Privacy Policy
Last updated: May 27, 2026
Your privacy matters to us. This policy explains how MemX collects, uses, and protects your personal information when you use our services.
About This Policy
This Privacy Policy describes how Neural Forge Technologies LLP (registered in India under the Limited Liability Partnership Act, 2008; “we”, “us”, “our”) collects, uses, and protects information when you use MemX (the “Service”).
For purposes of applicable data protection laws, Neural Forge Technologies LLP is the data controller of your personal information. Our registered office is in Bengaluru, Karnataka, India.
If you have questions about this policy or your personal data, contact us at [email protected].
1. Information We Collect
Account Information
When you sign up for early access or create an account, we collect:
- Email address
- Name (when provided)
- Usage preferences and feedback
Content You Store
MemX helps you organize memories and information. We may collect:
- Photos, documents, and files you upload
- Text notes and voice recordings
- Location data (only when you enable location features)
- Metadata associated with your content
Technical Information
We automatically collect certain technical information:
- Device information (browser, operating system)
- IP address and general location
- Usage patterns and app performance data
- Crash reports and error logs
- Cookies and similar technologies (see section 4)
2. How We Use Your Information
We use your information to:
- Provide the Service: Store, organize, and help you find your memories
- Improve MemX: Analyze usage patterns to enhance features
- Communicate: Send important updates, new features, and support responses
- Personalization: Customize your experience based on preferences
- Security: Protect against fraud, abuse, and unauthorized access
- Comply with law: Meet legal, regulatory, and law-enforcement obligations
Lawful basis (for EU/UK users under GDPR)
We process your personal data under the following lawful bases:
- Contract: to provide the Service you signed up for
- Legitimate interest: to improve, secure, and operate the Service
- Consent: for marketing communications and non-essential cookies (where required)
- Legal obligation: to comply with laws and respond to lawful requests
3. AI and Machine Learning Processing
To provide MemX's core features — natural-language search, answers, and understanding of your saved content — we process the content you provide, including your notes, documents, photos, and voice recordings.
Who we share it with
To perform this processing, we send the relevant content to the following third-party AI providers, who act solely as data processors on our behalf under their enterprise terms:
- OpenAI
- xAI
- Anthropic
A given request may use one, some, or none of these providers. We do not share your content with any other third parties for this purpose.
How it's protected
- No training. We use the no-training options each provider offers. These providers are contractually prohibited from using your content to train or improve their models.
- Processor-only role. They may use your content only to process your request and return a result to us — never for their own purposes.
- Equivalent protection. Each provider is bound by data-processing terms that provide protection equivalent to the commitments in this Privacy Policy.
- Encryption. Your data is encrypted on your device, in transit, and at rest on our servers; it is decrypted only as needed to perform the processing described above.
- Access logging. Every AI access generates a tamper-evident audit record.
Your control
You consent to this processing in-app before any content is shared, and you can withdraw consent at any time from Settings → AI Service Provider.
4. Cookies, Analytics, and Session Tools
We use cookies, local storage, and similar technologies to operate the Service, understand how people use MemX, and improve usability.
- Essential: required for the Service to function (e.g. authentication, security, load balancing).
- Analytics: help us understand which features are used, how visitors arrive at the site, and where the experience can be improved.
- Session and usability tools: our analytics may include session recording (mouse movements, clicks, scrolls, page interactions, and form interactions) to help us diagnose usability issues. Password fields are masked.
We use third-party service providers to deliver these analytics and session tools. They process technical information about your visit, not your stored MemX content. We do not use cookies for cross-context behavioral advertising.
5. Data Sharing and Disclosure
We respect your privacy. We do not sell your personal information and we do not share it for cross-context behavioral advertising.
We share data only in these limited cases, and only with service providers bound by data processing agreements that restrict the use of your data to operating MemX on our behalf:
- Cloud hosting and infrastructure: to store and serve your content
- AI processing: to power search, answers, and content understanding (see section 3)
- Analytics and usability tools: to understand how the Service is used (see section 4)
- Transactional and marketing email: to send account notifications and newsletters you have subscribed to
- Bot protection and security: to defend against abuse and attacks
- With your consent: when you explicitly agree to other sharing
- Legal requirements: when required by law or to protect our rights, users, or the public
- Business transfers: in connection with a merger, acquisition, or sale of assets, in which case you will be notified
6. Data Security
We implement industry-standard security measures:
- Encryption: Your data is encrypted in transit and at rest. The master encryption key is stored in Google Cloud KMS hardware security modules.
