Memorandai Privacy Policy

Effective Date: April 14, 2026 Version: 1.1

The Short Version

Memorandai is a local-first desktop application. It does not collect your data. It does not contain telemetry, analytics, or tracking. It does not “phone home.”

When you choose to route prompts to a cloud AI provider (such as OpenAI, Anthropic, Google, or xAI) using your own API keys, the contents of those prompts travel directly from your device to that provider, under that provider’s privacy policy. Memorandai is never in the middle.

When you purchase a license, the transaction is processed by Polar, which handles payment, receipts, and billing. Polar’s privacy policy governs your transactional data.

When you visit memorandai.com, we use privacy-respecting, cookieless analytics (Cloudflare Web Analytics) to count aggregate page views. No cross-site tracking, no advertising IDs, no behavioral profiling.

That is essentially the entire policy. The rest of this document explains each of those points in more detail.

1. Who We Are

This Privacy Policy is issued by Gary Smith, an individual doing business as Memorandai (Oregon Assumed Business Name, Registry No. 255902992). Throughout this policy, “we,” “us,” and “Memorandai” refer to this same entity.

Principal place of business: 1161 NW Overton St Apt 1313 Portland, OR 97209 United States

Privacy contact: hello@memorandai.com

2. Scope of This Policy

This Privacy Policy covers:

The Memorandai Knowledge Studio desktop application (“the Software”)
The memorandai.com website (“the Website”)
Communications you initiate with us by email

It does not cover:

The third-party AI providers (OpenAI, Anthropic, Google, xAI, and others) that you choose to connect the Software to. Your use of those providers is governed by their respective privacy policies.
Polar, which processes purchases as Merchant of Record. Polar’s privacy policy is available at polar.sh.
Third-party websites linked from our Website or Software.

3. Data Handling in the Software

3.1 What Stays on Your Device

All content you create or import in the Software — including conversations, memories, keystones, knowledge graphs, documents, user profiles, API keys, and license activation records — is stored on your computer’s filesystem. We don’t operate cloud sync, we don’t keep a copy, and we don’t have access. These are files you own and control: you can browse, back up, copy, port to other tools, or permanently delete them using standard operating system tools, entirely independent of the Software.

This local-first design is the foundation of our privacy posture. Privacy isn’t something we promise you on top of a system that could extract your data — it’s a property of the system itself. We can’t lose, leak, sell, or be subpoenaed for data we never receive.

3.2 What We Do Not Collect

The Software does not contain:

Telemetry
Analytics
Usage tracking
Crash reporters that transmit to us
Third-party advertising SDKs
Behavioral profiling
Any mechanism that transmits your personal data, usage patterns, or content to us

The Software does not phone home to Memorandai-controlled servers — we operate none.

3.3 Network Communications That Do Occur

We don’t transmit your data to ourselves, but the Software does make a small, disclosed set of network calls. Each falls into one of four categories, every one of which is either initiated by your action, required for license enforcement, or operates only with your consent:

(a) License activation. First-time activation requires a one-time online request to the license validation service operated by Polar (our Merchant of Record). The request contains your license key and basic device identifiers required to enforce the per-license device limit (3 concurrent activations). After initial activation, the Software does not require continuous internet connectivity for license validation. Polar’s privacy policy at polar.sh governs how Polar handles activation data.

(b) Third-party AI provider calls. When you send a prompt to a cloud AI provider you have configured (OpenAI, Anthropic, Google, xAI, or any other AI service you connect, including custom endpoints and aggregators such as OpenRouter), the contents travel directly from your device to that provider, under that provider’s privacy policy. Memorandai is never in the middle. See Section 4 for more.

(c) User-invoked external tool calls. When you explicitly invoke tools that require external services — such as web search (Tavily, DuckDuckGo), Wikipedia lookups, news search, model downloads from HuggingFace, or other on-demand external integrations — the Software contacts the relevant service on your behalf. These calls are initiated by your action and do not occur in the background.

(d) Software update checks. If you have not disabled update checks in Settings, the Software periodically contacts our update server (currently GitHub Releases) to determine whether a newer version is available. The request transmits only the current Software version, your operating system, and your CPU architecture — no personal data, no usage data, no identifiers. You can disable update checks at any time in Settings.

The Software does not initiate background network requests for analytics, telemetry, advertising, behavioral profiling, or remote diagnostics.

