Memiry Privacy Policy

This Privacy Policy explains how Memiry, Inc. ("we," "us," or "our") collects, uses, discloses, stores, and otherwise processes personal information in connection with Memiry, our websites, applications, communications, and related services (collectively, the "Services").

This policy is written to cover both the current waitlist experience and the product features we expect to offer, including AI-assisted calls, habit support, connected calendar or email features, phone-use or Screen Time features, and related analytics. If we materially change our data practices, we will update this Policy and provide any additional notice required by law.

Business Information and Services

Memiry, Inc. operates Memiry from 500 8th Avenue, FRNT 3 #1608, New York, NY 10018 US. Our website is https://memiry.com. You can contact support at support@memiry.com and privacy support at info@memiry.com.

Memiry provides AI-assisted morning calls, reminders, habit support, profile updates, productivity summaries, and related account communications for users who create an account, join an approved beta program, or otherwise enable those Services.

Scope and Roles

This Policy applies to personal information we process as a business or controller for consumer-facing Services. It does not apply to:

• information processed solely on behalf of enterprise customers under a separate written agreement;
• information subject to a separate healthcare or HIPAA notice, if we later offer regulated clinical services through a covered entity or business associate arrangement; or
• de-identified or aggregated information that cannot reasonably be used to identify you.

Personal Information We Collect

Depending on how you interact with the Services and which permissions or integrations you enable, we may collect the following categories of personal information.

A. Information you provide directly

• Contact and account information: name, email address, phone number, login credentials, profile image, and account preferences.
• Waitlist and support information: waitlist submissions, survey answers, support requests, feedback, and correspondence with us.
• Wellness and habit information: goals, routines, sleep or focus preferences, check-ins, reflections, notes, and other information you choose to share about your habits or state of mind.
• Billing and commercial information: subscription status, plan type, transaction records, and billing contact details. We expect to use third-party payment processors rather than storing full payment card numbers ourselves.
• User content: prompts, messages, notes, connected tasks, uploaded materials, and other content you submit through the Services.

B. Information from calls, messages, and voice features

• Call and messaging data: phone number, time of call, delivery status, call duration, message metadata, and related logs.
• Voice data: if voice features are enabled, we may process call audio, transcriptions, summaries, extracted action items, and quality or safety review data.
• Safety and fraud signals: abuse reports, spam-prevention signals, and records needed to investigate misuse or enforce our Terms.

C. Information from device permissions and integrations

• Phone-use or Screen Time data: if you enable phone-use or Screen Time-related features, we may collect first-use events, schedules, app or category usage signals, focus or downtime signals, and related device-status information made available through your operating system, permissions, or integrations.
• Apple platform and health-related data: if we later support Apple frameworks or permissions involving health, fitness, motion, or similar sensitive Apple platform data, we will collect only the categories you authorize and that are directly relevant to the feature you choose to use.
• Calendar, email, and task data: if you connect third-party accounts, we may receive event titles, dates, times, attendees, task metadata, email metadata, and in some cases message or event content, but only to the extent needed to provide the feature you enable.
• Authentication and integration data: OAuth tokens, refresh tokens, integration scopes, provider account identifiers, and integration health or sync logs.

D. Information collected automatically

• Device and log information: IP address, browser type, operating system, device identifiers, app version, language, time zone, crash logs, and diagnostic events.
• Usage information: pages viewed, clicks, session events, feature usage, referring URLs, and interactions with emails, messages, or in-app notices.
• Cookies and similar technologies: cookie IDs, session identifiers, analytics data, and similar online identifiers used for site functionality, measurement, and security.

E. Inferences and derived data

• Profile and personalization data: inferred routines, preferred call windows, responsiveness, usage patterns, goal completion signals, and other inferences used to tailor the Services.
• Sensitive or health-adjacent inferences: depending on the feature set, we may infer information about sleep patterns, stress, focus, productivity rhythms, or related wellness indicators.

F. Information from third parties

We may receive personal information from identity providers, connected-service providers, telephony providers, analytics vendors, enterprise administrators, and other third parties you direct us to work with.

How We Use Personal Information

We may use personal information for the following purposes:

1. to provide, operate, maintain, and improve the Services;
2. to set up and manage accounts, preferences, integrations, and permissions;
3. to place or coordinate calls, messages, reminders, and other service communications you request or enable;
4. to personalize AI outputs, routines, prompts, scheduling suggestions, and other product experiences;
5. to analyze performance, debug issues, monitor reliability, and improve product quality;
6. to protect the Services, investigate misuse, prevent fraud, and enforce our legal rights;
7. to comply with legal obligations, including security, tax, accounting, and recordkeeping obligations;
8. to communicate with you about support, service updates, safety notices, and, where permitted, marketing communications; and
9. to create aggregated or de-identified insights for internal analytics, research, and product development.

