Privacy Policy

This Privacy Policy explains how CoreMemories AI Inc. ("CoreMemories", "we", "our", or "us") collects, uses, discloses, and protects personal information in connection with our website, application, and related services (collectively, the "Service"). This policy is intended to comply with applicable data protection and privacy laws, including the Facebook/Meta Platform Terms and Policies, the California Consumer Privacy Act ("CCPA"), the EU/UK General Data Protection Regulation ("GDPR"), and other relevant regulations.

By accessing or using the Service, including by registering or logging in with Facebook Login, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller and Contact Information

The entity responsible for the processing of your personal information is:

2. Information We Collect

We collect personal information in the following ways:

2.1 Information You Provide Directly

This includes information you enter or provide through the Service, such as when setting up your profile, interacting with memory features, or contacting us.

2.2 Information Received Through Facebook Login

When you register or log in to the Service using Facebook Login, you authorize CoreMemories to access certain Facebook account information. We only request the minimum Facebook permissions necessary to operate the Service. Depending on your consent, the following data may be collected:

• public_profile: Name, profile image, and basic profile info (Purpose: Account identification and personalization)
• email: Primary Facebook email address (Purpose: Account verification, login, and support communication)
• user_posts: Posts you created on Facebook (Purpose: To generate personalized memory prompts and insights)
• user_photos: Photos you uploaded to Facebook (Purpose: To generate memory prompts, summaries, and personal timeline features)

We do not receive or collect your Facebook password.

2.3 Automatically Collected Information

When you use the Service, we may automatically collect:

• Device and browser information
• IP address and general geolocation (country/state-level)
• Log data and usage activity
• Cookies and similar tracking technologies

This information is used for security, performance, analytics, and service functionality.

3. How We Use Personal Information

We process personal information for the following purposes:

• To create, manage, and secure your user account
• To provide and improve the Service, including personalized memory prompts and features
• To analyze your authorized Facebook content solely for your personal memory experience
• To communicate with you about your account or data requests
• To ensure legal, regulatory, and platform compliance

We do not use your Facebook data to:

• Sell or rent personal information
• Target advertisements
• Display your Facebook content publicly
• Post to Facebook on your behalf

4. Use of Artificial Intelligence (AI)

We utilize AI technology to generate memory prompts, summaries, and related features. When you authorize us to process your posts or photos, certain data may be sent to our AI service provider solely for processing.

• Data is used only to generate your personal memory output
• Data is not used to train or improve public AI models
• Data is not used to build profiles for advertising or marketing
• No fine-tuning or model training is conducted using user data

5. Legal Basis for Processing (GDPR Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process personal data based on the following legal grounds:

• Consent: When you grant permissions via Facebook Login
• Contract Performance: To provide the Service and personalized features requested by you
• Legitimate Interests: To maintain and improve the Service, security, and support

You may withdraw consent at any time by removing the CoreMemories app from your Facebook account settings.

6. Data Sharing and Disclosure

We do not sell or share personal information with third parties for marketing or advertising. We may share information only with:

6.1 Service Providers and Sub-Processors

We use trusted third-party providers that process data on our behalf under confidentiality and data protection obligations:

• Microsoft Azure – Hosting, servers, and cloud infrastructure (U.S. region)
• OpenAI – AI processing for memory-related features
• Google (Gemini / Google GenAI API) – AI processing and memory retrieval features (RAG)
• ElevenLabs – Voice features (text-to-speech / conversational experiences)
• Twilio – SMS and voice calling features (if enabled by the user)
• Stripe – Payment processing (if paid plans are used)
• Google Analytics – Website analytics and performance

These providers may access personal information only as necessary to provide services to us and cannot use it for their own purposes.

6.2 Legal and Compliance

We may disclose information if required by law, regulation, legal process, or governmental request.

7. International Data Transfers

All personal data is stored and processed in the United States. If you access the Service from outside the U.S., you acknowledge that your information may be transferred to and processed in the United States.

8. Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. If you remove the CoreMemories application from Facebook or request data deletion, we will delete the Facebook-sourced data associated with your account within a reasonable period, not exceeding 30 days.

9. How to Revoke Facebook Permissions

You may revoke our access to your Facebook data at any time by:

1. Logging into your Facebook account
2. Going to Settings & Privacy → Settings → Security and Login → Apps and Websites
3. Removing the CoreMemories app

10. Data Deletion Instructions

To request deletion of Facebook-sourced data and account information, choose one of the following methods:

• Submit an in-app deletion request (if available)
• Email: info@corememories.ai with the subject "Facebook Data Deletion Request"

Once we verify the request, we will delete all personal information and Facebook-sourced data associated with your account within 30 days.

11. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect data from children. If we learn that a child under 13 has used the Service, we will promptly delete their data.

12. California Privacy Rights (CCPA)

If you reside in California, you have the right to:

• Request access to the categories of personal information collected
• Request deletion of personal information
• Opt out of the sale or sharing of information (we do not sell personal information)

To exercise these rights, contact info@corememories.ai.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If material changes are made, we will update the "Last Updated" date and may notify you through the Service. Your continued use of the Service following such changes constitutes acceptance of the revised policy.

14. Contact Us

For questions, concerns, or privacy requests, you may contact us at:

SMS Messaging Policy

You will only receive SMS text messages from Core Memories if you explicitly opt in during registration at our website. Opt-in is not required to use our services.

• Message frequency may vary depending on your interactions with our service.
• Standard message and data rates may apply.
• You can cancel SMS messages at any time by replying STOP. After you send STOP, we will send you a confirmation message and you will no longer receive SMS messages from us.
• For help regarding SMS messages, reply HELP or contact us at support@corememories.ai.
• Mobile numbers are used only to deliver Core Memories account notifications and memory-related prompts. They are never shared or sold to third parties for marketing purposes.
• No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
• Mobile opt-in data and consent will not be shared with any third parties or lead generators.