What we collect
We collect only what we need to run the service and bill it accurately:
- Account data — name, email, and organization, provided directly or through your identity provider (Clerk).
- Memory content — the text, files, and metadata you or your agents ingest. This is your data; we process it on your behalf.
- Usage & telemetry — API request counts, job outcomes, and error logs used for billing, reliability, and abuse prevention.
How we use it
Your data powers the product and nothing else. We use it to operate the Guardian ingest pipeline, run hybrid search and graph queries, maintain your memory graph, authenticate requests, meter usage, and provide support. We do not sell your data, and we do not train foundation models on your memory content.
Memory content may be sent to third-party LLM providers (e.g. via OpenRouter) strictly to perform the operations you request — deduplication, merge decisions, and embeddings. Those calls are transient and scoped to the request.
Storage & security
Your memory graph lives in PostgreSQL; original uploaded files live in S3-compatible object storage, keyed by content hash. Every record is partitioned by a cryptographic tenant_id boundary — one organization can never read another's data.
Data is encrypted in transit (TLS) and at rest. Access is least-privilege and audited; every write to the ledger is stamped with actor, tenant, scope, and request ID.
Your rights
You can access, export, correct, or delete your data at any time — through the API or by contacting us. Deleting a memory issues a typed delete event to the ledger and removes it from all projections. Account deletion removes your data within 30 days, except where retention is legally required. Depending on your region, you may have additional rights under GDPR or CCPA.
Retention
We keep your memory content for as long as your account is active. Operational logs are retained for up to 90 days. When you delete data or close your account, we purge it from primary stores and backups on a rolling schedule, typically within 30 days.
Changes
We may update this policy as the product evolves. Material changes will be announced by email or in-product before they take effect, and the version stamp above will be bumped. Continued use after an update means you accept the revised policy.
Contact
Questions about privacy, or a data request? Reach our team and we'll respond within a day.
privacy@memuron.com