Privacy Policy

1. Introduction

Memento AI ("Memento", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered memorial portrait generation service.

We understand that you trust us with deeply personal content, including photos of loved ones and deceased family members. We take this responsibility seriously and handle all data with the highest level of care, security, and respect.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not use our Service. By using Memento AI, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us when creating an account or using our Service:

• Account Information: Name, email address, password (encrypted)
• Profile Information: Optional profile photo, display preferences, language settings
• Communication Data: Support tickets, emails, feedback, and correspondence with our team

2.2 Payment Information

We collect payment information through our third-party payment processor, Creem:

• Transaction Data: Purchase amount, date, subscription type, payment status
• Billing Details: Name, billing email (processed by Creem, not stored by us)
• Payment Methods: Credit card information is handled exclusively by Creem; we never receive or store complete credit card numbers

Note: Payment processing is PCI-DSS compliant through Creem. See Creem's privacy policy for details on how they handle payment data.

2.3 Automatically Collected Information

When you visit and use our Service, we automatically collect certain information:

• Device Information: IP address, browser type, browser version, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent on pages, click patterns, navigation paths
• Log Data: Access times, error logs, API requests, referring URLs
• Cookies and Tracking: Session cookies, authentication tokens, analytics cookies, preference cookies

2.4 Uploaded Photos & Generated Content

As a memorial portrait generation service, we collect and process photos you upload. This is the core of our Service and deserves special attention:

Photos You Upload (Source Images)

When you create a portrait, we collect:

• Image Files: 2-8 photographs you upload for combination into a single portrait
• File Metadata: File size, format (JPEG, PNG, etc.), upload timestamp, original filename
• Generation Parameters: Your chosen style (color or black-and-white), composition preferences
• User Context: User ID, account type (free trial, paid, subscription), generation quota status

Important: These photos may contain sensitive personal information, including images of deceased individuals. We understand the emotional significance of memorial photos and treat all uploaded images with the utmost care, security, and confidentiality. Photos are stored encrypted in secure cloud storage and are never shared publicly or used for any purpose other than generating your requested portrait.

Generated Portraits (Results)

We store AI-generated portraits created for you:

• Portrait Images: High-resolution generated portraits (up to 4096×4096 pixels)
• Generation Metadata: Creation date and time, processing duration, AI model used, generation status
• Generation History: Record of all your generations including success/failure status

Generation Activity Data

• Quota Usage: Number of generations used and remaining in your account
• Generation Timestamps: When each portrait was requested and completed
• Status Tracking: Processing status (pending, processing, completed, failed, timeout)
• Refund History: Automatic quota restoration records for technical failures
• Error Logs: Technical error messages if generation fails (no photo content stored in errors)

2.5 Information from Third-Party Services

If you authenticate using Google OAuth, we receive:

• Basic Profile: Name, email address, profile picture (if you consent)
• Authentication Tokens: OAuth tokens for maintaining your session
• Account Verification: Confirmation that your email is verified by Google

You can revoke access to your Google account at any time through your Google account settings.

3. How We Use Your Information

We use the information we collect for the following specific purposes:

3.1 Provide Our Core Service

• AI Portrait Generation: Process your uploaded photos through our AI pipeline to create memorial portraits
• Account Management: Create and maintain your user account, manage authentication and sessions
• Generation Quota System: Track your available generations (free trial, one-time purchases, subscriptions)
• Payment Processing: Process purchases through our payment partner Creem
• Generation History: Store your portrait generation history for easy access and re-download

3.2 Communicate with You

• Transactional Emails: Purchase confirmations, generation completion notifications, quota updates
• Account Notifications: Password resets, email verification, security alerts
• Customer Support: Respond to your questions, feedback, and support requests
• Service Updates: Important changes to our Terms of Service or Privacy Policy
• Marketing Communications: Promotional emails about new features or offers (only with your consent; you can opt-out anytime)

3.3 Improve and Secure Our Service

• Service Optimization: Analyze usage patterns to improve portrait quality and processing speed
• Bug Fixes: Identify and resolve technical issues and errors
• Security Monitoring: Detect and prevent fraud, abuse, and security threats
• Quality Assurance: Review generation failures to improve success rates
• Feature Development: Develop new styles, features, and capabilities based on anonymized usage data

3.4 Legal and Compliance

• Comply with Laws: Fulfill legal obligations and respond to lawful requests
• Enforce Policies: Enforce our Terms of Service and detect policy violations
• Protect Rights: Defend our legal rights and interests
• Financial Compliance: Maintain records for tax and accounting purposes

Important: We do NOT use your uploaded photos to train our own AI models. However, third-party AI services we use (OpenRouter, Google Gemini) process your photos according to their own policies. See Section 4.1 for details.

