MyMemoriAI
Bring memories to life

Legal

Privacy Policy

This Privacy Policy explains how MyMemoriAI ("we," "us," or "our") collects, uses, stores, shares, and otherwise processes personal data when you access or use our website, applications, and related services (collectively, the "Service").

Last updated: March 12, 2026

If you have any questions about this Privacy Policy or how your personal data is handled, you can contact us at:

MyMemoriAI
info.mymemoriai@gmail.com

If required under applicable law, we may also designate a data protection contact or representative and publish those details here.

By using the Service, you acknowledge that your personal data may be processed as described in this Privacy Policy.

1. Who we are

For the purposes of applicable data protection law, including the General Data Protection Regulation ("GDPR"), MyMemoriAI is generally the data controller for the personal data described in this Privacy Policy, unless stated otherwise.

Where third-party providers process personal data on our behalf, they act as our processors or sub-processors, subject to contractual and legal safeguards. In some situations, third parties may act as independent controllers for their own purposes, such as payment processors or identity providers. GDPR distinguishes between controllers and processors, and transparency about these roles matters.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data we process when you:

  • visit our website;
  • create or use an account;
  • authenticate through a third-party provider such as Google;
  • upload images or other content;
  • request AI-generated videos or other output;
  • purchase credits or paid features;
  • contact support;
  • interact with cookies, analytics, or similar technologies;
  • otherwise use the Service.

This Privacy Policy does not apply to third-party websites, services, or platforms that are not operated by us, even if they are linked from or integrated with our Service.

3. Personal data we process

Depending on how you use the Service, we may process the following categories of personal data.

3.1 Account and identity data

This may include:

  • name;
  • email address;
  • account ID;
  • authentication provider identifier;
  • profile image made available by your sign-in provider;
  • account creation date;
  • subscription or credit status.

If you sign in using Google or another third-party login provider, we receive only the information that provider makes available to us according to your settings and the permissions granted.

3.2 Uploaded content

This may include:

  • images you upload;
  • prompts, instructions, and metadata attached to a generation request;
  • generated videos and related outputs;
  • thumbnails, previews, file names, dimensions, timestamps, and technical metadata;
  • content you delete, until deletion or backup-cleanup processes complete.

Uploaded images may contain personal data, including photos of identifiable individuals and potentially sensitive contextual information. If facial images are uploaded, they may involve regulated personal data depending on the circumstances and applicable law.

3.3 Payment and billing data

If you purchase credits or paid features, we may process:

  • billing records;
  • order history;
  • transaction identifiers;
  • country or region for tax handling;
  • subscription status;
  • limited payment-related metadata.

We do not store full payment card numbers ourselves. Payments are handled by third-party payment processors.

3.4 Technical, device, and usage data

We may process:

  • IP address;
  • browser type and version;
  • device identifiers;
  • operating system;
  • language settings;
  • referring URLs;
  • timestamps;
  • log data;
  • crash reports;
  • approximate location derived from IP;
  • interactions with the Service;
  • usage metrics such as pages visited, buttons clicked, generations requested, and error events.

3.5 Support and communication data

If you contact us, we may process:

  • your name and email address;
  • the contents of your message;
  • attachments you send;
  • records of support conversations;
  • internal notes relating to your request.

3.6 Compliance, abuse-prevention, and security data

We may process:

  • moderation flags;
  • risk signals;
  • abuse reports;
  • account access history;
  • suspicious activity indicators;
  • fraud checks;
  • policy-enforcement records;
  • complaint and dispute records.

4. Sources of personal data

We collect personal data from the following sources:

  • directly from you when you create an account, upload content, purchase credits, or contact us;
  • automatically from your device or browser when you use the Service;
  • from third-party providers such as authentication providers, payment processors, hosting or analytics tools;

5. Why we process personal data and our legal bases

Under GDPR, personal data must be processed on a valid legal basis, and privacy notices should explain those bases clearly. We may process personal data for the following purposes:

5.1 To provide and operate the Service

Legal basis: performance of a contract; legitimate interests

We process personal data to: create and manage your account; authenticate your access; upload, store, and manage your files; generate AI videos and related output at your request; display your content and usage history inside your account; provide customer support; maintain service functionality.

