Privacy Policy

Effective date: 11 July 2026

Memohopper ("Memohopper", "we", "us") is operated by Yervand Abrahamyan, Armenia. This policy explains what we collect, why, and what rights you have. It covers the website (memohopper.com), the application (app.memohopper.com), the API (api.memohopper.com), and the Memohopper MCP server.

Contact for anything in this policy: support@memohopper.com.

1. What we collect

Account data. Your email address and, if you sign in with Google, your name and Google account identifier. Authentication is handled by our infrastructure provider Supabase; we never see or store your password.

Your content. The knowledge you put into Memohopper: Contexts, memos, uploaded and ingested documents, chat conversations, graph structure, and workspace settings. This is the product — it is stored so we can show it back to you, search it, and run the AI features you invoke on it.

Connector data. If you connect an external source (e.g. Google Drive, Gmail, Notion, Todoist, Jira, Confluence, the web clipper, email-in), we import only the content that integration is scoped to and store the access credentials encrypted (AES-256-GCM). You can disconnect a source at any time, which stops further syncing.

Payment data. Purchases are processed by Paddle as merchant of record. Paddle collects and processes your payment details under its own terms and privacy policy; we never receive your card number. We receive and store only your subscription status, plan, and billing period.

Usage and technical data. Server request logs, error reports, and AI-usage metering (which operations ran, token counts, and cost — used for the fair-use allowance and for keeping the service healthy). Telemetry is retained for 90 days. We do not use advertising trackers or analytics cookies; the browser stores only your session token and UI preferences (theme, layout) in local storage.

2. How we use it

  • To provide the service — storing, indexing, searching, and displaying your content.
  • To run AI features you invoke. When you use explore, chat, Reason mode, evolve, or document analysis, the relevant content is sent to large-language-model providers via our AI gateway (OpenRouter) solely to generate the response. When you use web-grounded features, your search query (not your stored content) is sent to our search provider (Tavily). We do not sell your content and we do not use it for advertising. We do not use your content to train models of our own.
  • To send transactional email — sign-in, billing, and service notifications via our email provider (Resend). No marketing email without your consent.
  • To keep the service secure and fair — abuse prevention, rate limiting, fair-use metering, and debugging.

Legal bases where the GDPR applies: performance of contract (providing the service), legitimate interests (security, metering, service improvement), and consent (optional connectors and any marketing communication).

3. Who processes data on our behalf (subprocessors)

ProviderPurposeLocation
SupabaseDatabase, authentication, storageEU (eu-west-1)
Fly.ioApplication hostingEU (Amsterdam)
OpenRouterAI model gateway (content you submit to AI features)USA
TavilyWeb search (queries only)USA
PaddlePayments, tax, invoicing (merchant of record)UK/EU
ResendTransactional email deliveryUSA/EU
Grafana LabsOperational telemetry (logs, traces, metrics)EU
GoogleSign-in with Google; Google APIs for sources you connectUSA/EU

Where data leaves the EU/EEA, transfers rely on Standard Contractual Clauses or an adequacy decision, as implemented by the provider.

4. Google user data (Limited Use disclosure)

Memohopper's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data imported from Google Drive, Gmail, or Google Calendar is used only to provide the knowledge features you see in your own workspace — never for advertising, never sold, and never read by humans except with your explicit consent, for security purposes, or as required by law.

5. AI agents and API access

If you mint a personal access token and connect your own AI agents (via MCP or the REST API), those agents act on your behalf inside your account: what they store and read is governed by this policy exactly as if you did it yourself. You are responsible for the agents you connect.

6. Retention and deletion

Your content stays until you delete it or your account. Deleting a memo or context removes it from search immediately (soft-deleted items can be restored by you; they are purged on account deletion). Operational telemetry is deleted after 90 days. Backups roll off on our infrastructure providers' standard schedule (≤30 days).

Account deletion and data export: email support@memohopper.com from your account address and we will delete your account and all content, or provide an export of your data, within 30 days. (In-app self-serve deletion and export are on the roadmap.)

7. Your rights

Depending on where you live (e.g. under the GDPR or UK GDPR), you may have the right to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent. Exercise any of these via support@memohopper.com. You also have the right to complain to your local data-protection authority.

8. Security

All traffic is encrypted in transit (TLS). Connector credentials are encrypted at rest (AES-256-GCM). Every row of customer data is isolated per user account, enforced in the application and by database row-level security. Access to production systems is limited to the operator.

9. Children

Memohopper is not directed at children and may not be used by anyone under 16.

10. Changes

We will post any changes to this policy on this page and update the effective date; material changes will be announced by email or in-app notice.