MemoAIr
Join the waitlist
← Back to home

Privacy Policy

Effective May 26, 2026

1. Introduction

At Memoair, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered document management platform.

2. Roles of the Parties (Controller / Processor)

For account creation, billing, website analytics, security logs, and support operations, Memoair acts as a controller (data fiduciary). For Customer Content uploaded by an Organization, Memoair acts as a processor/service provider on behalf of that Organization.

3. Information We Collect

We collect information provided directly by you, from connected third-party services you authorize, and from cookies/analytics technologies.

Categories of data include:

  • Account data: name, business email, role, organization name, and password hash or authentication provider ID.
  • Billing data: billing address, GST/VAT details, and payment status. We do not store full card numbers, which are handled by payment processors.
  • Usage and technical data: feature usage events, interaction logs, IP address, and device/browser information.
  • Customer Content: files, text, metadata, and connector content (such as Drive files, emails, and calendar events) based on enabled features and authorized scopes.
  • AI inputs and outputs: prompts, retrieved snippets, related metadata, and generated outputs.
  • Support data: tickets, support chat logs, call recordings (if any), and related attachments.

Please do not submit sensitive personal data (for example health information, biometrics, passwords, or financial account numbers) unless explicitly necessary and you are authorized to do so. Customer is responsible for the categories of data it chooses to upload and process through the Services.

4. Legal Bases for Processing

  • Contract necessity: to provide and operate the Services.
  • Legitimate interests: to secure, improve, and maintain reliability of the Services.
  • Consent: where required, including marketing and non-essential cookies.
  • Legal obligations: for tax, compliance, lawful requests, and audit requirements.

5. How We Use Information

  • To deliver search, retrieval, workflow, and AI response features.
  • To authenticate users, manage subscriptions, and process billing.
  • To monitor performance, prevent abuse, and improve service quality.
  • To provide support and respond to legal or compliance requests.

6. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential cookies: authentication, session management, security, and core functionality.
  • Analytics cookies: usage analytics, product performance, and service improvement insights.

You can manage cookies through browser settings and in-product cookie settings/banner controls where available. Blocking essential cookies may affect platform functionality. At this time, our Services do not respond differently to browser "Do Not Track" signals.

7. Information Sharing and Subprocessors

We do not sell personal information. We share data only as needed to provide the Services, fulfill legal obligations, and support customer authorized workflows.

Recipients may include:

  • Infrastructure and hosting providers.
  • Authentication and identity services.
  • Payments and billing processors.
  • Email and notification providers.
  • Analytics and observability providers.
  • AI model providers, vector database services, and related infrastructure providers.

We maintain an up to date list of subprocessors and will provide it on request. Enterprise customers may request advance notice of material subprocessor changes where contractually agreed.

8. International Data Transfers

Data may be processed outside your jurisdiction. Where required by law, we rely on approved transfer mechanisms, including Standard Contractual Clauses (SCCs) and other lawful safeguards.

9. Security Safeguards

We implement reasonable technical and organizational safeguards, including:

  • Encryption in transit (TLS).
  • Access controls and least privilege controls.
  • System monitoring and security logging.
  • Backups and recovery procedures.
  • Incident response processes.

No method of transmission over the internet or electronic storage is 100% secure.

10. Data Retention

We retain personal data and Customer Content only as long as necessary for service delivery, security, legal compliance, and legitimate business purposes. Organization administrators may configure or request retention/deletion where available. Data may persist in backups for a limited period after deletion, consistent with backup retention cycles.

11. Breach Notification

If we become aware of a confirmed data breach affecting Customer or User data, we will notify affected customers/users and competent authorities as required by applicable law, within timelines required by applicable law and with an initial notification target of 7 to 15 business days where feasible.

12. Privacy Rights and India DPDP Grievance Process

  • Right to access information about personal data processing.
  • Right to correction and updating of inaccurate data.
  • Right to erasure, subject to legal and contractual limits.
  • Right to withdraw consent where processing is consent based.

India users may submit grievances through the contact details below. We respond within timelines prescribed by applicable law and target an initial response within 7 to 15 business days.

13. Children's Privacy

Memoair is a business product and is not intended for children. We do not knowingly collect personal information from minors. If we learn such data has been collected, we will take reasonable steps to delete it.

14. AI Training and Product Improvement

We do not use Customer Content to train foundation models by default, and we configure provider controls to restrict training where supported.

We may send necessary inputs (including prompts, retrieved text snippets, outputs, and related metadata) to AI model providers to generate responses. We may also process limited operational logs to secure and improve service reliability. Enterprise customers may request reduced diagnostic retention or stricter handling controls where supported/configured.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through product notices, account communication channels, or updated publication date on this page.

16. Contact Us

For privacy requests, complaints, or DPDP grievances, contact:

  • Grievance Officer: Grievance Officer (Memoair Privacy Team)
  • Privacy / Grievance: support@memoair.space
  • Address: Bengaluru, Karnataka, India

This Privacy Policy is effective as of May 26, 2026.