5.2 To process purchases, credits, and subscriptions

Legal basis: performance of a contract; legal obligation

We process payment and transaction data to: complete purchases; allocate credits; manage subscriptions and renewals; issue invoices where applicable; keep tax and accounting records; prevent payment fraud and abuse.

5.3 To secure the Service and prevent misuse

Legal basis: legitimate interests; legal obligation where applicable

We process personal data to: detect fraud, unauthorized access, bots, scraping, and abuse; enforce our Terms of Service and Acceptable Use rules; investigate technical failures and suspicious behavior; protect users, third parties, and the public; preserve evidence for disputes, complaints, or legal obligations.

5.4 To improve the reliability, safety, and performance of the Service

Legal basis: legitimate interests; consent where required

We process technical and usage data to: diagnose bugs and infrastructure issues; measure performance; understand which features are used; test and improve the stability and usability of the Service; develop better moderation, security, and anti-abuse controls.

5.5 To use analytics and cookies

Legal basis: consent where required; legitimate interests for strictly necessary technologies

We may use cookies, SDKs, pixels, local storage, and similar technologies to operate the Service and, where permitted, to understand usage patterns and improve the user experience.

Where analytics or tracking requires consent under applicable law, we will request your consent before activating those technologies. In the EU, consent is generally required for non-essential trackers, though some audience-measurement tools may qualify for a narrow exemption only under specific conditions.

5.6 To comply with legal obligations

Legal basis: legal obligation

We may process personal data to: comply with tax, accounting, consumer, and data protection laws; respond to lawful requests from courts, regulators, or law enforcement; process complaints about illegal content or infringement; meet retention, audit, and reporting obligations.

5.7 To communicate with you

Legal basis: performance of a contract; legitimate interests; consent where required

We may send transactional messages about: account activity; purchases; service changes; important notices; security issues; policy updates.

If we send marketing communications, we will do so in accordance with applicable law and your preferences.

6. Special note about uploaded images and personal data of others

You may upload images containing other people. In that case, you are responsible for ensuring that you have a valid legal basis and all required permissions to upload, process, and generate output from those images.

We do not independently verify every permission or consent associated with uploaded images. However, we may review, block, remove, or report content where necessary for safety, rights protection, or legal compliance.

If you upload images containing identifiable individuals, including facial images, you acknowledge that such images may constitute personal data and may require consent or another valid legal basis under applicable law.

7. Do we use uploaded content to train AI models?

We do not use your uploaded images or generated videos to train our own general-purpose AI models unless we clearly ask for your separate permission.

8. Cookies and similar technologies

We use cookies and similar technologies for several purposes, including:

  • authentication and session management;
  • security and fraud prevention;
  • load balancing and service functionality;
  • remembering preferences;
  • measuring usage and performance;
  • understanding whether product changes are effective.

Some cookies and similar technologies are strictly necessary for the Service to function and do not require consent in many jurisdictions. Others, particularly analytics and marketing-related trackers, may require prior consent depending on the applicable ePrivacy and cookie rules.

You can manage your choices through our cookie banner or settings interface, where available.

9. Analytics

If you enable analytics cookies through our consent banner, we may use analytics providers such as Google Analytics to understand aggregate usage trends, product performance, and public-site engagement.

We do not intentionally send raw uploaded image content or generated video files to analytics providers for analytics purposes.

Analytics data may include:

  • page views;
  • session events;
  • device and browser information;
  • approximate geography;
  • general interaction patterns;
  • referral information.

You can withdraw your analytics consent at any time through the settings or consent tools we make available.

10. Automated processing and moderation

We may use automated tools, including machine-learning systems, to:

  • process upload requests;
  • generate output;
  • detect abuse or prohibited content;
  • identify suspicious patterns;
  • flag content for review;
  • prevent fraud or platform misuse.

These tools may assist in moderation and safety operations, but they may not always be accurate. We may combine automated systems with human review where necessary and appropriate.

11. Who we share personal data with

We do not sell your personal data in the ordinary meaning of "sell." We may share personal data with the following categories of recipients where necessary:

11.1 Service providers and processors

These may include providers of:

  • hosting and cloud storage;
  • authentication;
  • payment processing;
  • AI generation infrastructure;
  • content delivery;
  • security and monitoring;
  • customer support tooling;
  • analytics;
  • email delivery.

These providers process personal data on our behalf under contractual safeguards where required.

11.2 Payment providers

Payment processors may act as independent controllers for some payment-related processing under their own privacy policies.

