> legal

privacy policy

last updated: april 2026

01. introduction

Memra ("we", "us", "our") operates the Memra memory API service at usememra.com. This policy explains what data we collect, how we use it, and your rights under applicable data protection law.

02. data we collect

  • + Account data: Email address, hashed password, billing information.
  • + Memory data: Content, metadata, tags, and classifications that you send via the API.
  • + Usage data: API call counts and timestamps for billing and rate limiting.

03. data residency

All primary customer data is stored exclusively in the European Union (Finland). Limited third-party processing may occur for embeddings and billing as described below.

04. identifiers

Memory IDs are randomly generated UUIDs — they cannot be traced back to any personal information. Tenant IDs are user-chosen strings that you define. Memra does not store personally identifiable information unless you include it in memory content, in which case we recommend enabling Privacy Shield.

05. third-party services

We use a limited number of third-party services to operate Memra:

  • + OpenAI — Generates semantic embeddings for search. Content is sent for processing only and not retained by OpenAI. When Privacy Shield is enabled, only masked content is sent.
  • + Stripe — Processes payments and tax handling. Only billing and invoicing data is shared, never memory content.
  • + Resend — Delivers transactional emails (welcome, password reset, billing).
  • + Sentry — Monitors errors. Memory content is never included in error reports.
  • + Hetzner — EU infrastructure hosting (Helsinki, Finland).

06. how we use your data

Your data is used solely to provide the Memra service: storing memories, enabling semantic search, processing payments, sending service notifications, and maintaining reliability. We do not sell, share, or use your data for advertising.

07. privacy shield

Memra offers an optional Privacy Shield feature that automatically detects and masks personally identifiable information (PII) in memory content before it is stored. When enabled:

  • + Common PII patterns (emails, phone numbers, ID numbers, payment card numbers) are detected and replaced with anonymised tokens.
  • + Original values are securely encrypted and stored separately.
  • + All downstream processing (including search embeddings) uses only the masked content — your users' raw PII is never exposed to third parties.

Note: Privacy Shield is a best-effort supplementary measure. It does not guarantee detection of all PII forms (e.g., names, addresses). You remain responsible for your own data protection obligations.

08. data deletion and your rights

When you delete your account or request erasure, we perform a complete removal of all your data — content, metadata, search indexes, cached data, and any associated records. Deletions are logged for compliance.

Under applicable data protection law, you have the right to:

  • + Access — Request a copy of your data
  • + Rectification — Update incorrect data via the API
  • + Erasure — Complete deletion of all your data
  • + Data portability — Export all your data via our API
  • + Object to processing — Contact us to object to specific processing

09. contact

For privacy inquiries: privacy@usememra.com

Memra is operated from the European Union.

Data Processing Agreement requests: contact us for a DPA.