Memmo Privacy Policy — Beta
Effective Date: June 2, 2026
Beta Notice: Memmo is currently in private beta, available by invitation only. This Privacy Policy reflects the current state of the app and the data we actually collect today. As the Service evolves, this policy will be updated to reflect new features and data practices.
June 2, 2026 update: This policy was revised to describe gift and peek sharing, recipient controls, Abandoned/Discard removal, and retention in line with Memmo’s current architecture.
Introduction
Memmo, LLC (“Memmo,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Memmo mobile application and related services (collectively, the “Service”).
By using the Service, you agree to the collection and use of information as described in this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
Account Information:
- Name
- Email address
- Password (encrypted, stored by Auth0 — we never see your password)
- Profile photo (optional)
Content:
- Photos and videos you upload
- Notes and captions
- Stacks (grouped memories)
Family and Contact Information:
- Child names and birth dates (for child archives)
- Email addresses of people you invite as co-curators, space members, or recipients
1.2 Information Collected Automatically
Device Information:
- Device type and operating system
- App version
Usage Information:
- Features you use and actions you take within the app
- Error logs and crash reports
Media Metadata (EXIF):
When you upload photos or videos, we capture all standard EXIF metadata embedded in the file. This includes but is not limited to:
- Date and time the photo/video was taken
- Image/video dimensions and orientation
- GPS location (latitude and longitude) — if present in the file
- Camera make, model, and settings
We store the raw EXIF data as-is from your files. This metadata enables features like timeline ordering and may enable future features (e.g., location-based memories, auto-suggested dates).
2. How We Use Your Information
We use your information to:
- Provide the Service — store and display your content, enable sharing with your designated recipients
- Process your uploads — optimize images, transcode video, generate thumbnails
- Enable sharing — grant access to memories via gifts (permanent) or peeks (temporary) to the people you choose
- Send notifications — push notifications when someone shares a memory with you and for app updates
- Improve the Service — understand how features are used, identify and fix bugs
- Provide support — help you when something goes wrong
We do not:
- Sell your data to third parties
- Display advertising
- Train AI models on your content
- Build marketing profiles from your usage
3. How We Share Your Information
3.1 With Your Designated Recipients
When you share a Memory, recipients receive access to the same memory you shared — not a separate duplicate. What they see depends on how you shared it:
Gifts (permanent access):
- The content (photos, videos, notes, stacks)
- Your name and profile photo
- Who else has been gifted access (visible in the app’s “Shared With” list for that memory)
- Access persists until the recipient discards it or closes their account (subject to our retention policies)
Peeks (temporary access):
- The content for the duration of the peek (typically 14 days)
- Your name and profile photo
- Peeks expire automatically, cannot be saved to collections, and are not intended for resharing
When you co-curate an archive, other curators can see:
- Memories saved to that archive
- Who added each item
Curators do not see how you privately organize memories outside that archive (your other archives, spaces, and timeline choices are not disclosed to others).
3.2 With Service Providers
We share information with third-party service providers who help us operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Auth0 | Authentication | Email, name, profile photo, login events |
| Amazon Web Services (AWS) | Cloud hosting, storage | All data (encrypted at rest) |
| Mux | Video processing | Video files |
| Imgix | Image optimization | Image files |
| SigNoz | Backend monitoring | Request traces, error logs, usage data |
| Sentry | Mobile crash reporting | Crash reports, error logs, device info |
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
3.3 For Legal Reasons
We may disclose your information if required by law, including:
- To comply with a subpoena, court order, or legal process
- To respond to lawful requests from government authorities
- To protect our rights, property, or safety
- To investigate violations of our Terms of Service
3.4 Business Transfers
If Memmo is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.
