Privacy Policy

Effective Date: 06/04/2025
Last Updated: 06/04/2025

Overview

This Privacy Policy describes how Supermemory ("Company," "we," "us," or "our") collects, uses, and protects information in connection with our cloud services ("Services"). This policy applies to all users of our Services.

Information Collection

Account Information

We collect and maintain the following account-related information:

  • Full name
  • Email address
  • Organization name

User Data

We store and process user data that is uploaded to or created within our Services, including but not limited to:

  • Documents, files, and content uploaded by users
  • Data synchronized from connected third-party services
  • User-generated content and configurations

Connected Services Data

With explicit user consent, we may access and store data from third-party services that users choose to connect, including:

  • Google Drive
  • Notion
  • Other productivity and storage services as authorized by the user

Technical Information

We collect technical data necessary for service operation and security, including:

  • Authentication logs
  • Service access records
  • System performance metrics
  • API usage logs for connected services

Use of Information

The information we collect is used for:

  • Account creation and management
  • Service authentication and access control
  • Data storage, processing, and retrieval as requested by users
  • Integration with third-party services as authorized by users
  • Essential service communications
  • System security and operational maintenance
  • Service improvement and feature development
  • Compliance with legal obligations

Data Processing

User Content and Data

We store and process user data as part of our core service functionality. This includes data uploaded directly by users and data accessed from connected third-party services with proper authorization.

Third-Party Service Integration

Users may authorize connections to external services such as Google Drive, Notion, and other productivity platforms. Such integrations require:

  • Explicit user consent for each service connection
  • Developer authorization where applicable
  • Adherence to the connected service's terms and data handling requirements

Data accessed through these integrations is processed in accordance with user instructions and this Privacy Policy.

Third-Party AI Processing

When users elect to utilize artificial intelligence features, content may be processed by third-party AI service providers, including OpenAI and Google Gemini. Such processing occurs solely at user direction and for the purpose of delivering requested functionality.

Data Security

Encryption

All data transmissions are protected using industry-standard encryption protocols during transit between user systems and our infrastructure.

Infrastructure Partners

We utilize trusted third-party service providers for infrastructure operations:

  • Timescale for database services
  • Cloudflare for content delivery and security services

These providers are contractually bound to maintain appropriate security standards and data protection measures.

Information Disclosure

We do not sell, rent, or otherwise commercially distribute personal information. Information may be disclosed only in the following circumstances:

  • To infrastructure service providers as necessary for service operation
  • To third-party AI services when users elect to use AI features
  • To connected third-party services as explicitly authorized by users (Google Drive, Notion, etc.)
  • When required by applicable law or legal process
  • To protect the rights, property, or safety of the Company or others
  • In connection with a corporate transaction such as merger or acquisition

All third-party integrations and data sharing occur only with explicit user consent and authorization.

Data Retention and Deletion

Account information and user data are retained for the duration of the service relationship or as necessary to provide requested services. Users maintain control over their data and may delete content through service interfaces.

Data from connected third-party services is retained according to user preferences and service requirements. Users may disconnect third-party services at any time, which may affect data synchronization but will not immediately delete previously synchronized data unless explicitly requested.

Users may request complete account and data deletion at any time, subject to legal retention requirements and technical processing timeframes.

User Rights

Subject to applicable law, users may:

  • Request access to their account information and stored data
  • Request correction of inaccurate information
  • Request deletion of their account and associated data
  • Manage connected third-party service integrations
  • Revoke authorization for third-party service connections
  • Object to certain processing activities
  • Request data portability where technically feasible

Requests should be submitted through our designated contact channels.

International Transfers

Information may be transferred to and processed in jurisdictions other than the user's country of residence. We implement appropriate safeguards to ensure adequate protection during such transfers.

Policy Updates

This Privacy Policy may be updated periodically. Material changes will be communicated through appropriate channels, including email notification to account holders or prominent notice within our Services.

Legal Compliance

This policy is designed to comply with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Contact Information

For privacy-related inquiries or to exercise your rights under this policy, contact us at:

Email: [email protected]

This Privacy Policy governs the collection and use of information by Supermemory. By using our Services, you acknowledge that you have read and understood this policy.