Privacy Policy

How MMRY AI handles your information.

Effective Date: May 15, 2026  ·  Last Updated: May 15, 2026

Overview

MMRY AI is operated by RICO Technologies, LLC. This policy explains what information we collect when you use MMRY AI, how we use it, who we share it with, and the rights you have over it.

We do not sell your personal information. We do not share your memory content for advertising. We do not use your memory content to train AI models.

If you have questions about anything in this policy, email privacy@mmryai.com.

What we collect

Account information

• Name and email address you provide at signup
• Subscription and billing information (handled by our payment processor, Stripe — we do not store full card numbers)
• Communications you send us (support requests, feedback, bug reports)

Memory content

The notes, decisions, preferences, project details, and other content you save through MMRY AI. This is the substantive data of the service. It is yours; you can export it as JSON or deactivate it at any time.

Authentication and session data

• Password hashes (we never store passwords in plaintext)
• JWT access tokens, API keys, and OAuth tokens used by external platforms acting on your behalf
• Login timestamps, IP addresses associated with sessions, and basic browser/device information for security purposes

Usage data

• Which API endpoints you call, how often, and from which platform (Claude Code plugin, ChatGPT GPT, MCP-connected hosts, our website, etc.)
• Error logs and diagnostic information when something goes wrong

Cookies and similar technologies

We use the minimum necessary: a session cookie or token in browser storage to keep you signed in. We do not use third-party advertising or behavioral-tracking cookies.

How we use it

• To deliver the service: store and retrieve your memories, authenticate you, run the platform-integration flows you initiate
• Billing and account management: charge for subscriptions, send receipts, handle cancellations and refunds
• Communications: respond to support requests, send service notices (security alerts, outage notifications, material changes to this policy)
• Product improvement: analyze aggregate and de-identified usage patterns to make MMRY AI better (e.g., which endpoints are slow, which integrations are popular)
• Security: detect abuse, prevent fraud, investigate incidents, satisfy our legal obligations

AI training

We do not train AI models on the content you save in MMRY AI. Your memories are stored to be returned to you, exactly as you wrote them, on demand. They are not used as training data, fine-tuning data, or evaluation data for our models or anyone else's.

When external AI platforms (ChatGPT, Copilot, MCP-connected assistants, etc.) read your memories on your behalf through an OAuth-authorized connection, that platform's own privacy policy governs what it does with the content it sees in that session. We disclose which platforms are connected to your account in the dashboard, and you can revoke any platform's access at any time.

Who we share with

We share information only with service providers strictly necessary to run MMRY AI, and only under contractual confidentiality and data-protection obligations:

• Microsoft Azure — hosting, database, and storage infrastructure
• Stripe — payment processing and subscription management
• Mandrill (Mailchimp Transactional) — transactional emails (sign-up confirmations, password resets, billing notices)

We may disclose information when legally required (subpoenas, court orders, lawful government requests). We may transfer information as part of a corporate transaction (merger, acquisition, sale of assets); if that happens, this policy or a successor policy continues to apply to your data.

We do not sell personal information for monetary or other valuable consideration.

Platform integrations (OAuth)

MMRY AI is designed to be reached from other AI platforms. When you authorize a platform (a ChatGPT GPT, an MCP-connected host, the Claude Code plugin, etc.) through our OAuth 2.0 flow:

• The platform receives an access token scoped to your account
• The platform calls our public API on your behalf to save, search, and load your own memories
• The platform does not gain access to other users' data
• You can see every connected platform on your account page and revoke access in one click; revocation invalidates the tokens immediately

Each platform you authorize has its own privacy policy that governs what it does with the conversation it has with you. Read it before authorizing.

Security

We use technical, physical, and organizational measures appropriate to the sensitivity of the data:

• All data in transit is encrypted (TLS 1.2 or higher)
• Database storage is encrypted at rest by the cloud provider
• Passwords are hashed with industry-standard algorithms; we never see your plaintext password
• API keys and OAuth tokens are hashed at rest; rotating a credential immediately invalidates the prior value
• Access to production systems is restricted, logged, and reviewed

No system is perfect. If you believe you have discovered a vulnerability, please contact security@mmryai.com.

Retention & deletion

We retain your account and memory content for as long as your account is active. If you cancel your subscription, your memories remain accessible through the end of your billing period and you can export them as JSON at any time during that window.

After account closure, we delete or de-identify personal information unless we are required to retain it longer for legal, accounting, or fraud-prevention reasons. Audit logs, billing records, and security incident data may persist beyond account closure for as long as required by law.

You can request deletion of your account and data at any time by emailing privacy@mmryai.com.

Your rights

Subject to applicable law and the limits noted above, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your account and the personal information associated with it
• Export your memory content in a structured, machine-readable format (JSON)
• Object to or restrict certain uses of your information
• Withdraw consent for uses that depend on consent

You can exercise most of these rights from your account dashboard. For anything that requires manual handling, email privacy@mmryai.com and we will respond within 30 days.

International users

MMRY AI is operated from the United States. If you access the service from the European Economic Area, the United Kingdom, Switzerland, or any other jurisdiction with data-protection laws different from those of the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

EEA / UK / Switzerland (GDPR): our legal bases for processing are: (a) contract performance, where processing is necessary to deliver MMRY AI; (b) legitimate interests, including service improvement and security; (c) consent, where you have provided it; (d) legal obligations, where we must process to comply with law. You have the rights described above plus the right to lodge a complaint with your supervisory authority.

U.S. residents (CCPA / state privacy laws): we do not sell personal information and do not share it for cross-context behavioral advertising. You have the rights described above and the right to appeal a denied request. To exercise these rights, email privacy@mmryai.com.

Children

MMRY AI is not directed to individuals under 16, and we do not knowingly collect personal information from anyone under 16. If we learn that a person under 16 has provided us with personal information, we will delete it. If you believe a child has provided us with personal information, contact privacy@mmryai.com.

Changes to this policy

We may update this policy from time to time. The effective date at the top reflects the most recent revision. For material changes, we will notify active subscribers by email and post a notice on the site at least 14 days before the change takes effect.

Contact