AI Features and Automated Assistance

Memiry may use AI systems, including third-party model providers, to generate calls, summaries, recommendations, schedules, reminders, and other outputs. AI-generated output may be incomplete, inaccurate, or unsuitable for your situation. You should not rely on the Services as a substitute for professional medical, mental health, legal, or financial advice.

Where required by law, we will obtain consent before using personal information in ways that go beyond providing the feature you requested. We do not use customer content, call transcripts, or similar personal information to train third-party general-purpose models. We may use service data internally for operations, safety review, debugging, and product improvement, and we may use aggregated or de-identified information for analytics and research.

Apple Platform and Sensitive-Permission Disclosures

If we offer an iOS, iPadOS, watchOS, or related Apple-platform app, we intend to comply with applicable Apple privacy and data-use requirements, including where relevant Apple App Review Guideline 5.1 and Apple guidance relating to sensitive frameworks such as HealthKit. In particular:

• we will provide a publicly accessible privacy policy and make it available in-app where required;
• we will request access to sensitive device or usage data only for features that reasonably require that access;
• we will provide clear permission descriptions that explain why the data is requested and how it will be used;
• we will provide a reasonably accessible way for users to withdraw consent, disconnect integrations, or disable features, in addition to any system-level controls required by Apple;
• if we later access Apple health, fitness, or other similarly sensitive data, we will not use such data for advertising, marketing, tracking, or use-based data mining in violation of Apple's rules or applicable law; and
• if we disclose any Apple-derived health or fitness data to service providers, we will require them to protect that data consistently with this Policy and applicable law.

At the effective date of this Policy, we do not use HealthKit, Motion & Fitness, or other Apple health-data frameworks. If that changes, we will update this Policy and the relevant in-app permission disclosures before collecting that data.

How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

• Service providers and processors: hosting providers, telephony vendors, messaging vendors, AI model providers, transcription vendors, analytics vendors, authentication vendors, customer support vendors, and payment processors.
• Connected-service providers: calendar, email, task, or device-platform providers when needed to provide connected features.
• Affiliates and corporate group entities: to support internal administration, security, product operations, and lawful business functions.
• Legal and safety recipients: courts, regulators, law enforcement, professional advisors, auditors, and counterparties where required by law or reasonably necessary to protect rights, safety, or the integrity of the Services.
• Transaction counterparties: in connection with an actual or proposed merger, financing, reorganization, sale of assets, bankruptcy, or similar transaction.
• Other parties at your direction: for example, when you share information with another user, a coach, an accountability partner, or a connected service.

We may also disclose aggregated or de-identified information that is not reasonably linkable to you.

We do not sell your personal information, including call data or transcripts, for money. We also do not share personal information for cross-context behavioral advertising.

We do not sell, rent, or share SMS opt-in consent, mobile phone numbers, or text messaging data with third parties or affiliates for their marketing or promotional purposes. Any disclosure of mobile information to telephony, messaging, hosting, security, support, or other service providers is limited to operating, securing, and supporting the Services and is not a sale or sharing for third-party marketing.

Consumer Health Data and Sensitive Personal Information

Some data we process may qualify as sensitive personal information or consumer health data under applicable law. Examples may include wellness-related inputs, mood or stress-related notes, sleep or focus data, voice recordings, call transcripts, precise device-permission data, and inferences about your physical or mental health status.

If applicable law requires consent before we collect, use, or share certain categories of sensitive data, we will seek that consent. We do not sell consumer health data without any authorization required by applicable law. We intend this Policy to serve as our current consumer-health-data notice to the extent such a notice is required for the Services as currently offered.

Cookies, Analytics, and Similar Technologies

We and our service providers may use cookies, SDKs, pixels, local storage, and similar technologies to:

• keep the Services working;
• remember settings and preferences;
• measure performance and engagement;
• detect errors, abuse, or security incidents; and
• support limited attribution or operational measurement where permitted by law.

We do not currently use cookies, SDKs, or similar technologies to sell personal information, share personal information for cross-context behavioral advertising, or serve targeted advertising.

Text Messaging, Consent, and Mobile Communications

If you opt in to SMS, MMS, or similar mobile messaging from us, we may use your phone number and related messaging metadata to send service, account, reminder, support, or, where permitted and separately consented to, promotional communications.

