1. Controller
For data protection purposes, the controller for personal data processed through the service is Quandelia SRL, which operates Memoris.
2. What we collect
Vault and authentication data. When you create a vault, we store a vault identifier, a verifier derived from your recovery secret, an encryption public key, and basic lifecycle data. We do not store the raw recovery secret. When you open a vault, we may issue a signed session token and may store passkey credentials if you register them on your device.
Presence data. We store presences created within a vault, including geographic coordinates, access settings, lifecycle state, creation inputs, generated artifact references, and operational timestamps.
Conversation data. If you use conversation features, we store messages, summaries, and related metadata required for the feature to function and to enable safety moderation.
Payment data. Payments are processed by our payment infrastructure partner acting as Merchant of Record. We may receive limited transaction data from that partner — order identifiers, product identifiers, purchase status, and a customer reference — to reconcile transactions to your vault. We do not store full payment card data.
Technical and operational data. We collect standard logs including IP addresses, request timestamps, and error and security logs, used for service reliability, fraud prevention, and debugging. We do not use advertising trackers or data-broker analytics.
3. How we use data
We use data only to: create and operate vaults and presences; validate sessions and passkeys; deliver purchased digital content; support conversation and presence generation; enforce platform rules and safety standards; prevent fraud, abuse, and chargebacks; and comply with legal obligations.
We do not sell or rent personal data. We do not use personal data for advertising.
4. How data is shared
We share limited data with third-party service providers only where necessary to operate Memoris, including providers for hosting, payment processing, content moderation, and security. These providers are contractually bound to process data only for the purposes we specify.
We may disclose data when required by applicable law, court order, or regulatory authority, or where reasonably necessary to protect the rights, property, or safety of users, the platform, or third parties.
5. International transfers
Memoris is operated from Europe. If personal data is transferred outside the European Economic Area, the United Kingdom, or Switzerland, we use appropriate safeguards and lawful transfer mechanisms as required by applicable law.
Where required, such transfers are made subject to standard contractual clauses or other lawful transfer mechanisms.
6. Retention
We retain personal data for as long as reasonably necessary to operate the service, maintain ownership records, enforce platform rules, meet legal obligations, and resolve disputes. Operational and safety records may be retained after a presence is deleted, including records needed for fraud prevention, legal compliance, and auditability of digital purchases.
7. Cookies and local storage
Memoris uses essential session cookies required for vault authentication and service continuity. These are not used for advertising. We do not use third-party advertising cookies or tracking pixels. See our Cookie Policy for full details.
8. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, or request deletion of personal data we hold about you. To exercise these rights, use the contact address listed below. We will respond within the timeframes required by applicable law.
We may retain limited data where necessary for security, fraud prevention, payment reconciliation, legal compliance, or the defense of legal claims.
If you are located in the European Economic Area, you also have the right to lodge a complaint with your national data protection authority.
9. Security
We implement technical and organizational measures appropriate to the risks involved, including signed sessions, vault-based access controls, and abuse monitoring. No system is entirely secure, but we minimize data collection and reduce unnecessary exposure wherever possible.
10. Changes
We may update this policy from time to time. Material changes will be published on the site before they take effect.
11. Contact
For privacy-related requests and questions, use the address below.