Privacy Policy

1. Who we are

Memcone is operated by Milkyroad B.V., registered in Amsterdam, the Netherlands (KvK 83840559). We provide a persistent memory API for AI applications and coding agents. Questions about this policy: privacy@memcone.com.

2. Data we collect

• Account data — email address, hashed password (or OAuth provider ID), and subscription status when you sign up.
• API usage data — timestamps, endpoint names, latency, and compute unit counts per API key. We do not log request or response bodies by default.
• Memory content — the facts, decisions, and context strings you store via /v1/remember. This data belongs to you and is used solely to serve your retrieval requests.
• Payment data — handled entirely by Stripe. We store only your Stripe customer ID; we never see raw card numbers.
• Log data — server-side error logs and diagnostic traces retained for up to 30 days.

3. How we use your data

• To authenticate you and operate your account.
• To store and retrieve memory content in response to your API calls.
• To calculate and display usage metrics and billing in your dashboard.
• To send transactional emails (account confirmation, billing alerts, plan changes). We do not send marketing email without explicit consent.
• To detect abuse and enforce rate limits.

4. Legal basis (GDPR)

For users in the EEA and UK, we process personal data on the following bases:

• Contract — processing necessary to provide the service you signed up for.
• Legitimate interests — security monitoring, fraud prevention, and product improvement using aggregated, anonymised data.
• Legal obligation — where required by Dutch or EU law.

5. Data sharing

We do not sell your data. We share it only with:

• Stripe — payment processing.
• Railway / cloud infrastructure — hosting and database services, operating under data processing agreements.
• Law enforcement — only when required by a valid legal order.

6. Data retention

Account and memory data is retained for as long as your account is active. If you delete your account, all associated data (memories, API keys, usage records) is purged within 30 days. Aggregated, anonymised usage statistics may be retained indefinitely.

7. Your rights

You have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email privacy@memcone.com. We respond within 30 days.

8. Cookies

We use a single session cookie for authentication. We do not use third-party tracking cookies or advertising pixels.

9. Security

All data in transit is encrypted via TLS. Data at rest is encrypted by the infrastructure provider. API keys are hashed before storage. We conduct periodic security reviews.

10. Changes to this policy

We will notify registered users by email of material changes at least 14 days before they take effect. The effective date at the top of this page reflects the most recent revision.