3.4 Credential Storage

API keys, license keys, and other credentials you provide are stored locally on your device and encrypted at rest using machine-specific keys. These credentials are never transmitted to us.

4. Third-Party AI Providers

When you configure the Software to use a cloud AI provider and send a prompt, the contents of that prompt — including any context, memories, or documents you have chosen to include — travel directly from your device to that provider. We do not operate a proxy, relay, or intermediary server for this traffic. We do not receive, intercept, log, or retain copies of your prompts or responses.

Each AI provider has its own privacy policy, data handling practices, and retention terms:

OpenAI: openai.com/policies/privacy-policy
Anthropic: anthropic.com/legal/privacy
Google (Gemini): policies.google.com/privacy
xAI (Grok): x.ai/legal/privacy-policy

If you connect the Software to additional AI providers not listed above — including custom endpoints, self-hosted models exposed via HTTP, aggregators such as OpenRouter, or other AI services we may add in future versions — the same direct-routing principle applies: your prompts travel from your device to that provider under that provider’s privacy terms. Memorandai is not in the middle and does not receive copies.

It is your responsibility to review and comply with the terms and privacy practices of any provider you connect to.

4.1 Local Models

When you use the Software’s built-in local inference (running models on your own hardware), your prompts do not leave your device at all. No third-party provider is involved, and no network request is made for the inference itself.

5. Purchase Data (Polar as Merchant of Record)

When you purchase a license to the Software, the transaction is processed by Polar Software Inc. (“Polar”) as our Merchant of Record. Polar collects the information required to process your payment, determine applicable tax, issue receipts, and provide transactional support.

We do not receive your payment card information or any financial account data. From Polar, we receive only the information necessary to fulfill your order and provide support, which typically includes:

Your email address
Your name (as entered at checkout)
The country/region you purchased from (for tax purposes)
Your license key and activation history
Purchase date and amount

We use this information to deliver your license, provide customer support, and communicate about the Software (e.g., release notes, important updates). We do not sell or share this information with third parties for marketing.

Polar’s own privacy policy governs the data they collect during checkout. See polar.sh for details.

If you request a refund within the 14-day window described in the EULA, the refund is processed by Polar. If you submit your refund request to us at hello@memorandai.com instead of through Polar’s customer portal, we will coordinate with Polar to process it on your behalf — this means we may share your email address and order reference with Polar to identify the transaction.

6. Website Data (memorandai.com)

6.1 Analytics

The Website uses privacy-respecting, cookieless analytics (Cloudflare Web Analytics) to count aggregate page views, referrers, and general geographic region at the country level. This data is not associated with individual visitors, does not use cookies, and does not track you across other sites.

6.2 No Cross-Site Tracking

We do not use third-party advertising pixels, retargeting tags, or behavioral profiling tools on the Website.

6.3 Hosting and Server Logs

The Website is hosted on Cloudflare Pages. Cloudflare may maintain standard server logs for security, abuse prevention, and infrastructure operation (e.g., IP addresses, request timestamps, user-agent strings). These logs are handled under Cloudflare’s privacy policy (available at cloudflare.com/privacypolicy) and are not accessed by us except in the event of a security incident.

If and when we add an email signup form or contact form to the Website, we will update this policy to describe what information is collected and how it is used. As of the Effective Date above, no such forms are in operation.

7. Email Communications

If you contact us at hello@memorandai.com or another Memorandai-associated email address, we will receive the contents of your email (including your email address and any information you include). We use this information to respond to your inquiry and provide support.

Emails are handled through our email provider; we do not share their contents with third parties except as required by law.

8. Children’s Privacy

Use of the Software requires the user to be at least 18 years of age, as set out in the End User License Agreement. The Software and the Website are not directed at minors. As a statutory backstop required by COPPA and equivalent laws, we additionally do not knowingly collect personal information from anyone under 13 (or the equivalent minimum age in the relevant jurisdiction). If you believe we have inadvertently collected information from a minor, please contact us at hello@memorandai.com and we will delete it promptly.

9. Your Rights

9.1 Access and Control — Your Data Is Already Yours

Because the Software stores your data locally on your own device, you already have complete access to it. You can view, export, back up, modify, or permanently delete your data using standard operating system tools, without any request to us. We do not hold a copy.

