Skip to main content

Last updated:2026-04-30

Memory Copilot — Privacy Policy

Effective Date: 2026-04-30 — DRAFT v0.1, founder review pending. This document is a working draft prepared by the founder ahead of legal counsel review. It is not legal advice. Final language will be reviewed by qualified counsel before public launch.

This Privacy Policy explains what personal data Memory Copilot (“Memory Copilot”, “we”, “us”, or “our”) collects, how we use it, who we share it with, and the choices you have. It applies to the Memory Copilot mobile applications (iOS and Android), the web properties at memorycopilot.sanva.tk, and any related services (collectively, the “Service”).

The Service is operated by Sanva Independent Developer (the “Operator”). If you have any questions about this policy, contact us at privacy@sanva.tk.

1. Data We Collect

We collect only what is necessary to operate the Service. Specifically:

1.1 Account data

  • Email address — when you sign up with email, or as provided by Sign in with Apple / Sign in with Google.
  • Apple / Google account identifier — the opaque user identifier returned by Apple Sign-In or Google Sign-In. We do not receive your Apple ID password or Google password.
  • Display name and profile picture — optional; only if you set one in the app.

1.2 User content

  • Memories — the text, images, and links you choose to save into Memory Copilot.
  • Chat messages — the messages you send to the AI agent and the responses returned.
  • Container metadata — names, slugs, member roles, and invitation status of memory containers you create or join.

1.3 Subscription data

  • In-App Purchase receipts — provided by Apple App Store or Google Play, verified through RevenueCat.
  • Subscription status, plan, and expiry — synced from RevenueCat to our backend.

1.4 Device and diagnostic data

  • Device model, OS version, and app version — for compatibility and crash diagnostics.
  • Push notification token — if you enable push notifications.
  • Crash reports and performance data — collected by Sentry, with stack traces and breadcrumbs.
  • IP address — captured at the network edge for abuse prevention; not retained beyond what is necessary.

1.5 What we do not collect

  • We do not collect your contacts, photo library (we only access an image you explicitly attach), location, microphone, or biometrics.
  • We do not sell your personal data to anyone.

2. How We Use Your Data

We use the data above to:

  1. Provide the Service — authenticate you, store and retrieve your memories, run AI recall over your data, and synchronize across your devices.
  2. Process subscriptions — verify entitlement, handle upgrades and renewals.
  3. Communicate with you — invitation emails for shared memory spaces, security and account notices, and transactional updates.
  4. Improve quality — diagnose crashes, monitor performance, and fix bugs. We do not use your memories or chat content to train AI models.
  5. Comply with law — respond to lawful requests and enforce our Terms.

We do not use your memories or chat content for advertising, profiling, or any third-party marketing.

3. Third-Party Processors

To operate the Service, we share narrowly scoped data with the following processors. Each is contractually bound to confidentiality and to use your data only for the purposes described below.

ProcessorPurposeRegionData shared
Anthropic, PBCClaude Haiku 4.5 — conversational AI agentUnited StatesYour chat messages, retrieved memory snippets, system prompts
Google LLCGemini Embeddings (gemini-embedding-001)United StatesMemory text fragments to compute vector embeddings
Supabase, Inc.Authentication, Postgres database, Edge FunctionsHosted region: us-east-1Account data, subscription status, container metadata, invitations
RevenueCat, Inc.Subscription management & receipt validationUnited StatesApple/Google receipts, anonymous app user ID
Resend, Inc.Transactional email (invitations, security notices)United StatesRecipient email and email body
Sentry (Functional Software, Inc.)Crash reporting and performance monitoringUnited States / EUStack traces, breadcrumbs, device info
Apple Inc. / Google LLCApp Store / Google Play distribution and IAPGlobalReceipt data and platform user identifier

3.1 No model training on your content

Anthropic does not use Memory Copilot user inputs or outputs to train its models when accessed via the Anthropic API under our commercial agreement. Google does not use Gemini API inputs or outputs to improve its products when accessed via the paid Gemini API. We rely on the published policies of these vendors as of the Effective Date and will update this policy if those policies change.

3.2 What we send to the AI providers

When you chat with Memory Copilot, we forward to Anthropic:

  • The current chat messages,
  • Relevant memory snippets retrieved from your container(s),
  • System prompts and tool definitions.

We forward to Google embeddings only the memory text that needs to be vectorized for semantic search. We do not include your real name, email address, or other directly identifying account fields in those payloads beyond what you yourself wrote.

4. International Data Transfers

The Service is operated from Hong Kong SAR. The processors listed above are primarily based in the United States. If you are located in the European Economic Area, the United Kingdom, or other regions with data export rules, your data may be transferred to and processed in countries that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on the European Commission’s Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms.

5. Data Retention

  • While your account is active — we retain your memories, chat messages, container metadata, and account data for as long as you use the Service.
  • After you delete your account — we trigger a cascade deletion across our database, vector index, and shared container memberships. The cleanup completes within 72 hours of your request. Backup snapshots may persist for up to 30 days, after which they are overwritten or deleted.
  • Diagnostic data — Sentry retains crash and performance data for up to 90 days.
  • Invitation tokens — pending invitations expire 7 days after creation; expired records are purged within 30 days.
  • Legal retention — limited records may be retained beyond the periods above where required by law (e.g., tax records of paid subscriptions).

6. Account Deletion

You can delete your account at any time:

  1. In-app — Settings → Account → Delete Account → confirm.
  2. From the web — visit /delete-account for the full step-by-step guide.

When you delete your account:

  • Your memories, chat history, and shared container memberships are removed.
  • Apple Sign-In tokens are revoked per App Store guideline 5.1.1(v).
  • Pending invitations you sent are revoked.

Deletion is permanent. We cannot recover deleted data.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — delete your data (see Section 6).
  • Portability — request a machine-readable export of your data (Markdown export is on the roadmap; in the interim, contact us).
  • Restriction / Objection — restrict or object to certain processing.
  • Withdraw consent — where processing is based on consent, withdraw it.
  • Lodge a complaint — with your local data protection authority.

To exercise any of these rights, email privacy@sanva.tk. We respond within 30 days.

8. Children’s Privacy

Memory Copilot is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe we have collected such data, contact privacy@sanva.tk and we will delete it promptly. In the European Economic Area, the minimum age is 16 (or the lower age set by your member state).

9. Security

We use industry-standard practices to protect your data:

  • Transport-layer encryption (TLS 1.2+) for all network traffic.
  • Encrypted at rest where supported by the underlying processor.
  • Row-level security policies on Supabase Postgres so users can only access their own data.
  • API tokens scoped to each user; admin keys never live on user devices.
  • Apple App Store and Google Play handle payment data; we never see your card.

No system is perfectly secure. If you suspect unauthorized access to your account, contact security@sanva.tk immediately.

10. Cookies & Web Tracking

The Memory Copilot website uses only essential cookies (e.g., theme preference). We do not use third-party advertising cookies, behavioral tracking, or fingerprinting. No analytics SDK is loaded on the marketing site.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the Effective Date at the top.
  • Notify you in-app and (for material changes) by email at least 7 days before the change takes effect.
  • Continue to apply the previous version to data already collected, where required.

12. Contact

For privacy questions, requests, or complaints:

  • Emailprivacy@sanva.tk
  • Postal — Sanva Independent Developer, Hong Kong SAR (mailing address available on request)
For questions about this document, contact support@sanva.tk.