11.3 Professional advisors and business counterparties

We may disclose data to lawyers, accountants, auditors, insurers, financing partners, or acquirers where reasonably necessary for legal, operational, or corporate purposes.

11.4 Authorities and third parties where required by law

We may disclose personal data:

  • to comply with legal obligations;
  • to respond to lawful requests;
  • to protect rights, safety, and property;
  • to investigate fraud, infringement, or abuse;
  • in connection with disputes, litigation, or enforcement.

11.5 Corporate transactions

If we are involved in a merger, acquisition, restructuring, financing, sale of assets, or similar transaction, personal data may be disclosed as part of that process, subject to applicable confidentiality and legal safeguards.

12. International data transfers

Some of our providers may process personal data outside the European Economic Area ("EEA"). Where personal data is transferred outside the EEA, we take steps to ensure an adequate level of protection under applicable law.

Depending on the destination country and provider, these safeguards may include: an adequacy decision by the European Commission; Standard Contractual Clauses ("SCCs"); other lawful transfer mechanisms recognized under GDPR.

The European Commission recognizes adequacy decisions for some countries, and SCCs are one of the key transfer tools for data transfers to non-EEA recipients where no adequacy decision applies.

You may contact us for more information about the safeguards used for relevant transfers, subject to confidentiality and security limitations.

13. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law. Storage limitation is one of the GDPR's core principles.

Retention periods may vary depending on the type of data: Account data: retained while your account is active and for a limited period thereafter as necessary for legal, operational, or dispute-related reasons. Uploaded images and generated videos: retained while available in your account and until deleted by you, subject to backup cycles, abuse investigations, legal holds, or technical cleanup delays. Payment and billing records: retained as required by tax, accounting, and audit laws. Support records: retained as reasonably necessary to handle your request, improve support quality, and protect against disputes. Security and abuse-prevention logs: retained for as long as reasonably necessary to detect, investigate, and prevent misuse or as required by law.

We may delete, anonymize, aggregate, or irreversibly de-identify data when it is no longer needed.

14. Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption in transit, security monitoring, provider due diligence, and internal access restrictions.

No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a personal data breach, we will respond in accordance with applicable law, including notification obligations where required.

15. Your rights

Depending on your location and subject to applicable conditions and limitations, you may have the following rights regarding your personal data:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to object to certain processing;
  • the right to data portability;
  • the right to withdraw consent at any time where processing is based on consent;
  • the right not to be subject to certain decisions based solely on automated processing, where applicable;
  • the right to lodge a complaint with a supervisory authority.

The EDPB explains that controllers must facilitate the exercise of data subject rights and respond to such requests.

To exercise your rights, contact us at info.mymemoriai@gmail.com. We may need to verify your identity before acting on your request. Some rights are not absolute and may depend on the legal basis for processing or other applicable exceptions.

If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority. If you are established in Belgium, that may include the Belgian Data Protection Authority.

16. Deletion of content and account

You may be able to delete uploaded content and generated outputs through your account interface. Deletion requests may not result in immediate removal from all systems, because backups, logs, fraud-prevention records, and technical cleanup cycles may require a limited delay.

You may also request deletion of your account by contacting us at info.mymemoriai@gmail.com or through in-product tools where available. We may retain certain data after deletion where necessary to: comply with legal obligations; resolve disputes; enforce our agreements; prevent fraud or abuse; maintain security records; complete backup expiration processes.

17. Children

The Service is not directed to children, and we do not knowingly collect personal data directly from children who are not legally permitted to use the Service.

If you believe a child has provided personal data to us in violation of applicable law, contact us and we will take appropriate steps to investigate and, where appropriate, delete the data.

18. Third-party services

The Service may link to or integrate with third-party services. We are not responsible for the privacy practices of those third parties. Their processing is governed by their own terms and privacy notices.

You should review the privacy notices of third-party providers you use in connection with our Service, especially identity providers, payment processors, and external platforms on which you publish generated content.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in: the Service; our providers; our processing activities; legal requirements; security practices; product functionality.

When we do, we will update the "Last updated" date at the top of this Privacy Policy and, where required by law, provide additional notice.

20. Contact us

For privacy-related questions, requests, or complaints, contact:

MyMemoriAI
info.mymemoriai@gmail.com

See also Terms of Service and Privacy Policy.