Privacy Policy
Effective Date: 06/04/2025
Overview
This Privacy Policy describes how Supermemory (“Company,” “we,” “us,” or “our”) collects, uses, and protects information in connection with our cloud services (“Services”). This policy applies to all users of our Services.
Information Collection & Account Information
We collect and maintain the following account-related information:
- Full name
- Email address
- Organization name
User Data
We store and process user data that is uploaded to or created within our Services, including but not limited to:
- Documents, files, and content uploaded by users
- Data synchronized from connected third-party services
- User-generated content and configurations
Connected Services Data
With explicit user consent, we may access and store data from third-party services that users choose to connect, including:
- Google Drive
- Notion
- Other productivity and storage services as authorized by the user
Technical Information
We collect technical data necessary for service operation and security, including:
- Authentication logs
- Service access records
- System performance metrics
- API usage logs for connected services
Use of Information
The information we collect is used for:
- Account creation and management
- Service authentication and access control
- Data storage, processing, and retrieval as requested by users
- Integration with third-party services as authorized by users
- Essential service communications
- System security and operational maintenance
- Service improvement and feature development
- Compliance with legal obligations
Data Processing
User Content and Data
We store and process user data as part of our core service functionality. This includes data uploaded directly by users and data accessed from connected third-party services with proper authorization.
Third-Party Service Integration
Users may authorize connections to external services such as Google Drive, Notion, and other productivity platforms. Such integrations require:
- Explicit user consent for each service connection
- Developer authorization where applicable
- Adherence to the connected service’s terms and data handling requirements Data accessed through these integrations is processed in accordance with user instructions and this Privacy Policy.
Third-Party AI Processing
When users elect to utilize artificial intelligence features, content may be processed by third-party AI service providers, including OpenAI and Google Gemini. Such processing occurs solely at user direction and for the purpose of delivering requested functionality.
Data Security
Encryption
All data transmissions are protected using industry-standard encryption protocols during transit between user systems and our infrastructure.
Infrastructure Partners
We utilize trusted third-party service providers for infrastructure operations:
- Timescale for database services
- Cloudflare for content delivery and security services These providers are contractually bound to maintain appropriate security standards and data protection measures.
Information Disclosure
We do not sell, rent, or otherwise commercially distribute personal information. Information may be disclosed only in the following circumstances:
- To infrastructure service providers as necessary for service operation
- To third-party AI services when users elect to use AI features
- To connected third-party services as explicitly authorized by users (Google Drive, Notion, etc.)
- When required by applicable law or legal process
- To protect the rights, property, or safety of the Company or others
- In connection with a corporate transaction such as merger or acquisition All third-party integrations and data sharing occur only with explicit user consent and authorization.
Data Retention and Deletion
Account information and user data are retained for the duration of the service relationship or as necessary to provide requested services. Users maintain control over their data and may delete content through service interfaces. Data from connected third-party services is retained according to user preferences and service requirements. Users may disconnect third-party services at any time, which may affect data synchronization but will not immediately delete previously synchronized data unless explicitly requested. Users may request complete account and data deletion at any time, subject to legal retention requirements and technical processing timeframes.
User Rights
Subject to applicable law, users may:
- Request access to their account information and stored data
- Request correction of inaccurate information
- Request deletion of their account and associated data
- Manage connected third-party service integrations
- Revoke authorization for third-party service connections
- Object to certain processing activities
- Request data portability where technically feasible Requests should be submitted through our designated contact channels.
International Transfers
Information may be transferred to and processed in jurisdictions other than the user’s country of residence. We implement appropriate safeguards to ensure adequate protection during such transfers.
Policy Updates
This Privacy Policy may be updated periodically. Material changes will be communicated through appropriate channels, including email notification to account holders or prominent notice within our Services.
Legal Compliance
This policy is designed to comply with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
Contact Information
For privacy-related inquiries or to exercise your rights under this policy, contact us at:
Email: dhravya@supermemory.com
This Privacy Policy governs the collection and use of information by Supermemory. By using our Services, you acknowledge that you have read and understood this policy.
Last Updated: 06/04/2025