We wrote this policy to be readable. It explains what data Mnemosine uses, why we use it, and your rights under GDPR.
1) Data controller
Mnemosine / Keevaq (project owner) is the data controller for the website and app.
Contact for privacy requests: [email protected].
2) What data we collect
- Account data: Apple/Google sign-in identifier and email, if provided by the identity provider.
- App content: inventories, item descriptions, receipt images, OCR-extracted data (merchant name, purchase date, amount, line items), expense records, and insurance claim data you create.
- Subscription data: purchase history, entitlement status, and transaction identifiers managed through Apple App Store and RevenueCat.
- Waitlist/demo data: email, optional name, profile answers, and pricing feedback submitted on the website.
- Technical data: session tokens, rate-limit counters, and minimal security/reliability logs for abuse prevention and troubleshooting.
3) Why we process data (legal basis)
- Provide the app service (Art. 6(1)(b) GDPR — contract).
- Process in-app purchases and manage subscriptions (Art. 6(1)(b) GDPR — contract).
- Protect the service and prevent abuse (Art. 6(1)(f) — legitimate interest).
- Manage demo waitlist and contact you (Art. 6(1)(a) — consent).
- Send optional product updates (Art. 6(1)(a) — consent, can be withdrawn anytime).
4) Processors and third-party services
We use service providers acting as data processors under GDPR. The main ones are:
- Cloudflare, Inc. — API backend (Workers), database (D1), file storage (R2), session storage (KV), and network security/hosting. Data may be processed in the US and other Cloudflare regions. Safeguard: Standard Contractual Clauses.
- Apple Inc. — Sign In with Apple (authentication) and App Store In-App Purchases (subscription billing and transaction validation). Apple processes data under its own privacy policy and App Store terms.
- Google LLC — Google Sign-In (authentication via OAuth 2.0). Google processes identity data under its own privacy policy and terms of service.
- RevenueCat, Inc. — Subscription management, purchase validation, and entitlement tracking. RevenueCat receives your App Store transaction data and subscription status. Data may be processed in the US. Safeguard: Standard Contractual Clauses.
- Proton AG — Email communication for privacy and support requests.
We do not sell your data to third parties and do not use your data for advertising.
5) International transfers
Some processing may involve transfers outside the EEA (in particular to the US, where Cloudflare, Apple, Google, and RevenueCat are based).
Where required, we rely on GDPR-compatible safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.
6) Retention
- App content and account data: until you delete it or request account deletion.
- Subscription and transaction data: retained as required by Apple/RevenueCat policies and applicable accounting obligations.
- Waitlist data: up to 24 months from last interaction, or earlier on request.
- Optional marketing consent: until withdrawn.
- Security logs: normally up to 30 days unless needed for ongoing security incidents.
7) Your GDPR rights
You have the right to access, correct, delete, restrict, or port your data, and to object to processing.
You may also withdraw consent at any time where consent is the legal basis.
To exercise any right, email [email protected].
We will respond within 30 days.
8) Account deletion
You can request full account and data deletion at any time by emailing [email protected].
Subscription cancellation must be managed separately through the Apple App Store settings on your device.
10) Children
Mnemosine is not directed at children under 16. We do not knowingly collect data from children.
11) Automated decisions
We do not use automated decision-making producing legal or similarly significant effects on individuals.
12) Policy changes
If we make material changes to this policy, we update the date at the top of this page.
Continued use of the app after changes constitutes acceptance of the updated policy.