Users opt in to the current Memiry service-messaging program by creating an account, verifying their phone number through one-time passcode verification, and selecting an unchecked SMS consent checkbox near links to this Privacy Policy and our Terms of Use. The consent language presented at opt-in is intended to identify Memiry, Inc. as the sender, describe the message type, state that message frequency varies, state that message and data rates may apply, and explain that users may reply STOP to unsubscribe and HELP for help.

For messaging programs subject to carrier rules, A2P messaging requirements, or vendor compliance requirements, including Twilio policies and A2P 10DLC registration requirements, our practices are intended to include the following:

• we obtain consent before sending messages where consent is required by law or carrier policy;
• consent is specific to the sender and the message program or subject matter, and is not purchased, sold, rented, or transferred;
• where required, we register the relevant brand, campaign, number, or messaging use case before sending applicable A2P traffic;
• initial or program messages identify the sender and explain how to opt out;
• where required by law, carrier rule, or platform policy, we disclose that message frequency may vary and that message and data rates may apply;
• where required for promotional or marketing messages, we obtain prior express written consent that is specific to us and the relevant message program, and that consent is not a condition of purchase;
• recipients may revoke consent at any time using standard methods such as replying STOP where supported;
• we honor opt-out requests and maintain suppression records as needed to prevent further unwanted messages; and
• we provide a HELP or equivalent support path where required by carrier or platform rules.

Our current intended disclosure for service-related messaging programs is substantially as follows: "Memiry service messages. Message frequency varies. Reply STOP to opt out. Reply HELP for help or contact support@memiry.com. Message and data rates may apply." We may adjust wording to fit the exact message program and legal requirements at launch, but the program-specific disclosures will remain materially consistent with this Policy.

Text messages may include account notices, phone-number verification support, wake-call or reminder status, profile or roadmap updates, TODO list processing results, productivity summaries, and similar service-related notices. We do not use SMS consent obtained for the service-messaging program to send unrelated third-party marketing.

Retention

We retain personal information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Policy, comply with law, resolve disputes, and enforce agreements. Retention periods may vary based on the type of data and the feature involved.

If you submit a verified deletion request, we will generally delete or de-identify your waitlist data, account data, call transcripts, optional recordings, sync logs, and related support records within 30 days after the request is verified, unless a longer retention period is required or permitted by law for security, fraud prevention, dispute resolution, tax, accounting, or backup-restoration purposes.

Security

We use technical, administrative, and organizational safeguards designed to protect personal information. Those measures may include access controls, encryption in transit, encryption at rest for certain systems, logging, vendor review, secrets management, and role-based restrictions. No security measure is perfect, and we cannot guarantee absolute security.

If we experience a breach involving personal information, we will comply with applicable breach-notification laws, which may include the FTC Health Breach Notification Rule if applicable to the data and services at issue.

Your Rights and Choices

Depending on where you live and the nature of our processing, you may have rights including:

• to access or know what personal information we collect, use, disclose, or retain;
• to correct inaccurate personal information;
• to delete personal information, subject to exceptions;
• to receive a portable copy of certain personal information;
• to withdraw consent where processing is based on consent;
• to opt out of certain targeted advertising, sale, sharing, or profiling activities where applicable;
• to limit certain uses of sensitive personal information where applicable;
• to appeal a denied privacy request where required by law; and
• if applicable, to revoke permissions for integrations, calls, notifications, cookies, or marketing communications.

California residents may have rights under the CCPA/CPRA, including rights to know, delete, correct, opt out of sale or sharing, and limit certain uses of sensitive personal information. Washington consumers may have rights regarding consumer health data, including rights to access, withdraw consent, and delete. To exercise rights, please use email info@memiry.com with the subject line "Privacy Request" or contact info@memiry.com.

We may need to verify your identity before fulfilling a request. Authorized agents may act on your behalf where permitted by law, subject to verification of authority.

Children's Privacy

The Services are intended only for adults age 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18 without appropriate authorization, we will take steps to delete that information.

International Transfers

If you access the Services from outside the United States, your personal information may be transferred to and processed in the United States and other countries where we or our service providers operate. Those countries may not provide the same legal protections as your home jurisdiction. The Services are currently designed primarily for users in the United States, and if we later actively market the Services in jurisdictions with additional privacy-transfer requirements, we may publish a supplemental notice or addendum.

Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will post the updated version and, where required by law, provide additional notice or obtain additional consent.

Contact Us

If you have questions about this Policy or want to exercise privacy rights, contact:

• Memiry, Inc.
• 500 8th Avenue, FRNT 3 #1608, New York, NY 10018 US
• Privacy contact: info@memiry.com
• Support contact: support@memiry.com