Back to Documentation
pūrmemo
Your Privacy, Your Control

Privacy Policy

We believe your data belongs to you. This policy explains exactly how we collect, use, and protect your AI conversation memories.

Last Updated: March 11, 20265 minute read

Introduction

Welcome to pūrmemo ("we," "our," or "us"). pūrmemo is a memory system for AI conversations that helps you capture, organize, and recall information from your interactions with ChatGPT, Claude, Google Gemini, and other AI platforms.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our web application, Chrome extension, MCP server, or Desktop app. We are committed to transparency and giving you control over your data.

Our Privacy Principles

Your Data Belongs to You

You own all your conversation memories and can export or delete them at any time.

Minimal Collection

We only collect data necessary to provide our core service.

No Selling

We will never sell your personal information or conversation data to third parties.

Transparency

We explain clearly what data we collect and how we use it.

Security First

We use industry-standard security measures to protect your data.

Information We Collect

1. Account Information

  • Email address (required for account creation and authentication)
  • Full name (optional)
  • Password (encrypted with bcrypt hashing)
  • OAuth credentials (if you sign up with Google or GitHub)

2. Conversation Data

  • ChatGPT: Your prompts and responses from chat.openai.com and chatgpt.com
  • Claude: Your prompts and responses from claude.ai
  • Google Gemini: Your prompts and responses from gemini.google.com
  • Metadata: Conversation titles, timestamps, platform identifiers

Important: We only capture conversations when our Chrome extension is actively installed and you are using these AI platforms. We never access conversations from other websites or your general browsing activity.

3. Usage Information

  • Feature usage (which features you use and how often)
  • Search queries within pūrmemo
  • Extension settings and preferences
  • Error logs and crash reports (for debugging)

4. Technical Information

  • Browser type and version
  • Operating system
  • IP address (for security and authentication)
  • Device identifiers (for session management)

How We Use Your Information

We use your information solely to provide and improve our memory service. We never sell your data to third parties or use it for advertising.

Core Service Delivery

  • Storing and organizing your AI conversation memories
  • Providing semantic search across your saved conversations
  • Auto-recall feature: Suggesting relevant past memories during new conversations
  • Syncing your memories across devices and platforms

Account Management

  • Creating and managing your account
  • Authenticating your identity (via email/password or OAuth)
  • Processing your subscription payments via Stripe ($19/month)
  • Sending service-related emails (password resets, security alerts, subscription updates)

Security & Compliance

  • Detecting and preventing fraud, abuse, and security threats
  • Maintaining session security with JWT tokens (4-hour expiration, 90-day refresh)
  • Monitoring for unusual activity or unauthorized access
  • Complying with legal obligations (GDPR, CCPA)

Product Improvement

  • Debugging errors and fixing technical issues
  • Understanding which features are most valuable to users
  • Improving semantic search and recall accuracy

Derived Data & Embeddings

To power memory search and recall, pūrmemo computes and stores derived data from your saved conversations:

  • Semantic embeddings — numerical vector representations of your conversation content, used to find similar memories and rank results by relevance. These are stored alongside your memories and are not human-readable.
  • Relevance scores & recall tiers — each memory is scored and placed into a retrieval tier (1, 2, or 3) based on semantic similarity to your current query. These scores are ephemeral and recalculated on every search.
  • Auto-generated tags — topics and entities extracted from conversation content to improve search recall. Stored as metadata on each memory.
  • Cross-platform usage profile — an aggregated view of which AI platforms you use and how frequently, derived from the platform identifiers on your saved memories. Used by the get_user_context MCP tool to surface your active context to AI assistants.
  • Inferred context themes — recurring topics and patterns identified across your memories (e.g. active projects, areas of focus). Returned by the get_user_context tool to help AI assistants understand your context without you repeating it. These are derived from your content and updated as you save new memories. They are not used for advertising or shared with third parties.
  • Memory clusters & similarity scores — groupings of related memories across platforms, computed for the discover_related_conversations tool. Similarity scores reflect vector distance between embeddings and are not retained after the response is returned.

All derived data is computed solely to deliver pūrmemo's core service. It is never sold, shared with advertisers, or used to train AI models.

What We DON'T Do

  • We DO NOT sell your data to third parties or data brokers
  • We DO NOT use your conversations for AI model training
  • We DO NOT share your data with advertising networks
  • We DO NOT use third-party analytics or tracking services
  • We DO NOT send marketing emails (service-related only)

Need to Exercise Your Privacy Rights?

You can access, export, or delete your data at any time through your dashboard settings.

Go to DashboardContact Us

Data Storage and Security

Where Your Data Is Stored

All your data is stored and processed in the United States:

  • Database: PostgreSQL on Supabase (AWS us-west-1, California)
  • Backend Services: Render (Oregon region)
  • Frontend: Vercel CDN (global edge network with US origin)

We do not transfer your data outside the United States.

Security Measures

Encryption

All data encrypted in transit (TLS/SSL) and at rest. Passwords hashed with bcrypt (cost factor 10).