9.2 Purchase and Communication Records

For information we receive from Polar (purchase records) or through email correspondence, you may contact us at hello@memorandai.com to:

Access: Request a copy of the information we hold about you.
Correct: Request correction of inaccurate information.
Delete: Request deletion of your records, subject to legal and tax-recordkeeping obligations (typically requiring us to retain transaction records for at least 4 years).
Object / Restrict: Request that we stop using your information for a particular purpose.
Portability: Request an export of your records in a portable format.

We will respond to requests within thirty (30) days of receipt. If your request is complex or we receive a high volume of requests, we may extend this period by up to two additional months and will notify you of the extension and the reason.

9.3 California Residents (CCPA / CPRA)

If you are a California resident, you have the rights described in Section 9.2 under the California Consumer Privacy Act and California Privacy Rights Act. We do not sell or share personal information as defined by those laws. We do not use sensitive personal information for profiling or for purposes beyond what is described in this Policy. You may designate an authorized agent to make a request on your behalf.

9.4 Other US State Privacy Laws (Virginia, Colorado, Connecticut, Texas, and others)

Residents of US states with comprehensive privacy laws (including but not limited to Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, Utah UCPA, Oregon OCPA, and others as enacted) have rights substantially similar to those described in Section 9.2. If we deny a privacy rights request, you may appeal that decision by replying to our denial email or contacting hello@memorandai.com with the subject line “Privacy Rights Appeal.” We will respond to appeals within sixty (60) days.

If you are located in the European Union, United Kingdom, or European Economic Area, you have the rights described in Section 9.2 under the GDPR and UK GDPR.

Categories of personal data we process (received from Polar or through email):

Identity data: name, email address
Transaction data: license key, purchase date, purchase amount
Tax-relevant data: country/region of purchase
Communication data: contents of any email correspondence with us

Purposes: to deliver and support your license, to fulfill our tax and recordkeeping obligations, and to respond to your inquiries.

Legal bases on which we process this data:

Contract (Art. 6(1)(b)): Processing necessary to fulfill your license purchase and provide support.
Legitimate interest (Art. 6(1)(f)): Responding to your inquiries and operating the Website. You may object to processing on this basis at any time.
Legal obligation (Art. 6(1)(c)): Complying with tax and business-recordkeeping requirements.

Recipients: Polar (Merchant of Record); our email service provider; tax authorities and accountants where legally required; courts or regulators if compelled by lawful process.

International transfers: We are based in the United States. Data you provide may be processed in the US or other countries. See Section 12.

Right to lodge a complaint: You have the right to lodge a complaint with the data protection supervisory authority in your country of residence.

10. Data Retention

Software data: Retained on your device indefinitely under your control; we hold no copy.
Purchase records: Retained for at least four (4) years from the date of transaction, as required by US tax recordkeeping rules. May be retained longer for legitimate business purposes.
Email correspondence: Retained for as long as necessary to provide support and maintain a record of communications, typically no longer than three (3) years. You may request earlier deletion of your correspondence by emailing hello@memorandai.com, and we will honor the request unless retention is required by law (e.g., for an unresolved legal matter).
Analytics data: Retained by Cloudflare per their standard retention periods; we do not maintain a separate copy.

11. Security

We take reasonable measures to protect the limited information we receive:

API keys, license keys, and credentials in the Software are encrypted at rest using machine-specific keys.
Purchase records received from Polar are stored in access-controlled systems.
Email accounts are protected with strong authentication.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, and you acknowledge this inherent risk.

12. International Data Transfers

We are based in the United States. If you are located outside the United States, any information you provide or that is transmitted on your behalf (such as prompt data sent to a US-based AI provider) may be processed in the United States or other countries that may have different data protection laws than your country of residence. By using the Software or Website, you acknowledge this transfer, storage, and processing.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the revised Policy on memorandai.com with a new Effective Date, and where reasonably possible, by notice through the Software’s update notification system. We will not retroactively reduce your privacy rights with respect to data we already hold about you without your express consent. If a revised Policy materially changes how we handle your personal data going forward and you do not agree, you may stop using the Software and the Website and request deletion of your records as described in Section 9.

14. Contact

For questions about this Privacy Policy, to exercise any of the rights described in Section 9, or to report a privacy concern, please contact:

Gary Smith, dba Memorandai 1161 NW Overton St Apt 1313 Portland, OR 97209 United States Email: hello@memorandai.com

By using Memorandai Knowledge Studio or the memorandai.com website, you acknowledge that you have read and understood this Privacy Policy.