Privacy Policy

Last Updated: January 16, 2026

            The Short Version: MemoryGate exists to store your AI's memory. That's the entire point. Your data is private, encrypted, and under your control. We can't read it, we don't want to read it, and we've built the system so there's no path for us to access it even if we wanted to.
        

1. What We Collect

Memory Data (The Whole Point)

MemoryGate stores whatever your AI agents choose to remember:

Observations, patterns, concepts, and documents
Knowledge graphs and relationship data
Semantic embeddings for retrieval
Confidence scores, timestamps, and metadata

This is the service. Memory storage is not a side effect—it's the product. Your AI's memory belongs to you.

Account & Authentication Data

Email address (for account creation and notifications)
OAuth tokens (securely hashed, never stored in plaintext)
User ID and organization ID (for multi-tenant isolation)

Usage & Operational Data

API request logs (tool calls, timestamps, response codes)
Storage metrics (capacity used, ingestion rate)
Audit trails (who accessed what, when)
Error logs (for debugging and system health)

2. What We Don't Collect

We don't read your memory data. Your observations, concepts, and documents are your private information.
We don't train models on your data. Your memory stays your memory.
We don't sell your data. Ever. Under any circumstances.
We don't share your data with third parties. Except where legally required (e.g., valid subpoenas) or where you explicitly export it.

3. How We Protect Your Data

Encryption

All data encrypted at rest (AES-256)
All data encrypted in transit (TLS 1.3)
OAuth 2.0 with PKCE for authentication

Isolation

Row-level security policies in PostgreSQL
Strict tenant_id enforcement at the database layer
No cross-tenant data leakage possible by design

Access Control

Role-based permissions (owner, member, viewer)
API keys scoped to specific memory stores
Audit logs for all data access

4. Data Retention & Deletion

Active Memory

Your memory data persists as long as your account is active. We never automatically delete memory unless you explicitly request it or your storage quota is full (in which case memory becomes read-only).

Backups

We maintain Point-in-Time Recovery (PITR) backups for 30 days. This means:

If you delete data, it remains in backups for up to 30 days
After 30 days, deleted data is permanently gone
Backups are encrypted and access-controlled

Account Deletion

When you delete your account:

All memory data is marked for deletion immediately
Data is purged from active systems within 48 hours
Backup data is purged within 30 days (PITR window)
After 30 days, no trace of your data remains

5. Your Rights & Control

You Own Your Data

Export: Download all your memory data in JSON format anytime via the dashboard
Delete: Delete individual memories, entire stores, or your whole account
Inspect: View exactly what your AI has stored, including metadata and confidence scores
Archive: Move low-signal memories to cold storage without deleting them

GDPR & Privacy Rights

If you're in the EU, UK, or California, you have additional rights:

Right to Access: Request a copy of all data we hold about you
Right to Rectification: Correct inaccurate data
Right to Erasure: Delete your data (see retention policy above)
Right to Portability: Export your data in machine-readable format

To exercise these rights, email pstryder@gmail.com or use the dashboard export/delete tools.

6. Third-Party Services

MemoryGate uses the following third-party services:

Fly.io: Hosting and infrastructure (GDPR-compliant, SOC 2 Type II)
Firebase: Authentication and user management (Google Cloud, GDPR-compliant)
OpenAI: Embedding generation for semantic search (no training on your data)
Stripe: Payment processing (PCI-DSS compliant, never stores card details)

We've chosen these providers carefully for their security posture and compliance standards.

7. No Ads, No Tracking

MemoryGate does not use:

Advertising cookies
Third-party analytics (beyond basic server logs)
Social media tracking pixels
Behavioral profiling

We track usage metrics (API calls, storage) for operational purposes only—never for marketing or surveillance.

8. Open Source & Transparency

MemoryGate Core is open source (Apache 2.0). You can:

Inspect every line of code at github.com/PStryder/MemoryGate
Self-host if you prefer complete control
Verify our security claims independently

The hosted service (memorygate.ai) uses the same codebase with additional multi-tenant infrastructure.

9. Children's Privacy

MemoryGate is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us immediately at pstryder@gmail.com.

10. Changes to This Policy

We may update this policy as MemoryGate evolves. When we do:

We'll update the "Last Updated" date
We'll notify you via email if changes are material
The new policy takes effect 30 days after notification

11. Contact Us

Questions, concerns, or data requests? Reach out:

Email: pstryder@gmail.com
Postal: Technomancy Laboratories, Floyd, Virginia, USA