4. Data Storage and Security
4.1 Where We Store Your Data
Your data is stored in the United States using Amazon Web Services (AWS) infrastructure:
- Database: AWS RDS (PostgreSQL) with encryption at rest
- Media files: AWS S3 with encryption at rest (customer-managed encryption keys) and versioning enabled
- Backups: AWS Backup with tiered retention — daily snapshots (35-day retention), weekly snapshots (12-week retention), monthly snapshots (2-year retention), and quarterly snapshots (6-year retention). All backup vaults are encrypted at rest.
4.2 Security Measures
We implement industry-standard security measures:
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS
- Encryption at rest: All stored data and media are encrypted — media files use customer-managed encryption keys (AWS KMS) with automatic annual key rotation
- Access controls: Role-based database access with principle of least privilege
- Secure authentication: JWT tokens with short expiration, secure token storage on device
- Signed URLs: Media files are accessed via time-limited, cryptographically signed URLs — not publicly accessible
- Infrastructure monitoring: CloudWatch alarms for system health, CloudTrail for audit logging
4.3 Your Security Responsibilities
You are responsible for:
- Keeping your login credentials confidential
- Using a strong, unique password
- Logging out on shared devices
5. Data Retention
5.1 Active Accounts
We retain your data for as long as your account is active and as needed to provide the Service.
5.2 Removed Content
Memmo does not use a time-limited trash window for memories (except that peeks expire after their peek period, typically 14 days).
Forget and Abandoned:
- When you Forget a memory or remove it from your visible collections, it may move to Abandoned if you have no other surface path to it
- Memories in Abandoned are not automatically purged after a set period
Discard:
- Discard from Pending or Abandoned permanently removes the memory from your account (your access and personal view)
- Discarding does not remove gift access for other people who still have access
Peeks:
- Peek access ends when the peek period expires
5.3 Closed Accounts
When you request account closure, a 30-day cancellation period begins during which you can reverse your decision. After the cancellation period expires, your account data and unshared content will be deleted from our active systems within 30 days.
Your data may persist in encrypted, access-controlled backup archives that are retained for disaster recovery and regulatory compliance purposes. These backups are not used to serve data and are accessed only in the event of a system restoration, at which point any previously processed account deletions are re-applied before the system is made available. Long-term backups are retained for up to six (6) years per our regulatory obligations, after which they are automatically deleted.
Memories you previously gifted to others remain accessible to them until they discard them — gifting grants recipients ongoing access independent of your account closure.
5.4 Beta Data
During the beta period, we may need to reset or migrate data as part of development. We will make all reasonable efforts to avoid resetting or losing your data, and we will notify you in advance if a reset becomes necessary.
6. Children’s Privacy
6.1 Child Archives
Parents and guardians can create archives for their children. These archives contain content about the child, curated by adults. The child is the subject, not the user, until they have their own account and receive access at a time their family determines.
6.2 Children Under 13
- Children under 13 are not permitted to create Memmo accounts
- We do not knowingly collect personal information from children under 13
- Before transfer, content in a child’s archive is uploaded and managed by parents or authorized curators
6.3 COPPA Compliance
If you believe a child under 13 has created an account, please contact us immediately at privacy@memmo.io. We will investigate the report and take appropriate action, which may include restricting or deleting the account and associated data.
7. Your Rights and Choices
7.1 Access
You can view all your data within the app at any time.
7.2 Correction
You can update your account information and edit your content at any time within the app.
7.3 Removal
You can:
- Forget memories, remove them from collections, and Discard them from Pending or Abandoned to permanently remove them from your account
- Close your account entirely by contacting support@memmo.io
Note: Removing a memory from your account does not remove gift access for people you have already gifted. Each person controls their own access via Discard. Only the author can edit the underlying memory.
7.4 Notifications
You can manage notification preferences in the app settings. Some communications (like security alerts) cannot be opted out of.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time as the Service evolves. We will notify you of material changes by:
- Posting the updated Privacy Policy on the Service
- Sending you a notification through the app or email
The “Last Updated” date at the top indicates when the policy was last revised.
9. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Privacy Inquiries: privacy@memmo.io
General Support: support@memmo.io
This Privacy Policy is effective as of June 2, 2026.