4. How We Share Your Information

We share your information only in specific circumstances and with trusted partners who help us provide our Service. We never sell your personal information or photos to third parties.

4.1 With AI Service Providers

Your uploaded photos are processed by third-party AI services to generate portraits. This is essential to our Service:

Service Providers:

• OpenRouter: API gateway that routes requests to AI models
  Privacy Policy
• Google Gemini: AI vision model for image processing and portrait generation
  Terms of Service
• N8N: Workflow automation platform for managing generation tasks and callbacks

What These Services Receive:

• Your uploaded photos (2-8 images per generation)
• Generation parameters (style preferences: color or black-and-white)
• Unique task identifier for tracking generation status

What These Services Do NOT Receive:

• Your name, email address, or other personal identifiers
• Your payment information
• Your account details or subscription status
• Any information linking photos to your identity

Third-Party Data Usage Policies:

Memento AI does not use your photos to train our own AI models. However, third-party AI service providers have their own policies:

• OpenRouter states they do not use API data to train their models
• Google Gemini API terms indicate that data sent via API is not used to train general-purpose models
• Both providers' policies are subject to change; we recommend reviewing their privacy policies before uploading sensitive photos
• We have selected AI providers with strong privacy commitments and industry-leading security

Data Transmission Security:

• All photos transmitted via encrypted HTTPS (TLS 1.3) connections
• Processed asynchronously through secure N8N workflow with HMAC-SHA256 signature verification
• Results returned to our secure storage and associated with your account
• No photos stored permanently by AI service providers

Your Consent: By using our Service, you acknowledge and consent to your photos being processed by these third-party AI services for the purpose of generating your memorial portraits.

4.2 With Storage Providers

• Cloudflare R2: Secure cloud storage for uploaded photos and generated portraits
  • Source photos stored at: portraits/sources/
  • Generated portraits stored at: portraits/results/
  • All data encrypted at rest and in transit
  • Automatic deletion based on retention policies (see Section 6)

4.3 With Payment Processors

• Creem: Secure payment processing for subscriptions and one-time purchases
  • PCI-DSS compliant payment handling
  • Processes credit card information (we never see full card numbers)
  • Handles subscription billing and renewals
  • Sends payment confirmation webhooks to our system

4.4 With Communication Services

• Resend: Email delivery platform for transactional emails
  • Purchase confirmation emails
  • Generation completion notifications
  • Account notifications (password resets, verifications)
  • Support correspondence

4.5 With Authentication Providers

• Google OAuth: Optional Google sign-in authentication
  • Verifies your identity using your Google account
  • Provides us with basic profile information (name, email, profile photo)
  • You can revoke access anytime through your Google account settings

4.6 For Legal Purposes

We may disclose your information when required by law or to:

• Comply with legal obligations, court orders, or lawful government requests
• Respond to valid subpoenas or legal process
• Protect our rights, privacy, safety, property, or that of our users
• Enforce our Terms of Service and investigate violations
• Prevent fraud, security threats, or illegal activities

4.7 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service before your information becomes subject to a different privacy policy.

4.8 With Your Consent

We may share your information for any other purpose with your explicit consent. For example, if you agree to allow us to showcase your generated portrait as an example on our website, we will obtain your written permission first.

