MemVerse Privacy Policy

Last Updated: November 2025

MemVerse ("we," "our," or "us") is committed to protecting your privacy and the privacy of your family's stories. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered family storytelling platform. Please read this policy carefully. By using MemVerse, you consent to the practices described herein.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide when creating an account, recording family memories, or contacting us:

  • Account Information: Name, email address, password, and profile details
  • Family Member Information: Names, relationships, birthdates, and photos of family members you add
  • Voice Recordings: Audio recordings of family stories and memories
  • Story Content: Transcripts, photos, videos, and metadata associated with your memories
  • Communications: Messages and feedback you send to our support team

1.2 Information Collected Automatically

When you access MemVerse, we automatically collect:

  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Usage Data: Pages visited, features used, time spent, and interaction patterns
  • Log Data: IP address, access times, and referring URLs
  • Cookies: Session and persistent cookies for authentication and preferences

2. How We Use Your Information

We use your information for the following specific purposes:

  • Service Delivery: To provide, maintain, and improve MemVerse's features and functionality
  • Voice Processing: To convert your voice recordings into text transcripts using speech-to-text technology
  • AI-Powered Features: To generate story titles, extract family wisdom insights, and provide personalized recommendations
  • Account Management: To manage your account, authenticate your identity, and process your requests
  • Communications: To send service updates, security alerts, and respond to inquiries
  • Analytics: To understand usage patterns and improve our services
  • Legal Compliance: To comply with applicable laws and protect our legal rights

3. Third-Party AI Services and Data Processing

IMPORTANT: Your data is processed by the following third-party AI services to provide MemVerse's core functionality. We are transparent about this processing as required by applicable privacy laws.

3.1 Google Cloud Speech-to-Text

  • Purpose: Converts your voice recordings into text transcripts
  • Data Shared: Audio files of your recorded stories
  • Privacy Policy: https://cloud.google.com/terms/cloud-privacy-notice
  • Data Retention: Google processes data transiently and does not retain audio after processing

3.2 OpenAI (GPT-4o Mini)

  • Purpose: Generates story titles, analyzes transcripts for family wisdom insights, and powers AI conversation features
  • Data Shared: Text transcripts of your stories (NOT audio files)
  • Privacy Policy: https://openai.com/policies/privacy-policy
  • Training Opt-Out: We use OpenAI's API with data retention disabled. Your data is NOT used to train OpenAI's models.

3.3 Data Processing Safeguards

  • • All data transmitted to third-party services is encrypted using TLS 1.2 or higher
  • • We maintain Data Processing Agreements (DPAs) with all third-party processors
  • • Third-party processors are contractually prohibited from using your data for purposes other than providing services to MemVerse
  • • We regularly audit third-party compliance with our data protection requirements

4. Data Storage and Retention

4.1 Where We Store Your Data

Your data is stored on Google Cloud Platform servers. Our primary data centers are located in the United States. If you are accessing MemVerse from outside the United States, please be aware that your data will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.

4.2 Retention Periods

  • Account Data: Retained for the duration of your account plus 30 days after deletion
  • Voice Recordings & Transcripts: Retained until you delete them or close your account
  • AI-Generated Insights: Retained until you delete associated stories or close your account
  • Usage Logs: Retained for 12 months for security and analytics purposes
  • Backup Data: Deleted within 90 days of account closure

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in these limited circumstances:

  • Service Providers: With third-party processors as described in Section 3, solely to provide our services
  • Legal Requirements: When required by law, court order, or government request
  • Safety: To protect the safety, rights, or property of MemVerse, our users, or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • With Consent: When you explicitly authorize sharing

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication for staff
  • Monitoring: Continuous security monitoring and intrusion detection
  • Backups: Regular encrypted backups with geographic redundancy
  • Incident Response: Documented breach response procedures; notification within 72 hours of discovery

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal data and account
  • Export: Download your family memories and data in a portable format
  • Restriction: Request that we limit processing of your data
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at mira@memverse.co. We will respond within 30 days (or as required by applicable law).

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information collected from you
  • Right to Opt-Out: We do not sell personal information or share it for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Information: We only use sensitive personal information to provide our services

To submit a request, email mira@memverse.co with "CCPA Request" in the subject line. We will verify your identity before processing your request.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Lawful Basis: We process your data based on: (a) your consent, (b) contract performance, (c) legitimate interests, or (d) legal obligations
  • Data Portability: Receive your data in a structured, machine-readable format
  • Right to Lodge Complaint: File a complaint with your local data protection authority
  • International Transfers: We transfer data to the US using Standard Contractual Clauses approved by the European Commission

For GDPR-related inquiries, contact mira@memverse.co with "GDPR Request" in the subject line.

10. Children's Privacy

MemVerse is designed for families, which may include children. We are committed to protecting children's privacy:

  • • Family accounts are managed by adult account holders (18 years or older)
  • • The adult account holder is responsible for any content recorded by or about minors
  • • We do not knowingly collect personal information directly from children under 13 without parental consent
  • • Parents/guardians can review, delete, or refuse further collection of their child's information by contacting us

If you believe we have collected information from a child without parental consent, please contact us immediately at mira@memverse.co.

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and basic functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how you use MemVerse

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy with a new "Last Updated" date and, where appropriate, by email notification. Your continued use of MemVerse after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries: mira@memverse.co
Response Time: We will respond to all privacy inquiries within 30 days

Thank you for trusting MemVerse with your family's precious memories.