Privacy
Privacy Policy
Last updated: July 2026
This policy describes how Memento (Memento Labs) collects, uses and protects your data, including through the web app, the Web Clipper browser extension, and AI features. We design Memento as a personal Second Brain: by default your data belongs to you and is not shared.
1. Data we collect
Account and authentication: email address, optional name, hashed password (bcrypt), or Google identifier via OAuth (Google Auth Platform).
Notebooks and notes: content, title, labels, attached images and files (PDF, images, documents), metadata (dates, order, color, pinned, archived), and version history (snapshots).
Reminders and notifications: date/time, recurrence, optional location, status (done/not done).
AI data: note title and body sent to your configured AI provider to generate summaries, tags, embeddings, Memory Echo, reformulations, translations, suggestions. With BYOK (your own key), requests go directly to your provider; otherwise they transit through our shared AI router.
Web Clipper extension (Chrome / Firefox): when you explicitly click "Clip", the extension reads the active URL, page title, text selection and (depending on your choice) the full page HTML. No page content is read unless you initiate the action.
Technical and session cookies: strictly necessary for authentication (NextAuth cookies) and preferences (language, theme, extension settings panel). No advertising cookies, no third-party trackers by default.
Billing and quotas: for paid tiers, order reference and AI usage tokens stored to enforce quotas (atomic reservation). No bank card data (handled by Stripe).
Technical metadata: IP address (logged ~30 days for anti-abuse), user agent, extension version, anonymized error codes.
2. How we use data
Provide the service: notebook sync, search, Memory Echo, Memory Echo insights, agents, web publishing of notes, clips from the extension.
Improvement: anonymized error logs and aggregated metrics (internal Prometheus + Grafana dashboards) to diagnose failures and improve performance.
Security: abuse detection, protection against credential stuffing and quota overruns.
We never sell your data. We never share it with advertisers. No advertising profiling.
3. Third parties and sub-processors
Google OAuth: optional authentication (Branding → Audience "In production").
Google Cloud Storage (GCP): hosting of attached files and attachments, Europe region (eu-west-3 / europe-west9).
PostgreSQL (Docker self-hosted): main database, encrypted backups at rest.
Redis (Docker self-hosted): session cache, rate limiting, job queues.
AI providers (OpenAI, Anthropic, Google Gemini, Mistral, OpenRouter, or your own BYOK key): the title and content of the selected note are sent for AI features. No training is performed on your data through us; see the chosen provider's policy.
Stripe: subscription billing. Payment data is handled exclusively by Stripe (PCI-DSS).
Resend: transactional emails (account verification, password reset, quota alerts).
Google Fonts (CDN fonts.googleapis.com): web fonts on the landing page and the extension side panel — IP address is shared with Google.
Google Favicons (google.com/s2/favicons): site icon retrieval in the extension — the domain URL is shared with Google.
Grafana Cloud (optional monitoring): anonymized aggregated metrics.
4. Browser extension permissions
activeTab: read the active tab content only when you click the "Clip" button. No passive reading.
scripting: inject a small selection-capture script after your explicit click.
storage: remember your Memento server URL and the last-used notebook.
sidePanel (Chrome) / sidebar_action (Firefox): open the side panel to display the clipper UI.
tabs: retrieve the active tab URL and title for the clip context.
host_permissions: limited to memento-note.com in production. Extended hosts (localhost / LAN) are only available in the developer build.
The extension never reads your browsing history. It never communicates with any server other than the Memento instance you explicitly configured.
5. Artificial intelligence and BYOK
AI features (summary, tags, Memory Echo, semantic embeddings, agents) consume a token-based quota. The quota is atomically reserved before each call.
You can provide your own API key (BYOK) to bypass shared quotas and route calls directly through your provider. The key is encrypted at rest (AES-256-GCM) and is never displayed in clear text after entry.
No model training is performed on your data through us.
You can disable each AI feature individually in Settings → AI.
6. Data retention
Notebooks and notes: kept as long as your account is active. Permanently deleted within 30 days of account deletion (unless a legal obligation requires otherwise).
Trash: deleted notes kept for 30 days before permanent purge.
Error logs: maximum 90 days, then aggregated.
Database backups: kept 30 days in encrypted rotation.
Billing metadata: kept 10 years (accounting obligation).
7. Your rights (GDPR / CCPA)
Access: full export of your notes, notebooks, labels and settings via Settings → Data.
Rectification: edit directly in the interface.
Erasure: account deletion in Settings → Data. Definitive erasure within 30 days.
Portability: JSON export of notes, notebooks and labels (equivalent of the `export_notes` MCP server tool).
Opt-out of AI processing: disable AI features in Settings → AI.
Complaint: you may contact the CNIL (France) or the supervisory authority of your place of residence.
To exercise your rights: [email protected].
8. Security
Transport: HTTPS enforced, HSTS enabled, security headers (CSP, X-Frame-Options, X-Content-Type-Options).
Storage: bcrypt-hashed passwords, AES-256-GCM-encrypted API keys, secrets in encrypted environment variables at rest.
Authentication: NextAuth session cookies, signed JWT, sliding expiration.
Audit: audit logs for sensitive actions (password change, data export, account deletion).
Bug bounty: [email protected] to report a vulnerability. Responsible disclosure program.
9. Minors
Memento is not intended for children under 16 (GDPR) or 13 (COPPA). We do not knowingly collect data from minors. If you believe a minor has provided data, contact [email protected] for deletion.
10. Changes to this policy
Any substantial change is announced by email at least 30 days in advance and via an in-app banner. The "Last updated" date at the top of this page is updated with each revision.
Non-substantial changes (wording fixes, updated links) are published without notice. The previous version remains accessible on request.
11. Contact and data controller
Memento Labs — Data controller: [email protected]
Data Protection Officer (DPO): [email protected]
Postal address: Memento Labs, [address], France
Data hosting: self-hosted on Memento Labs infrastructure (PostgreSQL + Redis Docker, Europe region).