Privacy Policy
Last updated: 17 April 2026
The short version: Remembory is designed so that we cannot read your memories, even if we wanted to. Your data is encrypted on your device before it ever reaches our servers. We collect the minimum information needed to operate the service.
1. Our Privacy Architecture
Remembory uses a zero-knowledge design. When you set a password on your Chronicle:
- Your memories, photos, and personal data are encrypted using AES-256-GCM with a key derived from your password (PBKDF2, 200,000 iterations)
- Encryption and decryption happen entirely in your browser
- We store only the encrypted blob — we do not have your password and cannot decrypt your data
- If you use cloud sync, your data is encrypted with your sync passphrase before upload
2. What We Collect
Information you provide
- Email address: Used for licence key issuance and share notifications. Stored as a one-way HMAC hash on our servers — we do not store your email in plain text.
- Payment information: Processed by Stripe or PayPal. We never see or store your card details.
- Contact form messages: If you contact us through the app, we receive your message and any name/email you provide.
Information stored on your device
- Your memories, photos, people, locations, and all Chronicle content are stored in your browser's local storage and IndexedDB
- This data does not leave your device unless you explicitly share, sync, or publish
Information on our servers
- Licence records: Licence key hash, email hash, subscription status, creation date
- Cloud sync: Your encrypted data blob (we cannot read it) and encrypted photos, stored for up to 90 days
- Shares: When you share memories, the shared content is stored temporarily (up to 30 days) so the recipient can retrieve it
- Public profiles: If you choose to publish a profile, the memories you mark as public are stored on our servers
Information we do NOT collect
- No analytics or tracking scripts
- No cookies (the app uses only browser local storage)
- No advertising or marketing trackers
- No third-party analytics (no Google Analytics, no Mixpanel, nothing)
3. How We Use Your Information
- Email hash: to deliver shared memories and licence-related notifications
- Licence key hash: to validate your subscription status
- Contact messages: to respond to your support requests
We do not sell, rent, or share your information with third parties for marketing purposes.
4. Third-Party Services
We use the following services to operate Remembory:
5. Data Retention
- Local data: Stored until you delete it or clear your browser storage
- Cloud sync: Encrypted blobs expire after 90 days of inactivity
- Shared content: Expires after 30 days, or when accepted/declined by the recipient
- Licence records: Retained for the duration of your subscription plus 12 months
- Contact messages: Retained in our email inbox; deleted when no longer needed
6. Your Rights
You have the right to:
- Access: Export all your data at any time via Backup & Restore
- Delete: Remove all data from your device at any time. Request deletion of server-side data by contacting us.
- Portability: Your backup file is a standard JSON format you can use independently of Remembory
- Withdraw consent: Stop using the service at any time. Cancel your subscription through Stripe or PayPal.
For data deletion requests or privacy concerns, contact admin@remembory.net.
7. Children
Remembory is not directed at children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated through the app. The "Last updated" date at the top reflects the most recent revision.
9. Contact
For privacy-related questions or requests:
admin@remembory.net