5. Data Security

We implement comprehensive technical and organizational security measures specifically designed for handling sensitive memorial photos and personal information:

5.1 Encryption

• In Transit: All data transmitted using TLS 1.3 encryption (HTTPS)
• At Rest: Photos and portraits encrypted in Cloudflare R2 storage using AES-256
• End-to-End: Secure transmission from your device → our servers → AI processing → storage
• Database Encryption: Sensitive data encrypted at the database level

5.2 Access Controls

• Role-Based Access Control (RBAC): System administrators have limited access based on job function
• Multi-Factor Authentication (MFA): Required for all admin accounts
• Principle of Least Privilege: Employees can only access data necessary for their role
• Regular Access Audits: Quarterly reviews of who has access to what data
• Secure Authentication: Password hashing with bcrypt, secure session management

5.3 Infrastructure Security

• Storage: Cloudflare R2 with enterprise-grade security, DDoS protection, and 99.9% uptime SLA
• Processing: Secure N8N workflow with HMAC-SHA256 signature verification for all webhooks
• Payment: PCI-DSS compliant payment processing through Creem (we never handle card data)
• Authentication: Industry-standard OAuth 2.0 with Google; Better Auth for session management
• Hosting: Secure, geo-redundant cloud infrastructure with automatic backups

5.4 Monitoring & Incident Response

• Continuous Monitoring: 24/7 automated security monitoring and alerting
• Threat Detection: Real-time detection of suspicious activities and potential breaches
• Logging & Auditing: Comprehensive logs of all system access and data operations
• Incident Response Plan: Documented procedures for handling security incidents
• Breach Notification: We will notify affected users within 72 hours of discovering a breach
• Regular Security Assessments: Periodic vulnerability scans and penetration testing

5.5 Data Isolation

• User Separation: Each user's photos and portraits are isolated in separate storage buckets
• No Cross-User Access: Technical safeguards prevent accidental mixing of user data
• Secure Deletion: When you delete content, it is securely overwritten and cannot be recovered
• Account Isolation: Your generation history and settings are private to your account

5.6 Third-Party Security Standards

All our third-party service providers are vetted for security and compliance:

• SOC 2 Type II: Annual audits verifying security controls (where applicable)
• GDPR Compliance: EU data protection standards
• ISO 27001: Information security management certification
• Regular Audits: Independent third-party security assessments
• Data Processing Agreements: Signed contracts ensuring data protection standards

5.7 Employee Training

• All employees complete annual security and privacy training
• Specific training on handling sensitive memorial content with respect and confidentiality
• Background checks for employees with data access
• Confidentiality agreements and non-disclosure obligations

Important Disclaimer: While we implement industry-leading security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly addressing any security concerns and continuously improving our security posture.

6. Data Retention

We retain different types of data for varying periods based on their purpose, legal requirements, and your account status:

6.1 Source Photos (Uploaded Images)

Retention Period: 30 days after generation completion

Photos you upload are stored in our secure Cloudflare R2 storage at the path portraits/sources/. These source photos are:

• Encrypted during transmission and storage
• Used solely for generating your requested portrait
• Automatically deleted 30 days after portrait generation is complete
• Cannot be recovered once deleted from our systems

Why we delete source photos: To protect your privacy and minimize data storage, especially given the sensitive nature of memorial photos. We recommend keeping your own backups of original photos.

6.2 Generated Portraits (Results)

Generated portrait images are stored at portraits/results/ with retention based on how the portrait was created:

• Paid Generations: Stored permanently and accessible anytime through your account
  Includes portraits from one-time purchases and subscription quotas
• Free Trial Generations: Retained for 30 days, then automatically deleted
  We encourage you to download your free trial portrait within this period
• Failed Generations: Temporary error files deleted within 7 days
  No usable portraits stored for failed attempts

Important: While we strive to maintain permanent storage for paid portraits, we recommend downloading and saving copies of important portraits for your personal archives. Technical issues or service changes may affect long-term accessibility.

6.3 Account Data

• Active Accounts: Retained as long as your account remains active
• After Account Deletion: All personal data, photos, and portraits permanently deleted within 30 days
• Inactive Accounts: Accounts inactive for 2+ years may be deleted with 30 days advance notice via email
• Exception: We may retain certain data if required by law or for legitimate business purposes (e.g., resolving disputes)

6.4 Transaction Records

Payment and subscription records are retained for longer periods to comply with legal and financial requirements:

• Payment History: Retained for 7 years for tax and accounting purposes
• Subscription Records: Active subscription data retained during subscription period + 7 years
• Invoices & Receipts: Retained for 7 years as required by financial regulations
• Refund Records: Retained for 7 years for accounting and dispute resolution

Note: Transaction records do not include photos or portraits, only metadata (amount, date, product purchased).