- Access controls: Operator access is restricted to a small need-to-know set of engineers under strict policy controls, and every access generates a tamper-evident audit log.
- Regular audits: Security assessments and vulnerability testing.
- Secure infrastructure: Our cloud providers maintain SOC 2 Type II compliance.
7. Your Rights and Choices
You have control over your data. Depending on where you live, you may have some or all of the following rights:
- Access: request a copy of the personal data we hold about you
- Rectification: ask us to correct inaccurate or incomplete information
- Erasure (“right to be forgotten”): request deletion of your account and associated data
- Portability: download your data in a portable format
- Restriction or objection: ask us to stop or limit certain processing of your data
- Withdraw consent: withdraw consent at any time for processing based on consent
- Marketing opt-out: unsubscribe from marketing emails using the unsubscribe link in any email or by emailing [email protected]
To exercise any of these rights, email [email protected]. We will respond within 30 days.
Automated decision-making
Our AI-powered search and content understanding constitute automated processing of your personal data. These features do not produce legal or similarly significant decisions about you. You can stop using AI features at any time by deleting your stored content.
Right to lodge a complaint (EU/UK users)
If you are in the European Union or United Kingdom, you have the right to lodge a complaint with your national data protection authority. A list of EU authorities is available at edpb.europa.eu.
California residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to know what personal information we collect, use, disclose, or sell about you
- Right to delete personal information we have collected from you
- Right to correct inaccurate personal information
- Right to opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
- Right to limit the use of sensitive personal information
- Right to non-discrimination for exercising your privacy rights
To exercise these rights, email [email protected]. We do not sell your personal information.
8. Children's Privacy
MemX is not directed at children. We do not knowingly collect personal information from children without verifiable parental or guardian consent.
- India (DPDPA 2023): we treat anyone under 18 as a child. Use of MemX by anyone under 18 requires verifiable parental or guardian consent.
- United States (COPPA): we do not knowingly collect personal information from children under 13.
- European Union (GDPR Art. 8): we follow the digital consent age applicable in each member state (typically 13–16).
If you believe we may have collected information from a child without appropriate consent, please contact [email protected] and we will investigate and delete it as required by law.
9. Data Retention
We retain your information as follows:
- Active users: as long as your account is active
- Deleted accounts: up to 30 days for recovery, then permanently deleted
- Analytics data: anonymized usage data may be retained longer for service improvement
- Backups: deleted data may persist in backups for a short window before being cycled out
- Legal hold: we may retain information longer where required by law or to respond to a legal obligation
10. International Data Transfers
MemX is based in India. If you are using our Service from outside India, your data may be transferred to, stored, and processed in India and in other countries where our service providers operate (including the United States and the European Union). We rely on appropriate safeguards for international transfers, including standard contractual clauses where required.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top, and for material changes we will notify you via email or through the app. Continued use of MemX after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy, want to exercise your rights, or need to make a data-protection request, contact us at:
Neural Forge Technologies LLP
Email: [email protected]
To request account deletion, use Settings > Data & Privacy in the app, or visit our account deletion page.
Change Log
- June 11, 2026 — Expanded the AI processing section: named our AI providers (Google, OpenAI, xAI, Anthropic) as data processors and detailed the no-training, processor-only, encryption, audit-logging, and consent-withdrawal commitments.
- May 27, 2026 — Major update: named Neural Forge Technologies LLP as data controller; added GDPR/CCPA-specific rights, lawful-basis disclosures, and complaint right; added children's privacy section (DPDPA + COPPA + GDPR Art. 8); added cookies/analytics/session-tools disclosure; rewrote AI processing section for accuracy.
- February 17, 2026 — Added specific AI provider disclosures.
- Earlier — Initial publication.