Memrith LLC, a Tennessee limited liability company, is the controller of the personal information described in this policy. References to "Memrith," "we," "us," and "our" refer to Memrith LLC. We can be reached at legal@memrith.com and at the postal address in Section 15.
We deliberately collect as little personal information as possible. The categories below are exhaustive for ordinary use of the Service:
| Category | Examples | How collected |
|---|---|---|
| Account / transaction | Name, email, billing country, payment method (last four digits and brand only), License Key | Provided to Polar at checkout (Polar is the Merchant of Record; see Section 6) |
| Support communications | Your email, the content of your message, attachments you choose to send | You email legal@memrith.com |
| Category | What it is | Why |
|---|---|---|
| License activation label | A short label of the form Memrith on <hostname>, plus the timestamp of activation. We hash this label server-side when used for repeat-trial enforcement so the raw hostname is not retained. |
Activate the License Key, enforce device-activation limits, prevent repeat-trial abuse |
| Update-check pings | HTTP request to fetch the release manifest at memrith.com/releases/latest.json. Includes the User-Agent string (Memrith/<version>) and your IP address, as with any HTTP request. |
Auto-update the Software |
| Entitlement checks | HTTP request to www.memrith.com/api/entitlement to issue or refresh the signed entitlement stored on your device. Includes the User-Agent string and your IP address; carries your license identifier, never your entries, memory, or conversations. |
Confirm your license is valid and issue the signed entitlement |
| Crash reports (opt-in, off by default) | If, and only if, you opt in: stack traces, error messages, software version, OS version. Personal information is filtered out before sending (file paths under $HOME are replaced with ~; stack-frame local variables are dropped; API-key-shaped strings are redacted). |
Diagnose and fix bugs |
| Category | What it is | Why |
|---|---|---|
| Server logs | IP address, User-Agent, requested URL, timestamp, referrer | Standard web hosting (Vercel); used to operate the Site and protect against abuse |
Memrith does not, in its ordinary course of operation:
We use the limited information described in Section 2 only for:
If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal data are:
We share personal information only with the following categories of recipients, each acting under a written agreement with appropriate protections:
| Recipient | Role | Why |
|---|---|---|
| Polar (Polar Software Inc.) | Merchant of Record; payment + licensing processor | Handles the entire purchase transaction, license-key issuance, sales-tax / VAT / GST collection and remittance, refunds, and customer billing communications. Their privacy policy governs their processing. |
| Vercel | Website + serverless hosting | Hosts memrith.com and our update-manifest and entitlement endpoints. Receives server-log data. |
| GitHub | Release binary hosting | Hosts the downloadable installers on a public release mirror. Standard HTTP logs. |
| Hugging Face (Hugging Face, Inc.) | On-device model hosting | On first launch, Memrith downloads the local embedding model used for on-device search (~130 MB) from Hugging Face's servers — a one-time download to your machine. Like any download, it exposes your IP address to their servers in standard HTTP logs. No entries, memory, or account data are sent. |
| Sentry (Functional Software, Inc.) | Crash reporting (opt-in only) | Receives crash reports only if you have opted in. Personal information is scrubbed before sending. |
| Upstash / Vercel KV (if enabled) | Optional repeat-trial throttle storage | Stores only hashed install-labels for the purpose of preventing repeat-trial abuse. |
| Your AI Provider (e.g., Anthropic, OpenAI, OpenRouter) | Independent controller — not our processor | You contract directly with the AI Provider using your own API key. Your prompts and selected portions of your data are sent to them under their own terms and privacy policy. Memrith is not party to that processing. |
| Law enforcement, regulators, courts | Legal compliance | When required by valid legal process or to protect rights, safety, or property. |
| Successor entities | Corporate transactions | In the event of a merger, acquisition, financing, or sale of assets — subject to confidentiality and your continued rights under this policy. |
Memrith is based in the United States. If you are located outside the U.S. (including in the EEA, UK, Switzerland, or Canada), the limited personal information described in Section 2 will be transferred to and processed in the United States and other countries where our service providers are located. Where required, we rely on the European Commission's Standard Contractual Clauses (or UK equivalents) for such transfers; the same applies to our sub-processors (Polar, Vercel, Sentry, GitHub, Hugging Face). You may request a copy of the safeguards we use by emailing legal@memrith.com.
