Privacy Policy
Last updated: July 2026 · Private Alpha
Memora is currently in a private alpha with a small group of invited users. This policy describes what we collect today, in this alpha, and how we handle it. We'll update it as the product changes.
1. What Memora does with your memories
Memora connects to a photo/video source you choose (currently Google Drive, or a sample source for demos) and builds an organized timeline from it. We do not copy or store your original photos or videos. Memora stores a derived intelligence layer instead:
- File names, file types, capture dates, and folder/album context
- Thumbnails — fetched live from your connected source when you view them, not saved on our servers
- Location fields already present in a file's metadata (city/region/country, coordinates), if any
- Events Memora detects by grouping related items, and the confidence/reasoning behind that grouping
- AI-generated story text built only from facts about your own events (dates, locations, item counts) — never invented details
- Corrections you make (renaming an event, editing a story) and confirmations you give
2. Account information
- Email address and display name you provide at signup
- Your password, stored as a salted bcrypt hash — we cannot see or recover your actual password
- If you connect Google Drive: an OAuth access/refresh token, encrypted at rest, and the Google account email associated with that connection
3. Cookies
We use a single session cookie to keep you signed in. It is not used for advertising or cross-site tracking, and we don't use third-party analytics or ad cookies.
4. Who else sees your data
We don't sell your data or share it with advertisers. Data passes through:
- Google — only to read metadata/thumbnails from the specific folder you select, using a read-only permission you grant and can revoke at any time from your Google Account settings or by disconnecting the source in Memora.
- Our hosting providers (Render for the API and database, Vercel for the website) — they run the infrastructure Memora is built on and process data only to do that.
A small internal support team can look up your account and connection status (e.g. is a sync failing) to help troubleshoot. That lookup never shows your photos, stories, or any face/location data, and every lookup is logged.
5. Your controls
From your Privacy Settings page, you can at any time:
- Turn AI story generation on or off
- Export your events, stories, source connections, and corrections as a JSON file
- Delete just Memora's AI-generated interpretations (events, stories) while keeping your indexed photos and connections
- Delete your account entirely — this removes your indexed data, connections, and events/stories, and deactivates your account. A minimal security log of account actions is retained afterward, as described below.
6. Data retention
We keep your data as long as your account is active. If you delete your account, everything tied to it is removed except a security/audit trail (which action happened, when, from what IP) that we retain to detect abuse and meet basic security obligations — it does not include your photos, metadata, or story content.
7. Alpha-specific limitations, told plainly
- Google has not yet fully verified our app, so Google may show an "unverified app" warning during sign-in, and your Google access token currently needs refreshing about once a week.
- Password reset is currently handled manually by our support contact below rather than by automated email — we don't yet operate an outbound email system.
- As an early-stage product, features, this policy, and our security practices may change; we'll do our best to tell active users about material changes.
8. Security
Passwords are hashed with bcrypt and never stored in plain text. OAuth tokens are encrypted at rest. All traffic to Memora is served over HTTPS. Login and signup are rate-limited to slow down automated abuse.
9. Children
Memora is not directed at children, and we don't knowingly collect data from anyone under 13.
10. Contact
Questions, deletion requests, or concerns: privacy@memoratimeline.com.
See also: Terms of Use