Privacy Policy

We collect information you provide directly to us when you create an account or connect integrations:

Account data: Name, email address, and password (stored as a bcrypt hash).

Integration tokens: When you connect GitHub, Slack, Google, or Zoom, we receive and store OAuth access tokens encrypted at rest using AES-256-GCM. We store only the minimum scopes required for each integration.

Project data: Code commits, pull requests, Slack messages, and other content you explicitly sync to Memnox. This data is indexed in a vector database to power the AI memory engine.

Usage data: Token counts, API call logs, and billing events for invoicing and abuse prevention. We do not sell usage data to third parties.

We use the information we collect to:

• Provide, operate, and improve the Memnox platform
• Index your project data into the AI memory engine so you can query it
• Process billing and subscriptions via Stripe
• Send transactional emails (subscription confirmations, usage alerts)
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations

We do not use your project content to train AI models. Your data is used solely to answer queries within your own workspace.

All data is stored in encrypted form at rest. OAuth tokens are encrypted with AES-256-GCM before being written to the database. Passwords are hashed with bcrypt (cost factor 12). Connections to our database and vector store use TLS in transit.

Access to production systems is restricted to authorised personnel and protected by multi-factor authentication. We conduct regular security reviews and apply patches promptly.

Memnox uses the following sub-processors:

• Stripe — payment processing and subscription management
• Anthropic / OpenAI — large language model inference (your queries are sent to these providers; they are subject to their own data policies)
• Pinecone / ChromaDB — vector storage for AI memory
• Redis — caching and job queues
• PostgreSQL — primary relational database

We share only the minimum data necessary with each sub-processor. We do not sell your data to advertising networks or data brokers.

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate fraud prevention purposes.

Project memory data (indexed commits, messages, etc.) is deleted when you disconnect the relevant integration or delete your workspace.

Depending on your jurisdiction, you may have the right to:

• Access a copy of your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to certain processing
• Data portability (receive your data in a machine-readable format)

To exercise any of these rights, email us at privacy@memnox.app. We will respond within 30 days.

Memnox uses a single session cookie to maintain your authentication state. We do not use tracking cookies or third-party analytics cookies. We do not use advertising cookies.

Memnox is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a banner in the app at least 14 days before the changes take effect. Continued use after the effective date constitutes acceptance.

For any privacy questions or to exercise your data rights, contact us at:

privacy@memnox.app

We aim to respond within 5 business days.