6.5 Generation History Metadata

• Metadata Retention: Generation logs and metadata retained for 1 year
• Includes: Timestamps, status (completed/failed), quota usage, model used, processing duration
• Does NOT Include: The actual photos or portrait images (those follow their own retention rules)
• Purpose: Analytics, troubleshooting, and service improvement

6.6 Email Communications

• Support Correspondence: Retained for 3 years for quality assurance and training
• Marketing Emails: Subscription records retained until you unsubscribe
• Transactional Emails: Logs retained for 1 year for delivery verification

6.7 Analytics & Log Data

• Usage Analytics: Anonymized usage data retained for 2 years
• Server Logs: Technical logs retained for 90 days
• Security Logs: Retained for 1 year for incident investigation

6.8 Manual Deletion Requests

You can request deletion of your data at any time by:

• Deleting specific portraits through your account settings (immediate removal)
• Closing your account (all data deleted within 30 days)
• Emailing support@mementoai.net with specific deletion requests

Deleted content is typically removed from our active systems within 24 hours, with complete deletion from backups within 30 days.

7. Your Rights and Choices

Depending on your location, you have certain rights regarding your personal information. We respect these rights and provide tools to exercise them easily.

7.1 Your Privacy Rights

Access and Portability

You have the right to request access to your personal information and receive a copy in a structured, commonly used, machine-readable format (JSON). This includes:

• Account information and profile data
• Generation history metadata
• Payment and subscription records
• Communication history with our support team

Correction and Update

You can request that we correct or update inaccurate, incomplete, or outdated personal information. You can update most information directly through your account settings.

Deletion ("Right to Be Forgotten")

You can request deletion of your personal information, subject to certain legal exceptions. This includes:

• Your account and profile information
• Uploaded source photos (automatically deleted after 30 days anyway)
• Generated portraits
• Generation history

Note: We may retain certain information if required by law (e.g., financial records for tax purposes) or for legitimate business interests (e.g., preventing fraud).

Objection and Restriction

You can object to or request that we restrict certain processing of your personal information, such as:

• Marketing communications (opt-out anytime)
• Analytics and usage tracking (through browser settings)
• Specific data processing activities you find objectionable

Data Portability

You can request a copy of your data in a format that allows you to transfer it to another service provider. We will provide data in JSON format for easy portability.

Withdraw Consent

Where we rely on your consent to process data, you can withdraw that consent at any time. This includes:

• Marketing emails (click unsubscribe or contact us)
• Google OAuth authentication (revoke through Google account settings)
• Optional data collection (adjust in account settings)

7.2 How to Exercise Your Rights

You can exercise your privacy rights through several methods:

1. Account Settings (Fastest)

Log in to your account and access the Settings page to:

• Update your profile information
• Delete specific portraits from your history
• Close your account (deletes all data)
• Manage email preferences
• View your generation history

2. Email Request

Send an email to support@mementoai.net with:

• Subject Line: "Privacy Rights Request" or "GDPR Request" or "CCPA Request"
• Your Account Email: The email associated with your Memento AI account
• Specific Request: Clearly state what you want (e.g., "I request deletion of my account and all associated data")
• Identity Verification: We may ask for additional information to verify your identity before fulfilling the request

3. Data Export

Request a complete copy of your data in machine-readable format (JSON):

• Email support@mementoai.net with subject "Data Export Request"
• We will send you a secure download link within 30 days
• Export includes all personal data, generation metadata, and transaction history
• Generated portraits available as downloadable ZIP file

4. Account Deletion

Permanently delete your account and all associated data:

• Use the "Delete Account" button in your account settings, OR
• Email support@mementoai.net with subject "Account Deletion Request"
• All data permanently deleted within 30 days
• Download any portraits you want to keep before deleting

7.3 Response Times

We will respond to verified requests within:

• GDPR Requests (EEA/UK residents): 30 days
• CCPA Requests (California residents): 45 days
• All Other Requests: 30 days

If we need more time, we will notify you and explain the reason for the delay. For complex requests, we may extend the response time by an additional 30 days.

