Privacy Policy
This Privacy Policy explains how memoit (“we”, “us”) collects, uses, shares, and protects personal data when you use our websites, applications, and related services (the “Service”). It also describes your rights under the EU/UK GDPR and Brazil’s LGPD.
1) Scope & Roles
- Scope. This Policy covers personal data processed when you visit our site, create an account, use the Service, receive support, or interact with our emails.
- Controller. For account, product, and billing operations, memoit acts as a controller.
- Processor (business features). For business customers who instruct us to process data in specific integrations on their behalf, we act as a processor under a Data Processing Addendum (available on request).
2) Data We Collect
2.1 You provide
- Account data: email, display name, password (hashed).
- Content & activity: content you create, upload, or import (e.g., flashcards, media, metadata) and interactions such as review history and feature usage.
- Support communications: messages you send to support and any diagnostics you choose to share.
- Billing data: billing name, email, country, tax-relevant fields you submit at checkout. Payments are handled by third-party processors; we do not store full card numbers.
- Consent status: your analytics consent choice (granted/denied) recorded via the cookie banner.
2.2 Collected automatically
- Usage & device data: pages/screens viewed, actions/events, timestamps, IP-derived region, device/OS/browser, performance metrics, crash logs.
- Cookies/local storage: essential cookies for login, security, and load balancing; analytics cookies only after you consent via the banner.
2.3 From third parties
- Payment confirmations: status/amount, masked payment details on receipts (e.g., last 4 digits), refunds.
- Anti-abuse signals: limited device/network indicators to prevent fraud and misuse.
Avoid uploading sensitive personal data (e.g., health, precise geolocation, biometric templates). We do not intentionally collect special categories of data.
3) Purposes & Legal Bases
We process personal data only where we have a lawful basis. When we rely on legitimate interests, we balance those interests against your rights and implement safeguards. Where we rely on consent (e.g., analytics in EU/UK), you can withdraw it at any time via the cookie banner or by contacting us.
| Purpose | Examples | EU/UK GDPR | Brazil LGPD |
|---|---|---|---|
| Provide the Service | Account; sync; core features | Contract (Art. 6(1)(b)) | Contract (Art. 7, V) |
| Operate & secure | Auth; rate limits; fraud logs | Legitimate interests and/or Contract | Legitimate interest and/or Contract |
| Improve & debug | Metrics; crash reports; QA | Legitimate interests | Legitimate interest |
| Billing & compliance | Invoices; tax records; refunds | Legal obligation; Contract | Legal obligation; Contract |
| Support | Ticket replies; troubleshooting | Contract / Legitimate interests | Contract / Legitimate interest |
| Analytics | Usage measurement | Consent (EU/UK) | Consent (where required) |
4) Cookies, Consent Banner & Analytics
- Essential cookies (authentication, security, load balancing) are required and always active.
- Analytics cookies load only after you click “Accept” in our cookie banner. Until then, analytics is off.
- Withdraw/change consent. You can change your choice at any time by re-opening the cookie banner (where available) or by emailing privacy@getmemoit.com. We will honor withdrawals promptly; this stops future analytics measurement and clears analytics cookies where feasible.
- We do not serve interest-based advertising and do not sell personal data.
- Default is denied; analytics does not load or set cookies until you accept.
- If you accept, analytics activates and may set measurement cookies.
- If you later withdraw, we stop analytics going forward and, where feasible, remove related cookies.
5) How We Use Your Content
- You own your content.
- We process content and related activity only to run, secure, back up, and improve the Service (e.g., synchronization, deduplication, scheduling, relevance/performance improvements).
- If you choose to share content, it becomes visible to the audiences you select. Unsharing stops new access; prior copies/views may persist where permitted by law.
6) Sharing Your Data
We share personal data only with service providers (hosting, analytics, communications, payments, support) under confidentiality and data-protection obligations; professional advisors; authorities or third parties where required by law or to protect rights/safety; and business customers if you use the Service under their enterprise account. We do not sell personal data.
7) International Transfers
We may transfer personal data to countries outside your own. For GDPR/UK GDPR we use appropriate safeguards such as Standard Contractual Clauses and supplementary measures with providers. For LGPD we use adequacy or contractual safeguards consistent with LGPD requirements. Questions? Contact privacy@getmemoit.com.
8) Data Retention
| Data category | Typical retention |
|---|---|
| Account profile & settings | While account is active; up to 24 months after closure (limited records) |
| User content & in-product activity | Until you delete it or close your account; backups roll off on a schedule |
| Logs & security events | ~6–18 months |
| Billing/financial records | As required by law (often 5–10 years) |
| Support tickets | Up to 24 months after resolution |
9) Your Rights
EU/UK (GDPR/UK GDPR)
- Request access, rectification, erasure, restriction, portability, and objection (for processing based on legitimate interests).
- Withdraw consent at any time for activities based on consent (e.g., analytics).
- Lodge a complaint with your data protection authority.
Brazil (LGPD)
- Request confirmation of processing, access, correction, anonymization/blocking/deletion of unnecessary or excessive data, portability, information on sharing, revocation of consent, and review of automated decisions.
How to exercise. Email privacy@getmemoit.com from your account email. We may request information to verify your identity. We respond within legal timelines (GDPR: typically 1 month; LGPD: prompt confirmation and up to 15 days for a full response).
10) Children
The Service is intended for users 13+. We do not knowingly collect personal data from children under 13. If you believe a child under 13 provided data, contact privacy@getmemoit.com to request deletion. Where local law sets a higher age of consent, we follow that higher age.
11) Security
We implement administrative, technical, and organizational measures appropriate to risk, including encryption in transit, hardened infrastructure, access controls, environment isolation, monitoring, and regular backups. No system is perfectly secure; please protect your account and devices.
12) Communications
- Transactional emails (receipts, service notices) are essential.
- Marketing updates are sent only if you have opted in; you can unsubscribe at any time using the link in the email.
13) Automated Decisions & Profiling
The Service may generate study schedules, reminders, or content suggestions to enhance learning/productivity. These do not produce legal or similarly significant effects about you. You may request human review of a significant decision, where applicable.
14) Third-Party Links
The Service may link to third-party sites or services. Their privacy practices are their own; review their policies.
15) Business Customers & DPA
If you use memoit under a business plan and need a Data Processing Addendum, contact privacy@getmemoit.com. We will process customer personal data on documented instructions, maintain a list of subprocessors available on request, and support audits as contractually agreed.
16) Changes to This Policy
We may update this Policy from time to time. We will post the updated version with a new Effective date and, for material changes, provide notice (e.g., email or in-app). Continued use after the effective date constitutes acknowledgment of the updates.