.
• Error logs and performance telemetry to diagnose technical issues.

This data is collected in aggregate and pseudonymous form via Firebase Analytics (see Section 5) and is used solely to improve the Service.

2.5 Communications

If you contact us by email or via the contact form, we retain your message and contact details in order to respond to your enquiry.

3. How We Use Your Photographs

We understand that the photos you share with us are irreplaceable. We treat them with the care they deserve.

• Only to fulfil your restoration request. Your uploaded photos are processed solely to generate the AI restoration you requested. We do not use your photos for any other purpose.
• Never used to train, fine-tune, or improve AI models. Your photographs — original or restored — are not used to train any machine-learning model, whether operated by Rememory AI or any third party. This is a firm commitment.
• Stored privately in encrypted cloud storage. Your photos are stored in Google Cloud Storage (via Firebase) using server-side encryption at rest (AES-256) and in transit (TLS). Access is restricted to your account.
• Deletable at any time. You can delete individual photos or your entire account from the settings page at any time. Upon deletion, your photos are removed from active storage within 30 days and purged from backup systems within 90 days.

4. Legal Basis for Processing

Where applicable data-protection law requires us to identify a legal basis for processing:

• Contract performance: Processing your photos and account data is necessary to deliver the restoration service you have contracted for.
• Legitimate interests: We process analytics and usage data to improve the Service, prevent fraud, and ensure security.
• Consent: Where we send you optional marketing communications, we do so only with your explicit consent, which you may withdraw at any time.
• Legal obligation: We may process data where required by applicable law or to respond to lawful requests from authorities.

5. Third-Party Data Processors

We work with a small number of carefully selected third-party service providers to operate the Service. Each processes data only as instructed by us and is bound by a data-processing agreement.

5.1 Paddle.com Market Limited — Payment Processing & Billing

Paddle acts as our Merchant of Record and processes all payment card data, billing addresses, tax calculations, and invoicing. Your payment information is governed by Paddle's privacy policy and PCI-DSS compliance programme. We share with Paddle only the information necessary to create and manage your billing relationship (email address, plan type, order details).

5.2 Firebase / Google Cloud — Hosting, Authentication, Storage & Database

Rememory AI is hosted on Google Cloud Platform and uses Firebase services including Firebase Authentication (secure sign-in), Cloud Firestore (user account data and metadata), Cloud Storage (photo files), and Firebase Analytics (usage analytics). Data is stored in Google-operated data centres. Google processes data as our data processor in accordance with Google Cloud's data-processing terms.

5.3 OpenAI — Image Processing for Restoration

AI-powered photo restoration and enhancement is performed with the assistance of OpenAI APIs. Uploaded photos may be transmitted to OpenAI's servers for processing in order to generate the restored output. OpenAI processes photos as our data processor under a data-processing agreement. OpenAI does not use data submitted via the API to train its models, and we do not permit such use. Photos are not retained by OpenAI beyond the duration of the API call.

5.4 No Other Sales or Sharing

We do not sell, rent, or share your personal data or photographs with any other third parties for their own marketing or commercial purposes.

6. Cookies & Analytics

We use a minimal set of cookies and similar technologies:

• Strictly necessary cookies: Required for authentication, session management, and security. These cannot be disabled.
• Analytics cookies (Firebase Analytics): Used to understand how users interact with the Service — which features are popular, where errors occur, and how to improve the experience. Analytics data is pseudonymised and aggregated. You may opt out of analytics in your account settings.
• Preference cookies: Used to remember your settings (e.g., dark mode preference, last-used restoration parameters).

We do not use advertising cookies or share data with advertising networks.

7. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the Service:

• Account data is retained for the lifetime of your account and deleted within 30 days of account closure.
• Uploaded photos and outputs are retained in your Family Vault until you delete them or close your account. After account closure, photos are removed from active storage within 30 days and from backups within 90 days.
• Analytics data is retained in aggregate, pseudonymous form for up to 24 months.
• Billing records are retained by Paddle in accordance with applicable financial record-keeping requirements (typically 7 years).

8. Security

We implement industry-standard security measures to protect your data, including:

• TLS encryption for all data in transit.
• AES-256 server-side encryption for all data at rest in Google Cloud Storage.
• Firebase Authentication with secure session token management.
• Role-based access controls limiting which team members can access production data.
• Regular security reviews and dependency audits.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take every reasonable precaution to protect your information.

9. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@rememoryai.com.

10. International Data Transfers

Rememory AI is operated from the Republic of Seychelles. By using the Service, you acknowledge that your data may be transferred to and processed in countries outside your country of residence, including countries whose data-protection laws may differ from those in your jurisdiction (including the United States, where Google Cloud and OpenAI infrastructure is located). We rely on Google Cloud's and Paddle's data-transfer mechanisms (including Standard Contractual Clauses where applicable) to safeguard international transfers.

11. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Ask us to correct inaccurate or incomplete data.
• Deletion: Request deletion of your personal data and uploaded photos.
• Portability: Request your data in a machine-readable format.
• Restriction: Ask us to restrict processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at support@rememoryai.com. We will respond within 30 days. We may need to verify your identity before processing your request.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we will also send a notification to your registered email address. We encourage you to review this policy periodically.

13. Contact & Complaints

If you have questions, concerns, or complaints about how we handle your personal data, please contact us:

• Email: support@rememoryai.com
• Contact form: rememoryai.com/contact
• Business address: Rememory AI, Republic of Seychelles

If you are not satisfied with our response, you may have the right to lodge a complaint with a data-protection supervisory authority in your country of residence.