Memovo Privacy Policy

Effective date: 18 October 2025

1. Introduction

Thank you for choosing Memovo. We value your privacy and are committed to protecting your personal data. This Privacy Policy describes how your information is collected, used, stored and shared when you use the Memovo mobile application and related services (collectively, the “App”). This policy applies to all users of the App regardless of where they reside, but has been drafted to comply with the General Data Protection Regulation (“GDPR”) and other relevant data-protection laws.

2. Controller and Contact

Controller: Josua Waghubinger
Email: hi@josua.io

For questions regarding this policy or to exercise your data‑protection rights, please contact us at the above email address.

3. Scope

This policy governs personal data processed in connection with your use of Memovo. It does not apply to third‑party websites or services that may link to or be accessible from the App.

4. Data We Collect

We collect the following categories of information when you use the App:

Account data: If you create a Memovo account, we collect your email address and a hashed password. Authentication is provided by Supabase; we do not store plain‑text passwords.
Content you provide: When you use Memovo to create text entries, upload images or voice recordings, we store those entries to enable synchronization across your devices. Images and text are stored in our database, while voice recordings are sent to our transcription service and then deleted once transcribed.
Usage and device data: We collect certain technical information automatically when you use the App, such as IP address, device identifiers, browser type, operating system, device model, crash logs and other diagnostic information. This information helps us maintain security, diagnose problems and improve performance. We do not use third‑party analytics or advertising trackers.
Subscription and payment data: When you purchase a subscription through Apple App Store or Google Play, payment is processed by the relevant store and our subscription partner RevenueCat. We may receive purchase tokens and subscription status but do not process your payment information directly.
AI features and voice recordings: If you choose to generate weekly summaries or use voice transcription, text and audio data you submit will be transferred to our AI partners (see Section 9). These data are processed solely to provide the requested feature and are not used for training or profiling. Audio files are deleted after transcription.

5. How We Collect Data

Directly from you: You provide data when you create an account, submit entries, upload images or contact us for support.
Automatically: We collect log and device data automatically when you use the App. This may include IP address and device identifiers. We also use essential cookies and local storage to maintain your session and remember preferences. We do not use marketing cookies or cross‑site tracking.
From third‑party services: We receive subscription status information from RevenueCat and authentication tokens from Supabase. We do not collect information about you from social networks or other external data brokers.

6. Legal Basis for Processing

We process your personal data only when we have a legal basis to do so. Under the GDPR, this includes:

Performance of a contract (Art. 6 §1 lit. b GDPR): We need to process your data to provide and maintain the App, including creating your account and storing your entries.
Legitimate interests (Art. 6 §1 lit. f GDPR): We process certain technical data (e.g., logs and device identifiers) to ensure the security and functionality of the App. This includes preventing abuse, fixing bugs and improving performance. Our legitimate interests do not override your privacy rights.
Consent (Art. 6 §1 lit. a GDPR): We rely on your explicit consent for optional features such as AI‑generated summaries and voice transcription. You may withdraw your consent at any time in the app settings; withdrawal will not affect the lawfulness of processing prior to withdrawal.

7. Purposes of Processing

We use your data for the following purposes:

To register and authenticate you and manage your account;
To store and synchronize your journal entries, photos and other content across devices;
To provide AI summarization and voice transcription services when you enable those features;
To manage subscriptions and verify purchases via RevenueCat;
To respond to support requests and communicate with you about the App;
To secure the App, detect fraud, fix bugs and ensure stable operation;
To comply with legal obligations and respond to lawful requests from authorities.

8. Data Storage and Location

Memovo stores user data in a secure cloud database provided by Supabase. Supabase operates data centers within the European Union, with our project hosted in the eu‑central‑1 region (Frankfurt, Germany). Your personal data therefore remains within the EU, ensuring compliance with European data‑protection standards. We have concluded data‑processing agreements with Supabase and other providers to ensure they process data solely on our behalf.

Data are encrypted at rest and during transmission. Supabase’s infrastructure includes encryption (AES‑256 at rest and TLS in transit) and security certifications such as SOC 2. Only authorized personnel can access the database.

9. Third‑Party Service Providers

We share your data only with service providers necessary to operate Memovo. These providers process data on our behalf under strict confidentiality agreements and data‑processing contracts. The main partners include:

Supabase: Provides our database and authentication services. Data are stored in the EU (Frankfurt).
RevenueCat: Manages subscriptions and in‑app purchases. RevenueCat receives purchase tokens and subscription status; your payment details are handled by Apple or Google.
Mistral AI: Provides AI‑based summarization. When you request a weekly summary, the text of your entries is transmitted to Mistral AI for processing and then deleted once the summary is generated.
Assembly AI: Processes voice recordings to generate transcriptions. Audio files are deleted after transcription.
Cloud hosting: We may use a hosting provider (e.g., Cloudflare/Vercel) to serve our website and API. Some log data may be processed outside the European Economic Area (“EEA”), but we ensure adequate safeguards, such as standard contractual clauses, are in place.

We do not sell or rent your personal data to third parties. We will disclose information only when required by law or if necessary to protect our rights or the safety of users.

10. Cookies and Tracking Technologies

Memovo uses essential cookies and local storage to maintain your session and remember preferences. These technologies are strictly necessary to provide the service and do not require separate consent. We do not use marketing cookies, analytics or third‑party advertising pixels.

11. Data Retention

We retain your personal data for as long as you maintain a Memovo account. When you delete your account, your journal entries, photos and other content are permanently removed from our database, except where retention is required by law (for example, tax or accounting records). If you uninstall the App without deleting your account, your data remains stored until you delete it or request deletion.

12. International Data Transfers

We strive to keep your data within the European Union. However, some service providers (e.g., Mistral AI and Assembly AI) may process data outside the EEA. In such cases, we ensure that appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses or adequacy decisions, to protect your data to EU standards.

13. Data Security

We implement industry‑standard security measures to protect your data from unauthorized access, alteration, disclosure or destruction. These measures include encryption in transit and at rest, secure authentication, role‑based access controls, regular security audits and vulnerability assessments. We also implement a data‑breach response protocol to promptly notify affected users and authorities in the unlikely event of a breach.

14. Your Rights

Under the GDPR and other applicable laws, you have the following rights regarding your personal data:

Right of access: Obtain confirmation whether we process your data and receive a copy of the information we hold.
Right to rectification: Request correction of inaccurate or incomplete personal data.
Right to erasure: Request deletion of your data ("right to be forgotten").
Right to restriction of processing: Request restriction of processing under certain circumstances.
Right to data portability: Receive your data in a structured, commonly used and machine‑readable format and transmit it to another controller.
Right to object: Object to processing based on legitimate interests or direct marketing.
Right to withdraw consent: Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Right to lodge a complaint: Complain to a supervisory authority if you believe our processing infringes data‑protection laws.

To exercise any of these rights, please contact us at the email address listed in Section 2. We will respond to your request in accordance with applicable law.

15. Automated Decision‑Making and Profiling

Memovo does not engage in automated decision‑making or profiling that would produce legal or similarly significant effects on you.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies or legal requirements. We will notify you of material changes via email or an in‑app message. The most current version of the policy will always be available within the App. Continued use of the App after changes are made constitutes acceptance of the revised policy.

17. Contact

If you have any questions about this Privacy Policy or our data‑processing practices, please contact:

Josua Waghubinger
Email: hi@josua.io

A German version of this privacy policy can be provided upon request. For translation or additional languages, please contact us.