Privacy Policy

1. Information We Collect

We collect information you provide directly, such as when you:

• Create an account (name, email, password)
• Upload memories, photos, videos, or audio
• Create groups, posts, comments, or engage with other users
• Make a payment or subscribe to premium
• Contact us for support or feedback

Device & Usage Information: We automatically collect device type, IP address, browser type, pages visited, and time spent on site to improve functionality and measure ad performance.

Location Data: With your consent, we may collect city-level location to personalize travel recommendations and ads.

Legal Basis for Processing (GDPR Article 6):

• Contract (Art. 6(1)(b)): To provide the service you've requested
• Legitimate Interest (Art. 6(1)(f)): To improve the platform, prevent fraud, and analyze usage
• Consent (Art. 6(1)(a)): For marketing communications and personalized advertising
• Legal Obligation (Art. 6(1)(c)): For tax records and regulatory compliance

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the MemoArc service
• Process payments and subscriptions
• Send account notifications and customer support responses
• Display personalized content and travel recommendations
• Show you personalized ads (with your consent)
• Analyze usage patterns to improve the platform
• Comply with legal obligations

3. Advertising & Data Sharing

We use ads to keep MemoArc free. With your consent, we share non-identifying information with ad networks including:

• Google AdSense (device type, interests, content viewed)
• Mediavine (for premium traffic partners)
• Outbrain (for content recommendations)
• Meta Audience Network (engagement metrics)

What we DO NOT share: Your name, email, phone number, precise location, payment information, or password.

Your choices: You can disable personalized ads in Settings. If disabled, ads will still show but won't be tailored to you, and we may not earn revenue. You can also opt-out at any time.

4. Cookies & Tracking

We use cookies and pixels to:

• Keep you logged in (essential)
• Measure page views and user engagement (analytics)
• Show you relevant ads (advertising)
• Prevent fraud and abuse

You can control cookies in your browser settings or through our consent banner.

5. Data Retention

• Account data: Kept while your account is active; deleted upon account deletion.
• Ad engagement data: Kept for 90 days for performance analysis.
• Analytics: Kept for up to 2 years for trend analysis.
• Payment records: Kept for 6 years for tax compliance (Swedish requirement).

6. Your Data Subject Rights (GDPR & CCPA)

GDPR (European Users): Under the General Data Protection Regulation, you have the right to:

• Access (Art. 15): Request a copy of all data we hold about you
• Rectification (Art. 16): Correct inaccurate or incomplete data
• Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Restrict Processing (Art. 18): Limit how we process your data
• Portability (Art. 20): Export your data in a portable, machine-readable format
• Object (Art. 21): Object to processing for direct marketing or automated decision-making
• Withdraw Consent: Withdraw your consent at any time

CCPA (California Users): California residents have similar rights to access, delete, and opt-out of data sales.

To exercise any of these rights, email privacy@memoarc.com and we'll respond within 30 days (or as legally required).

7. Children's Privacy (GDPR Article 8)

Age Requirement: MemoArc requires users to be 18+ years old (legal age of majority in Sweden). We do not target children under 18, but users aged 13-17 may use the service with verifiable parental or guardian consent.

GDPR Compliance: Under GDPR Article 8, users under 16 cannot provide valid consent to data processing. If you're 13-17 and want to use MemoArc, your parent or guardian must consent to these terms and provide their email for verification.

COPPA Compliance: We do not knowingly collect personal information from children under 13. If we learn we've collected data from a child under 13, we'll delete it immediately and inform the parent/guardian. Parents concerned about their child's data should contact privacy@memoarc.com.

Parental Rights: Parents/guardians may request access to, correction of, or deletion of their child's data by emailing privacy@memoarc.com.

8. Data Security

We encrypt data in transit (HTTPS) and at rest. We limit access to your data to authorized employees only. However, no online service is 100% secure; we encourage you to use strong passwords and enable two-factor authentication.

9. Data Processing & International Transfers

Data Controller: MemoArc AB, a Swedish company, is the data controller for personal data processed through the MemoArc service.

Data Location: Your data is stored exclusively on EU servers compliant with GDPR. We do not transfer data outside the EU/EEA without appropriate safeguards and your explicit consent.

Data Processing Agreement (DPA): If you're an enterprise customer or business representative, we can provide a Data Processing Agreement complying with GDPR Article 28. Contact legal@memoarc.com.

Subprocessors: MemoArc uses the following subprocessors (GDPR Article 28):

• Supabase (Database hosting, EU-based)
• Stripe (Payment processing, handles card data per PCI-DSS)
• Google Cloud (Infrastructure and analytics)
• Cloudflare R2 (File storage)
• Google AdSense, Mediavine, Meta (Advertising partners - data shared per consent)

10. Third-Party Links

MemoArc may contain links to third-party sites (ad networks, payment processors, etc.). We're not responsible for their privacy practices. Review their privacy policies before sharing data.

11. Changes to This Policy

We may update this policy to reflect changes in law, technology, or our practices. We'll email users of material changes. Your continued use after changes means you accept the updated policy.

12. Your Rights & Contact Information

You have the right to access, correct, delete, export, or restrict processing of your data at any time. Questions about this privacy policy or your data?

Swedish Data Protection Authority (Datainspektionen): If you believe MemoArc violates your data protection rights or GDPR obligations, you can lodge a complaint with: