Nemory — Privacy Policy

Last updated: November 22, 2025

Who we are

“Nemory” (“we”, “our”, the “Service”) is an AI-powered journaling app.

Privacy contact: nemoryai.diary@gmail.com.

If a legal entity or EU/UK representative is appointed, we will update this Policy.

What we do (product)

Nemory is a personal journal with AI support. Users can:

• create personal entries (text, images, styles/backgrounds);
• track mood, habits, and goals;
• receive AI analysis, reflections, and tips;
• use an AI chat that can reference relevant past entries and user-specific memory.

The app is designed as offline-first: your journal content lives primarily on your device in an encrypted local database. We do not store your journal entries on our servers.

Monetization: subscriptions via App Store / Google Play with regional pricing, purchase restore, and receipt verification.

Where your data lives

1. On your device (local storage)

• All journal entries, including text, images, tags, styles/backgrounds, and AI comments, are stored locally on your device in an encrypted database.
• The encryption key is stored securely on your device (for example, in a secure keychain/secure storage mechanism provided by the OS).
• We (Nemory) do not have direct access to this local database.

2. Backups of your journal (user-controlled)

• Inside the app, you can create an encrypted backup of your local database.
• This backup file can be exported and stored wherever you choose (for example, cloud drives, email, local storage).
• The backup is encrypted with a password that you set. We do not know this password and cannot decrypt or restore the backup for you.
• You are responsible for:
  • safely storing the backup file;
  • remembering the backup password;
  • deciding where to keep or share the backup.

3. Our servers

Our servers store only limited account-related and technical data, specifically:

• Account data:
  • name or nickname (if provided);
  • email address (if used/verified);
  • id from Google (if you sign in via Google);
• Subscription/plan data:
  • current plan / subscription status;
  • basic info needed to restore purchases (store receipts/tokens/identifiers from App Store / Google Play);
• Payment / billing history:
  • records required to verify subscriptions, handle refunds/disputes, and comply with legal/accounting obligations;
• Technical and analytics data:
  • event logs (for example: app actions, errors, performance metrics);
  • device/OS/app version, timestamps, IP address (for security and diagnostics);
  • high-level analytics about how features are used (in aggregate).

We do not store your journal entries (text or images) in our server database.

How AI processing works

When you use AI features (AI comments, analysis, chat, “ask anything”):

• Your device selects the current entry and, if needed, similar/related entries from the local encrypted database.
• A context (prompt) is built locally from these entries and user-specific memory.
• This context is sent to our backend and then forwarded to one or more third-party AI providers to generate a response.
• We do not send payment tokens, subscription identifiers, or your email / Google ID as part of the AI prompt.
• Where possible, we configure AI providers not to use submitted content for training their models beyond providing the service.

We may store limited technical metadata about AI requests (e.g. timestamps, token counts, error codes) for billing, abuse prevention, and diagnostics.

How we use server-side data

We use the server-side data described above to:

• create and manage user accounts;
• provide and verify subscriptions, restore purchases, and handle refunds/disputes;
• secure the Service, detect abuse, and debug issues;
• understand overall feature usage in aggregate (without reading your journal content);
• send essential service communications (e.g. email verification, security notices).

We do not use your journal entries for advertising. We do not sell personal data.

Retention

• Local journal data (entries, images, AI dialogs, local memory) remains on your device until you delete entries, delete the app, or overwrite the local database (for example, by restoring another backup). We do not control this storage.
• Account and subscription data on our servers is kept while your account exists and as long as necessary for billing, security, and legal obligations.
• Technical logs are typically kept for up to 30 days with regular cleanup. Push.
• Server-side database backups may be kept for up to 30 days.
• Payment and subscription records may be kept longer in de-identified or pseudonymised form if required by law or for dispute handling.

Deletion and inactivity

You can request deletion of your account:

• in the app (Settings → Profile → Delete account), or
• via a link provided on our website.

When an account is deleted:

• account identifiers, name, email, and Google ID (if any) are deleted or de-identified;
• subscription and payment records are retained only as needed for legal/accounting purposes, without an active link back to your profile where possible;
• logs are removed according to the retention period above.

Automatic deletion for inactive accounts:

If an account has no active subscription and there is no activity for 90 days, we may delete the account and associated server-side data as described above.

If a subscription remains active (for example, the user continues to pay), we do not automatically delete the account solely due to inactivity.

Deleting your account does not automatically delete local journal data or backup files stored by you. To remove them, you must delete entries and/or uninstall the app and delete any backup files you created.

Children’s privacy

Our Service is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you are a parent/guardian and believe your child has provided us with personal data, contact nemoryai.diary@gmail.com and we will delete it.

Security

We use technical and organisational measures to protect data, including:

• encryption in transit (TLS) between the app, our servers, and AI providers;
• encryption of the local journal database on your device, with keys stored in OS-level secure storage;
• access controls and least-privilege permissions on server infrastructure;
• logging and monitoring for security-relevant events, with limited retention.

No system can be guaranteed 100% secure, but we aim to follow industry best practices.

Changes to this Policy

We may update this Policy. If we make changes, we will post the updated version on this page and update the date at the top. Changes take effect when posted. Please review this page periodically to stay informed about what information we collect and how we use it.