Privacy Policy
Last Updated: April 1, 2026
Our Commitment to Privacy
At Memento AI, we understand that your code is your intellectual property. We are committed to protecting your privacy and ensuring the security of your data.
Your Code Never Leaves Your Machine
Memento operates entirely on your local computer. Your source code is never transmitted to our servers. We never see it, never store it, never analyze it, and never want to. It is technically impossible for us to access, share, or use your code because it never leaves your machine.
The only data transmitted between your machine and our servers is:
- License validation requests (license key + hardware fingerprint)
- API usage metrics (counts only, no content of any kind)
No source code, file contents, project names, file paths, or any representation of your work is ever transmitted.
Information We Collect
Account Information
- Email address for account creation and communication
- Company name (optional)
- Payment information (processed securely by Stripe)
- License key usage and API call counts
Technical Information
- IP address for security and fraud prevention
- TPM 2.0 hardware fingerprint for license binding
- Operating system and Memento version for support
Data Security
We implement industry-standard security measures:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- SOC 2 Type II compliance (in progress)
Data Retention
- Account data: Retained while your subscription is active
- Payment records: 7 years for tax compliance
- Usage metrics: 90 days rolling window
- Support tickets: 1 year after resolution
Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Opt-out of marketing communications
Third-Party Services
We use the following third-party services:
- Stripe: Payment processing (PCI DSS compliant)
- AWS SES: Transactional emails
- AWS: Infrastructure hosting (US region)
Cookies
We use essential cookies only:
- Session cookies for authentication
- Security cookies for CSRF protection
No tracking or advertising cookies are used.
Children's Privacy
Memento AI is not intended for users under 18. We do not knowingly collect data from children.
International Data Transfers
Your data is processed in the United States. By using Memento AI, you consent to the transfer of your data to the US.
Changes to This Policy
We will notify you via email of any material changes at least 30 days before they take effect.
Contact Us
For privacy concerns or data requests:
Email: [email protected]
GDPR Compliance
For EU residents, Memento AI serves as the data controller. We comply with GDPR requirements including:
- Lawful basis for processing (contract performance)
- Data minimization principles
- Right to erasure ("right to be forgotten")
- Data portability
California Privacy Rights
California residents have additional rights under CCPA. We do not sell personal information.