Nemory — Privacy Policy

Last updated: May 29, 2026

Who we are

“Nemory” (“we”, “our”, the “Service”) is an AI-powered journaling app.

Privacy contact: nemoryai.diary@gmail.com.

If a legal entity or EU/UK representative is appointed, we will update this Policy.

What we do (product)

Nemory is a personal growth platform that combines private journaling, AI-powered reflections, goals and habits tracking, and a community space where users can participate in discussions.

Users can:

• create personal journal entries (text, images, styles/backgrounds);
• track mood, habits, and goals;
• receive AI analysis, reflections, and tips;
• use an AI chat that can reference relevant past entries and user-specific memory;
• create community topics and comments;
• interact with content published by other users in the Nemory Community;

The app is designed as offline-first: your private journal content lives primarily on your device in an encrypted local database. We do not store your private journal entries, journal images in our server database.

Private journal content and community content are treated differently. Journal entries remain private to the user and are stored locally on the user's device. Community content, including topics, comments, replies, reactions, reports, and public profile information, is stored on our servers and may be visible to other users of the Service.

Monetization: subscriptions via App Store / Google Play with regional pricing, purchase restore, and receipt verification.

Where your data lives

1. On your device (local storage)

• All journal entries, including text, images, tags, styles/backgrounds, and AI comments, are stored locally on your device in an encrypted database.
• The encryption key is stored securely on your device (for example, in a secure keychain/secure storage mechanism provided by the OS).
• We (Nemory) do not have direct access to this local database.

2. Backups of your journal (user-controlled)

• Inside the app, you can create an encrypted backup of your local database.
• This backup file can be exported and stored wherever you choose (for example, cloud drives, email, local storage).
• The backup is encrypted with a password that you set. We do not know this password and cannot decrypt or restore the backup for you.
• You are responsible for:
  • safely storing the backup file;
  • remembering the backup password;
  • deciding where to keep or share the backup.

3. Our servers

Our servers store data needed to operate the Service, manage accounts and subscriptions, provide community features, maintain safety, and diagnose technical issues.

This includes:

• Account data:
  • name or nickname (if provided);
  • email address (if used/verified);
  • id from Google (if you sign in via Google);
• Public community profile data:
  • username (if provided);
  • avatar (if provided);
• Community content and interactions:
  • topics created by users;
  • comments and replies;
  • reactions, bookmarks, watched topics, read states, and other community interactions;
  • reports submitted by users;
  • moderation records, moderation notes, and enforcement actions.
• Subscription/plan data:
  • current plan / subscription status;
  • basic info needed to restore purchases (store receipts/tokens/identifiers from App Store / Google Play);
• Payment / billing history:
  • records required to verify subscriptions, handle refunds/disputes, and comply with legal/accounting obligations;
• Technical and analytics data:
  • event logs (for example: app actions, errors, performance metrics);
  • device/OS/app version, timestamps, IP address (for security and diagnostics);
  • high-level analytics about how features are used (in aggregate).

How AI processing works

When you use AI features (AI comments, analysis, chat, “ask anything”):

• your device selects the current entry and, if needed, similar/related entries from the local encrypted database.
• a context (prompt) is built locally from these entries and user-specific memory.
• this context is sent to our backend and then forwarded to one or more third-party AI providers to generate a response.
• we do not send payment tokens, subscription identifiers, or your email / Google ID as part of the AI prompt.
• where possible, we configure AI providers not to use submitted content for training their models beyond providing the service.

We may store limited technical metadata about AI requests (e.g. timestamps, token counts, error codes) for billing, abuse prevention, and diagnostics.

Community Features

Nemory includes community features that allow users to create topics, publish comments, reply to other users, react to content, and participate in discussions.

You should not publish sensitive personal information, financial information, passwords, private health information, or other confidential information in public community areas.

Users may edit or delete community content they create, subject to technical limitations, moderation actions, legal obligations, and abuse-prevention requirements.

Community Moderation

To help maintain a safe and respectful environment, community content is reviewed using automated systems and human moderation.

