Legal
Last updated: May 25, 2026 · Effective immediately
We believe your memory is yours. Here's exactly what we collect, why, and what we never do with it.
The short version: We collect only what's necessary to provide the service. We never sell your data. We never use it for advertising or AI model training. You can export or delete everything at any time from Settings in the app.
When you use Live capture or Meeting mode in a meeting workspace:
We do not join your video call as a bot. We do not sell recordings. You can delete meetings (transcripts and stored chunks) or your entire account at any time.
Consent: You are responsible for obtaining consent from other participants before recording or transcribing meetings, as required by your local laws.
If you use the desktop tray app, you generate a desktop token in Settings. We store only a hash of that token on our servers — not the token itself after display. The token lets the desktop app upload audio chunks to your account on your behalf. Revoke access by deleting the token row in Settings (generate a new token) or deleting your account.
We use the Anthropic API to generate briefs, summaries, and answers. Under Anthropic's commercial API terms, your content is not used to train Anthropic's models. We do not use your data to train our own models. Prompts and responses are processed to provide the service to you only.
We use the following processors to run Mnemonic. They process data only on our instructions, for the purposes listed:
| Processor | Location | Purpose |
|---|---|---|
| Supabase, Inc. | United States | Database, authentication, row-level security |
| Anthropic PBC | United States | AI briefs, summaries, Q&A (no model training) |
| Google LLC | United States | OAuth sign-in and Calendar API (read-only) |
| Resend, Inc. | United States | Transactional email (briefs, product mail) |
| Vercel Inc. | United States | Application and website hosting |
| AssemblyAI, Inc. | United States | Speech-to-text and speaker diarization (when enabled) |
| Deepgram, Inc. | United States | Speech-to-text fallback (when enabled) |
| Lemon Squeezy | United States | Payment processing (Merchant of Record) when paid plans launch |
We do not sell your data. We do not share it with advertisers. Ever. A living list is maintained at docs/security/subprocessors.md.
Mnemonic integrates with Google Calendar. When you connect your Google account, we access the following data:
calendar.readonly)We request read-only access to Google Calendar. We do not create, modify, delete, or share your calendar events. We do not access Gmail, Google Drive, or any other Google service.
Calendar data is fetched when you click "Sync Google Calendar," when you open the app (background sync, at most every few hours), or via our scheduled sync job if configured. We do not access Gmail or contacts outside your events.
All Google user data is:
Mnemonic's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
Mnemonic is not a HIPAA-compliant or medical-device service. Do not use Mnemonic to store protected health information (PHI), patient records, or other data subject to healthcare-specific regulations unless you have obtained appropriate legal review and contractual agreements. For hospital or clinical workflows, contact us before use.
All data is encrypted in transit (TLS) and at rest on our infrastructure providers. Each account's data is isolated with database row-level security (RLS). API keys and secrets are never exposed in the browser. We review access and dependencies regularly. If we discover a breach that affects your data, we will notify you within 72 hours at the email on your account.
For privacy inquiries, data subject requests, or complaints under applicable Korean law:
If we make material changes to this policy, we'll email you at least 30 days before they take effect. You'll always be able to find the latest version at mnemonic.fyi/privacy.