7.4 Marketing Communications

You can opt-out of marketing emails at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email
• Adjusting email preferences in your account settings
• Emailing support@mementoai.net with "Unsubscribe" in the subject line

Note: Opting out of marketing emails will not affect transactional emails (e.g., purchase confirmations, password resets, generation notifications) which are necessary for the Service.

7.5 Cookies and Tracking

You can manage cookie preferences through:

• Browser Settings: Most browsers allow you to refuse cookies or alert you when cookies are being sent
• Do Not Track: We respect "Do Not Track" signals where technically feasible
• Analytics Opt-Out: Disable analytics cookies through your browser settings

Note: Some features of our Service may not function properly if you disable cookies.

8. International Data Transfers

Memento AI operates globally, and your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country.

8.1 Where Your Data May Be Processed

• United States: Our primary servers and infrastructure
• European Union: Some service providers operate in the EU
• Other Regions: Third-party service providers may process data in various countries

8.2 Safeguards for International Transfers

We implement appropriate safeguards to ensure your personal information remains protected according to this Privacy Policy:

• Standard Contractual Clauses (SCCs): EU-approved data transfer agreements with service providers
• Adequacy Decisions: We rely on adequacy decisions by the European Commission where applicable
• Encryption: All data encrypted during international transmission
• GDPR Compliance: Service providers contractually bound to GDPR standards regardless of location
• Data Minimization: Only necessary data transferred across borders

8.3 Your Rights for International Transfers

If you are in the EEA, UK, or Switzerland, you have the right to obtain information about the safeguards we use for international data transfers. Contact us at support@mementoai.net for more information about specific transfer mechanisms.

9. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

9.1 Your CCPA Rights

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out: Opt-out of the sale of personal information
  Note: We do NOT sell personal information
• Right to Non-Discrimination: Exercise your CCPA rights without receiving discriminatory treatment

9.2 Categories of Personal Information We Collect

Under the CCPA, we collect the following categories of personal information:

• Identifiers: Name, email address, account ID
• Commercial Information: Purchase history, subscription status, payment records
• Internet Activity: Browsing history on our Service, usage patterns
• Visual Information: Uploaded photos and generated portraits
• Geolocation Data: General location based on IP address
• Inferences: Preferences and characteristics derived from your usage

9.3 How to Exercise Your CCPA Rights

To exercise your CCPA rights, email support@mementoai.net with "CCPA Request" in the subject line. Include:

• Your name and email address associated with your account
• Your specific request (e.g., "Right to Know", "Right to Delete")
• Information to verify your identity (we may ask follow-up questions)

We will respond within 45 days. You may designate an authorized agent to make requests on your behalf.

9.4 We Do Not Sell Personal Information

Memento AI does not sell personal information to third parties. We share information only with service providers who help us operate our Service, and they are contractually prohibited from using your data for their own purposes.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

10.1 Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Service (portrait generation, account management)
• Consent: When you opt-in to marketing communications or optional features
• Legitimate Interests: Fraud prevention, security, service improvement (balanced against your rights)
• Legal Obligations: Compliance with tax laws, financial regulations, and legal requests

10.2 Your GDPR Rights

• Right to Be Informed: Understand how your data is processed (this Privacy Policy)
• Right of Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to specific processing activities (e.g., marketing, profiling)
• Rights Related to Automated Decision-Making: We do not use automated decision-making for significant decisions

10.3 How to Exercise Your GDPR Rights

To exercise your GDPR rights, email support@mementoai.net with "GDPR Request" in the subject line. We will respond within 30 days.

10.4 Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority:

• EEA Residents: Contact your national Data Protection Authority
• UK Residents: Information Commissioner's Office (ICO) - ico.org.uk
• Swiss Residents: Federal Data Protection and Information Commissioner (FDPIC)

However, we encourage you to contact us first at support@mementoai.net so we can address your concerns directly.

11. Sensitive Content & Memorial Photos

Memento AI specializes in creating memorial portraits, which often involves processing photos of deceased loved ones. We recognize the deeply personal, emotional, and sensitive nature of this content.

