JauMemory Privacy Policy

1. Introduction

JauMemory ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-hosted AI memory system service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information

• Email address
• Username
• Payment information (processed securely by third-party payment providers)
• Security settings (two-factor authentication preferences)
• Account preferences and subscription tier

Memory Data

• Text memories you create
• Collections you organize
• Agents you configure
• Memory classifications and importance scores
• Tags and custom metadata
• Agent configurations (if using AI agent features)

Usage Preferences

• Theme settings (light/dark mode)
• Notification preferences
• Encryption tier preferences
• Automated feature settings
• Export format preferences

2.2 Information Collected Automatically

Technical Information

• IP address (collected for security and audit purposes, but not used for tracking)
• Browser information (collected only for troubleshooting when you contact support)
• Device characteristics (optional, only when you enable device trust features for enhanced security)

Usage Data

• API calls and rate limit tracking
• Feature usage statistics
• Error logs (anonymized)
• Performance metrics to maintain service quality

Cookies and Similar Technologies

We currently do not use cookies. Authentication is handled through secure tokens stored in your browser's local storage. Your theme preferences are also stored locally in your browser.

3. How We Use Your Information

3.1 To Provide Services

• Process and store your memories securely
• Synchronize data across your devices
• Enforce rate limits based on your subscription tier
• Provide customer support when requested

3.2 To Improve Our Service

• Analyze usage patterns (aggregated and anonymized)
• Debug and fix technical issues
• Develop new features

3.3 To Communicate With You

• Send service updates and notifications
• Respond to support requests
• Send billing and account information
• Marketing communications (only with your consent)

3.4 For Security and Legal Compliance

• Detect and prevent fraud
• Enforce our Terms of Service
• Comply with legal obligations
• Protect against unauthorized access

4. Data Encryption and Security

4.1 Encryption Overview

We use multiple layers of encryption to protect your data:

• In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher with additional application-layer encryption for sensitive operations.
• At Rest: Your memories are encrypted on our servers using industry-standard encryption algorithms. Higher subscription tiers may offer enhanced encryption options for additional security.
• Key Management: Each user has unique encryption keys. We use industry-standard key derivation functions to ensure key strength.

4.2 Server-Side Encryption Model

Important: JauMemory uses server-side encryption, not zero-knowledge encryption. This means:

• Your data is encrypted on our servers after receipt
• We maintain the technical ability to decrypt data when you access it
• We implement strict access controls and audit logging
• Only authorized personnel can access production systems, and all access is logged and monitored
• We cannot and do not access your encrypted memories except when necessary to provide you the service or as required by law

4.3 Infrastructure Security

• Data Centers: We use enterprise-grade cloud infrastructure from established providers
• Network Security: Multiple layers of network protection including firewalls and intrusion detection
• Backup Systems: Regular encrypted backups with geographic redundancy
• Disaster Recovery: Comprehensive disaster recovery procedures with defined recovery time objectives

4.4 Access Controls

• Principle of Least Privilege: Employees only have access to systems necessary for their role
• Audit Logging: All administrative access is logged and regularly reviewed
• Multi-Factor Authentication: Required for all administrative access
• Access Reviews: Personnel access is regularly reviewed and audited

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information or memory data.

5.2 Limited Sharing Scenarios

Service Providers

We work with carefully selected service providers who are contractually bound to protect your data:

• Cloud infrastructure providers
• Payment processors (who handle payment data securely and never have access to your memories)
• Email service providers (for transactional emails only)

Legal Requirements

We may disclose information if required by:

• Court order or subpoena
• Law enforcement request with proper legal authority
• To protect our rights or property
• To prevent harm to individuals or property

Business Transfers

In the event of merger, acquisition, or sale of assets, user data may be transferred with appropriate notifications.

6. Data Retention

6.1 Active Account Data

• Memory data: Retained as long as account is active
• Account information: Retained for duration of account

6.2 After Account Deletion

• 30-day grace period: You can recover your account within 30 days of deletion request
• Data becomes inaccessible: After grace period, your data cannot be recovered
• Backup retention: Encrypted backups may persist for up to 90 days for disaster recovery
• Audit logs: Anonymized after deletion (user identifiers removed)

6.3 Legal Retention Requirements

Certain anonymized records may be retained as required by law or for legitimate business purposes such as fraud prevention.

7. Your Rights and Controls

7.1 Access Rights

• View all data we have about you
• Export your memories in JSON or CSV formats
• Request data access through your account settings or by contacting support

7.2 Correction Rights

• Update account information
• Edit or delete individual memories
• Contact support for assistance with bulk corrections

7.3 Deletion Rights

• Delete individual memories
• Delete entire account
• Request complete data erasure (subject to legal retention requirements)

7.4 Portability Rights

• Export data in machine-readable format
• JSON and CSV formats available through account settings

7.5 Opt-Out Rights

• Marketing communications
• Analytics tracking
• Automated processing features

8. International Data Transfers

Your data may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by relevant authorities
• Adequate security measures regardless of data location
• Compliance with applicable data transfer regulations

9. Children's Privacy

• Service not intended for users under 13 years of age (or 16 in certain jurisdictions)
• We do not knowingly collect data from children
• If we discover an underage user, we will promptly delete their account and data
• Parents may contact us if they believe their child has provided information

10. California Privacy Rights (CCPA)

For California Residents:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale (Note: We do not sell data)
• Right to deletion
• Right to non-discrimination

Categories of Information Collected:

We collect identifiers (email, username), commercial information (subscription data), and electronic network activity (usage data) as defined under CCPA.

11. European Privacy Rights (GDPR)

For EU/EEA Residents:

• Legal basis for processing:
  • Consent for marketing communications
  • Contract fulfillment for providing memory storage services
  • Legitimate interests for security and fraud prevention
• Right to withdraw consent at any time
• Right to lodge complaint with your local supervisory authority
• Additional rights including access, rectification, erasure, and data portability

12. API and Third-Party Integrations

12.1 API Access

When you use our API or connect third-party services:

• You control what data is shared
• All API access requires authentication
• You can revoke API keys at any time through your account settings
• API usage is rate-limited based on your subscription tier

13. Security Incident Response

13.1 Breach Notification

In the unlikely event of a data breach:

• We aim to notify affected users within 72 hours of discovery
• Notification via email and in-app alert
• We will provide details about what occurred, what data was affected, and steps we're taking

13.2 Mitigation Measures

• Immediate containment and investigation
• Password reset requirements if accounts compromised
• Enhanced monitoring and security measures
• Cooperation with relevant authorities

14. Changes to Privacy Policy

• We notify users of changes via email and in-app notifications
• Material changes will be communicated at least 30 days before taking effect
• Continued use after the effective date constitutes acceptance
• For significant privacy changes, we may request explicit consent

15. Contact Information

Data Controller: JauMemory, LLC

Contact Methods:

• Email: privacy@jaumemory.ai
• Website: https://jaumemory.ai/privacy-contact

Response Time: We aim to respond to all privacy inquiries within 14 business days.

16. Additional Security Measures

We implement additional security measures including:

• Employee security training
• Incident response planning
• Continuous monitoring for threats
• Regular review of security practices

17. Data Processing Agreements

For enterprise customers, we offer Data Processing Agreements that include:

• Detailed security obligations
• Audit rights provisions
• Liability and indemnification terms
• Compliance with applicable regulations