We keep information for only as long as necessary for the purposes for which it was collected, unless a longer period is required by law:
We use commercially reasonable technical and organizational measures, including: TLS encryption for data in transit; restricted access to administrative systems; secrets stored in encrypted environment variables; signed software updates (Ed25519) so users can verify the authenticity of the update they install; signed entitlement files where applicable; and ongoing monitoring.
Memrith is local-first by design, which itself materially reduces our and your exposure: the body of your data never leaves your device.
Data at rest on your device. Memrith stores your data on your local disk in standard application files. Your device's operating system (file-system permissions, FileVault on macOS, BitLocker on Windows, your login password) is the security boundary for that data. Memrith does not add an additional encryption layer at rest. If your device is shared or its disk is unencrypted, treat that as the relevant security boundary.
No security measure is perfect. If we become aware of a personal data breach affecting you, we will notify you and the relevant regulators where required by applicable law, in the timelines required by law.
Depending on where you live, you may have some or all of the following rights with respect to your personal information. To exercise any of them, email legal@memrith.com from the address associated with your account. We will respond within the timelines required by applicable law (no later than 30 days under most regimes; we will tell you if we need an extension).
If you are a California resident:
To exercise these rights, email legal@memrith.com. We will verify your request as required by law (typically by matching identifiers you provide against our records). You may designate an authorized agent to act on your behalf with appropriate written authorization.
If you are a resident of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Tennessee (TIPA), or another U.S. state with a comprehensive privacy law, you may have rights similar to those described above (access, deletion, correction, opt-out of certain processing, appeal of denials). To exercise them, email legal@memrith.com from the address on your account.
If you are in Canada, you have rights of access and correction with respect to your personal information, and you may withdraw consent subject to legal or contractual restrictions. Contact us at legal@memrith.com. You may also contact the Office of the Privacy Commissioner of Canada or, for Québec residents, the Commission d'accès à l'information.
The memrith.com marketing website sets no cookies, runs no third-party analytics, advertising, or tracking scripts, and creates no fingerprint or behavioural profile of visitors. The site loads static HTML, CSS, JavaScript, and images served by Vercel; aside from the single strictly-necessary item disclosed below, no session, identifier, or persistent storage is created in your browser by us. If we add analytics or any other non-essential cookies in the future, we will update this policy and obtain consent where required by law.
Strictly-necessary storage we use. The site stores a single key in sessionStorage — memrith.privacy.ack — when you click "Got it" on the no-tracking notice banner. This is solely to avoid re-showing the banner on every page navigation within the same browser session. It clears automatically when you close the browser tab and contains no identifier, profile, or behavioural data. Under the EU ePrivacy Directive (Article 5(3)) and equivalent UK rules, storage that is "strictly necessary for the provision of a service explicitly requested by the user" does not require prior consent; the dismiss-banner preference is, in our reasonable view, exactly that.
The only external service called from the website itself is Formspree (United States), used to deliver the email-signup form. When you submit the form, your email address (and only that) is transmitted to Formspree, which forwards it to us. Formspree may set cookies on its own form-handling domain as part of submission; those are governed by Formspree's privacy policy. We do not embed Formspree into the page in a way that creates cookies on the memrith.com domain.
The Polar checkout flow (visitors are routed to the Polar-hosted checkout page from the Buy button) is operated by Polar and may set cookies necessary for the checkout. Polar's cookies are governed by its own privacy and cookie notices.
The Memrith desktop application stores its own configuration on the device where you run it (see Sections 1–3); none of that is a "website cookie".
The Service is not directed to children under the age of 13 (or 16 where required by local law). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact legal@memrith.com and we will delete it.
Some browsers transmit "Do Not Track" or "Global Privacy Control" (GPC) signals. We do not currently respond to DNT signals because there is no industry consensus on how to interpret them. We treat valid GPC signals received via the memrith.com website as an opt-out of "sale" or "sharing" of personal information for California residents, to the extent any such activity occurs (note that we do not currently sell or share personal information).
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. If we make material changes, we will provide additional notice (for example, an in-app banner or email to active customers) before they take effect. Your continued use of the Service after a revised policy takes effect constitutes acceptance, except where additional consent is required by law.
Memrith LLC
Attn: Privacy
752 Bench Ln
Mount Juliet, TN 37122, U.S.A.
Email: legal@memrith.com
If you are in the EU/EEA or the UK and would like to use the postal channel, the address above is the correct one; we currently do not have an EU representative under GDPR Art. 27 because we do not meet the threshold criteria. We will appoint one if and when required.