11.1 Our Commitments

Respect & Dignity

We treat all memorial content with the utmost respect and handle it with the care and dignity befitting its emotional significance. Every photo you upload—especially memorial photos—is treated as precious and irreplaceable.

Confidentiality

Your memorial photos are never:

• Shared publicly or displayed on our website without your explicit written consent
• Used for marketing or promotional purposes without your permission
• Shown to other users or third parties
• Sold, rented, or transferred to any third party

Security

Memorial photos receive the same enterprise-grade security measures as financial data:

• End-to-end encryption during transmission
• Encrypted storage (AES-256)
• Strict access controls (only authorized systems, no human access unless debugging with your permission)
• Automatic deletion of source photos after 30 days
• Secure deletion protocols (data is overwritten, not just marked as deleted)

Deletion Rights

You can delete memorial content at any time:

• Individual Portraits: Delete specific portraits from your generation history (immediate removal)
• Entire Account: Close your account to delete all data within 30 days
• Emergency Deletion: Contact support@mementoai.net if you need urgent deletion

Once deleted, memorial photos are permanently removed and cannot be recovered.

11.2 Your Responsibilities

When uploading photos of deceased individuals or other people, please ensure:

• Legal Authority: You have the legal right to use these photos (you own them, inherited them, or have permission from the rights holder)
• Family Consent: You have obtained consent from family members or legal representatives, especially for photos of deceased individuals
• Respect Privacy: You respect the wishes and privacy of the deceased and their families
• No Unauthorized Use: You are not using photos you found online or copied without permission
• Third-Party Rights: You are not violating any copyrights, publicity rights, or other legal protections

By uploading photos to Memento AI, you represent and warrant that you have all necessary rights and permissions.

11.3 Emotional Support

We understand that creating and viewing AI-generated memorial portraits can be emotionally powerful—sometimes in unexpected ways. If you:

• Feel distressed by a generated portrait
• Have concerns about how a memorial photo was processed
• Need to discuss the handling of sensitive memorial content
• Want to share feedback about your emotional experience

Please contact our support team at support@mementoai.net. We're here to help and will respond with sensitivity and understanding.

11.4 Content Moderation

While we do not manually review photos before processing (to protect your privacy), we reserve the right to remove content that:

• Violates our Terms of Service
• Is reported as unauthorized or harmful
• Involves illegal content or activities
• Exploits or harms minors

If you believe someone has uploaded photos without authorization, please report it to support@mementoai.net immediately.

12. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

12.1 Age Requirement

• You must be at least 18 years old (or the age of legal consent in your jurisdiction) to create an account
• By using our Service, you represent that you meet this age requirement
• Parents or guardians must create accounts on behalf of minors if memorial portraits are needed

12.2 If We Discover Child Data

If we become aware that we have collected personal information from a child under 18 without parental consent:

• We will delete that information as quickly as possible
• We will terminate the account
• We will not use or disclose the information for any purpose

12.3 Reporting Underage Accounts

If you believe a child under 18 has created an account or provided personal information to us, please contact us immediately at support@mementoai.net with "Underage Account Report" in the subject line.

12.4 Photos of Children

While our Service is not for users under 18, you may upload photos that include children (e.g., memorial portraits that include a child with adult family members). If you upload photos containing children:

• You must have permission from the child's parent or legal guardian
• Photos must be appropriate and respectful
• You are responsible for complying with applicable laws regarding children's images

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

13.1 How We Notify You

• Minor Changes: We will update the "Effective Date" at the top of this Privacy Policy
• Material Changes: We will provide prominent notice through:
  • Email notification to your registered email address
  • In-app notification when you next log in
  • Banner notice on our website
• Advance Notice: For significant changes, we will provide at least 30 days notice before the new policy takes effect

13.2 Your Acceptance

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree with the changes:

• Stop using the Service
• Delete your account before the new policy takes effect
• Contact us at support@mementoai.net with concerns

13.3 Version History

We maintain a record of previous Privacy Policy versions. To request access to previous versions, email support@mementoai.net.

14. Contact Us

If you have any questions, concerns, or feedback about this Privacy Policy or our data practices, please contact us at:

Email: support@mementoai.net

Memento AI
Copyright © 2025 Memento AI. All rights reserved.