Moderation may include:

• automated detection of spam, abuse, harassment, hate speech, dangerous content, or other violations;
• review of user reports;
• manual moderation actions performed by authorized moderators or administrators;

We may remove content, restrict visibility, suspend community privileges, temporarily restrict participation, or permanently disable access to community features when content or behavior violates our Community Guidelines, Terms of Service, applicable laws, or platform policies.

Moderation decisions may be based on automated systems, human review, or a combination of both.

Reports and Safety

Users may report topics, comments, profiles, or other community content that they believe violates community rules or applicable laws.

When a report is submitted, we may collect:

• the reported content;
• the reporting user;
• timestamps;
• moderation notes;
• enforcement actions and investigation records;

This information is used to investigate abuse, enforce community standards, protect users, and improve platform safety.

How we use server-side data

We use the server-side data described above to:

• create and manage user accounts;
• provide and verify subscriptions, restore purchases, and handle refunds/disputes;
• secure the Service, detect abuse, and debug issues;
• understand overall feature usage in aggregate (without reading your journal content);
• send essential service communications (e.g. email verification, security notices);
• provide community features and public user profiles;
• moderate community content and enforce Community Guidelines;
• investigate reports, abuse, spam, fraud, and security incidents;
• prevent misuse of community features;

We do not use your journal entries for advertising. We do not sell personal data.

Retention

• local journal data (entries, images, AI dialogs, local memory) remains on your device until you delete entries, delete the app, or overwrite the local database (for example, by restoring another backup). We do not control this storage;
• account and subscription data on our servers is kept while your account exists and as long as necessary for billing, security, and legal obligations;
• technical logs are typically kept for up to 30 days with regular cleanup;
• server-side database backups may be kept for up to 30 days;
• payment and subscription records may be kept longer in de-identified or pseudonymised form if required by law or for dispute handling;
• community content may remain available until deleted by the author, removed by moderators, or otherwise removed in accordance with our policies;
• reports, moderation records, and abuse-prevention records may be retained for a reasonable period to investigate violations, prevent repeated abuse, resolve disputes, and protect the Service;

Deletion and inactivity

You can request deletion of your account:

• in the app (Settings → Profile → Delete account), or
• via a link provided on our website.

When an account is deleted:

• account identifiers, name, email, and Google ID (if any) are deleted or de-identified;
• subscription and payment records are retained only as needed for legal/accounting purposes, without an active link back to your profile where possible;
• logs are removed according to the retention period above.

Automatic deletion for inactive accounts:

If an account has no active subscription and there is no activity for 90 days, we may delete the account and associated server-side data as described above.

If a subscription remains active (for example, the user continues to pay), we do not automatically delete the account solely due to inactivity.

Deleting your account does not automatically delete local journal data or backup files stored by you. To remove them, you must delete entries and/or uninstall the app and delete any backup files you created.

Community content may remain visible after account deletion where permitted by law, unless removed, anonymized, or deleted in accordance with our policies.

We may retain moderation records, reports, and abuse-prevention information after account deletion where necessary to protect the Service, investigate violations, comply with legal obligations, or prevent repeated abuse.

Children’s privacy

Our Service is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you are a parent/guardian and believe your child has provided us with personal data, contact nemoryai.diary@gmail.com and we will delete it.

Community Guidelines

Users of the Community are expected to interact respectfully and responsibly.

Content that may be removed includes, but is not limited to:

• spam and unsolicited advertising;
• harassment, bullying, or threats;
• hate speech or discriminatory content;
• sexual exploitation or sexually abusive content;
• content promoting self-harm or violence;
• illegal activities;
• fraudulent, deceptive, or malicious content;
• content that violates the rights of others;

Violations may result in content removal, temporary restrictions, permanent restrictions, or account-related enforcement actions.

Security

We use technical and organisational measures to protect data, including:

• encryption in transit (TLS) between the app, our servers, and AI providers;
• encryption of the local journal database on your device, with keys stored in OS-level secure storage;
• access controls and least-privilege permissions on server infrastructure;
• logging and monitoring for security-relevant events, with limited retention.

No system can be guaranteed 100% secure, but we aim to follow industry best practices.

Changes to this Policy

We may update this Policy. If we make changes, we will post the updated version on this page and update the date at the top. Changes take effect when posted. Please review this page periodically to stay informed about what information we collect and how we use it.