← Back to MemoryVaultAI

Privacy Policy

Last updated: May 10, 2026 · Effective: May 10, 2026

MemoryVaultAI ("we," "us," "our") is a registered business name with ASIC, operating as a partnership in Queensland, Australia. Although MemoryVaultAI may currently fall below the $3 million annual turnover threshold for the Privacy Act 1988 (Cth), we voluntarily comply with the Australian Privacy Principles. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the MemoryVaultAI mobile application and related services (the "Service").

We are committed to transparency and plain language. If anything in this policy is unclear, contact us at support@memoryvaultai.app.

1. Information We Collect

Account Information

• Email address — provided during sign-up via Apple Sign-In, Google Sign-In, or email/password registration.
• Name — provided by Apple Sign-In (first sign-in only) or Google Sign-In. Optional and not required to use the Service.

Content You Share

• Video URLs — links you voluntarily share to the app from third-party platforms (e.g., Instagram, TikTok, YouTube).
• AI-generated metadata — derived from those videos by our AI processing: title, summary, transcript, creator name, people mentioned, locations mentioned, and semantic embeddings used for search.

Usage Data

• Monthly video save count
• Current subscription tier (Free or Pro)
• Account creation date and last active timestamp
• Marketing email opt-in status

Device Data

• IP address, device type, and OS version — collected automatically via our authentication provider (Supabase) as part of session metadata.

Payment Data

We do not collect payment card numbers, billing addresses, or other financial details directly. Payments are handled entirely by Apple App Store or Google Play. We receive only your RevenueCat customer ID and subscription status.

2. Information We Do Not Collect

• Browsing history outside the app
• Contacts, photos, or precise location
• Microphone or camera access (the app does not use these)
• Cookies or web tracking pixels (the app is mobile native)

3. How We Use Your Information

• Provide the Service — process your video URLs with AI to generate searchable metadata.
• Manage your account — authenticate you, maintain your session, manage your subscription tier.
• Communicate with you — send transactional emails (password resets, account confirmations) and, with your consent, marketing updates about new features.
• Improve the Service — understand usage patterns to prioritise features and fix issues.
• Ensure security — detect and prevent unauthorised access or abuse.
• Comply with legal obligations — maintain records required for tax and financial reporting.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Consent — account creation, marketing emails. You may withdraw consent at any time.
• Performance of a contract — processing videos and generating metadata to deliver the Service you signed up for.
• Legitimate interests — usage analytics, security monitoring, and service improvement, balanced against your rights.
• Legal obligation — tax and financial records related to subscription billing.

5. Apple Sign-In Data

If you sign in with Apple, we receive your name (on first sign-in only) and either your real email address or an Apple Private Relay email address, depending on your choice during sign-in.

• We do not display your Private Relay email address publicly or to other users.
• We do not share your Apple-provided email with third parties for marketing.
• We use it solely for account identification and transactional communication.
• You can revoke MemoryVaultAI's access at any time via your Apple ID settings (Settings → Apple Account → Sign-In & Security → Sign in with Apple).
• If you revoke access, you will no longer be able to sign in via Apple. You may contact us to arrange alternative account access or deletion.

6. AI-Generated Metadata

We use Google Gemini to analyse videos you share and generate metadata including transcripts, summaries, and tags. This metadata is produced by AI and may contain inaccuracies.

• AI-generated metadata is provided as-is and we do not guarantee its accuracy.
• You have the right to request human review of any AI-generated output if you believe it is inaccurate or incomplete.
• You may contest AI-generated metadata by contacting us at support@memoryvaultai.app.
• We commit to reviewing such requests and responding within 14 days.

7. Third Parties We Share Data With

We share data only with service providers necessary to operate the Service. We do not sell or share your personal information for advertising purposes.

• Supabase — database, authentication, and file storage (hosted in Sydney, Australia).
• Google Cloud Run — video processing infrastructure (Sydney region).
• Google Gemini API — AI analysis of video content to generate metadata.
• Apple / Google — sign-in providers and payment processors.
• RevenueCat — subscription management and entitlement tracking.
• Resend — transactional and marketing email delivery.

All processors are bound by their own data protection agreements. We use them to operate the Service, not to share your data for their independent marketing purposes.

8. International Data Transfers

Our primary infrastructure is hosted in Sydney, Australia. However, some processors (Google Gemini API, RevenueCat, Resend) may process data in the United States or other jurisdictions.

Where data is transferred outside Australia or the EEA, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Processor certifications under the EU-U.S. Data Privacy Framework where applicable.
• Contractual protections requiring equivalent data protection standards.

9. Data Retention

• Free tier — video metadata is archived (not visible to you) after 30 days from save. Fully deleted after 90 days.
• Pro tier — video metadata kept indefinitely while your subscription remains active.
• Account deletion — all user data deleted within 30 days of your deletion request.
• Backups — data may persist in encrypted backups for up to 90 days after deletion, after which it is permanently purged.
• Legal obligations — we may retain minimal records (subscription transaction IDs, dates) as required by tax law.

10. Your Rights

Depending on your location, you have some or all of the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your data (supported via the in-app delete account function or by contacting us).
• Restriction of processing — request that we limit how we use your data while a concern is being resolved.
• Data portability — request your data in a structured, machine-readable format. We provide export on request.
• Objection — object to processing based on legitimate interests, including for direct marketing.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Not be subject to automated decision-making — request human review of decisions made solely by automated processing that significantly affect you. Our AI generates metadata to assist you but does not make decisions with legal or similarly significant effects on you. If you believe AI outputs are inaccurate, see Section 6 above.

To exercise any of these rights, email support@memoryvaultai.app. We will respond within 30 days (or sooner where required by law).

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell or share personal information for cross-context behavioural advertising. You will not be discriminated against for exercising your rights. If we use sensitive personal information in ways beyond what's necessary to provide the Service, you have the right to limit such use.

Australian Residents

If you are an Australian resident, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au if you believe we have breached the Australian Privacy Principles.

EU/UK Residents

If you are in the EU or UK, you may lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

11. Children's Privacy

MemoryVaultAI is rated 13+ and is not directed at children under 13. We do not knowingly collect personal information from users under 13. If we discover that an account belongs to a user under 13, we will delete it and all associated data promptly. If you believe a child under 13 has created an account, please contact us immediately.

12. Marketing Communications

By signing up to the waitlist or creating an account, you consent to receive transactional emails (account confirmations, password resets) and updates about MemoryVaultAI. You may opt out of marketing emails at any time via the unsubscribe link in any marketing email or by emailing support@memoryvaultai.app.

Every marketing email includes a one-click unsubscribe link. Transactional emails (password resets, security alerts) are not affected by your marketing preferences.

If you unsubscribe, we permanently suppress your email address from future marketing campaigns. Records of your unsubscribe request are kept for compliance purposes.

13. Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS) and at rest.
• Authentication via secure token-based sessions stored in device secure storage.
• Access controls limiting employee access to personal data.
• Our infrastructure providers (Supabase, Google Cloud) maintain industry-standard security certifications. We rely on their compliance frameworks for the underlying infrastructure.

No system is perfectly secure. If we become aware of a data breach that poses a risk to your rights, we will notify you and relevant authorities (the Office of the Australian Information Commissioner, and where applicable, EU/UK supervisory authorities) within 72 hours of becoming aware of the breach, in accordance with applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or in-app notification at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy. We encourage you to review this page periodically.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

MemoryVaultAI
ABN: 86 841 520 767
Queensland, Australia
support@memoryvaultai.app