JWT Tokens

Short-lived access tokens (4 hours) with automatic refresh. 90-day refresh token rotation.

OAuth Security

Google & GitHub OAuth integration. We never see your OAuth passwords.

API Keys

SHA-256 hashed API keys for MCP server access. Never stored in plaintext.

Payment Security

We use Stripe for all payment processing. Your payment information (credit card details) is handled directly by Stripe and never stored on our servers.

We only store your Stripe customer ID for subscription management. Stripe is PCI-DSS Level 1 certified.

Chrome Extension Privacy

How the pūrmemo browser extension handles your data.

Save your conversations

Off by default. You choose when and where to capture — per platform, or manually anytime.

Recalls what matters

Relevant memories surface automatically at the start of new AI conversations — no re-explaining needed.

Only ChatGPT, Claude & Gemini

Nothing else. No browsing history, no passwords, no other websites — ever.

What gets saved & what doesn't

When capture is on

  • Your messages to the AI
  • AI responses
  • Conversation titles & timestamps
  • Which platform you were using

Never captured

  • ×Browsing history or other websites
  • ×Passwords or payment info
  • ×Conversations on any other site
  • ×Anything when capture is off

Extension permissions

Why the extension requests each permission — nothing more, nothing less.

storage

Saves your login token and extension settings locally in your browser. Never leaves your device.

alarms

Runs a background check every 30 minutes to refresh your login token before it expires, keeping your session active. A second alarm runs only when you have enabled auto-capture for a specific platform — inactive by default.

host permissions

Grants access to chatgpt.com, gemini.google.com, claude.ai, and api.purmemo.ai only — no other sites.

How context recall works

pūrmemo can silently prepend relevant memories to your messages so the AI already knows your context.

1.

When you start typing in ChatGPT, Claude, or Gemini, pūrmemo searches your saved memories for relevant context.

2.

If relevant memories are found, they're quietly added before your message before it reaches the AI — so the AI gets your context without you having to repeat it.

3.

pūrmemo stores your original message only — never the injected version. This prevents circular recall.

What this means for your data

When recall is active, the content of relevant memories is transmitted to the AI platform you're using as part of your message. pūrmemo does not control how ChatGPT, Claude, or Gemini handle messages they receive.

Technical implementation details

Script execution context: The extension runs content scripts in the browser's main JavaScript context (MAIN world), alongside the AI platform's own scripts. This allows it to observe conversation DOM and detect new messages without modifying the AI platform's code.

Request interception: For context recall, the extension observes outgoing API requests to AI platforms via window.fetch. Before each request, relevant memories are fetched from pūrmemo's servers and prepended as context. The memory retrieval query goes to pūrmemo; the augmented message goes to the AI platform only.

When disabled: With auto-capture off and no manual save in progress, no conversation content is read, processed, or transmitted. The extension is fully inactive on AI platform pages.

Auto-capture timing: Uses a MutationObserver to detect new messages in real-time with a 2-second settling delay, plus an initial capture on page load after 2 seconds.

MCP Server & Desktop App

How pūrmemo handles data from Claude Desktop, Cursor, and the macOS Desktop app.

MCP Server (Claude Desktop & Cursor)

When you connect pūrmemo via MCP (Model Context Protocol), Claude or Cursor can save and recall memories on your behalf. All tool calls are authenticated using OAuth 2.0 — your AI client receives a scoped access token after you sign in. No conversation content is transmitted unless you explicitly invoke a save tool.

Desktop App (macOS)

The pūrmemo Desktop app monitors your clipboard to detect content you copy while using AI tools. Clipboard content is only sent to pūrmemo servers when you click Save. The app also detects which AI application is in focus (e.g., Claude, Cursor) to pre-load relevant context — no content from those apps is read automatically.

What MCP and Desktop collect

When you save via MCP or Desktop

  • Conversation content you explicitly save
  • Timestamps and platform source
  • Your pūrmemo user ID (linked to your account)

Never collected

  • ×Your clipboard contents (until you click Save)
  • ×Content of AI apps you haven't explicitly saved
  • ×Background app activity or keystrokes

MCP OAuth Authorization

When you connect pūrmemo to Claude Desktop or another MCP client, you authorize via OAuth 2.0 + PKCE at mcp.purmemo.ai. This grants the AI client a scoped token. You can revoke access at any time from your pūrmemo account settings. pūrmemo never receives your Claude.ai credentials — only a pūrmemo-scoped token.

Your Rights and Choices

You have comprehensive rights over your personal data under GDPR (if you're in the EU) and CCPA (if you're in California). We respect these rights for all users, regardless of location.

GDPR Rights (EU Users)

Right to Access

View all personal data we hold about you. Export your memories in JSON format from the dashboard.

Right to Rectification

Edit or correct inaccurate memories and account information through the dashboard settings.

Right to Erasure

Delete your account and all associated data. 30-day recovery period before permanent deletion.

Right to Data Portability

Export all your memories in machine-readable JSON format for transfer to another service.

Right to Restriction

Request temporary restriction of processing while disputing accuracy or lawfulness of processing.

Right to Object

Object to processing based on legitimate interests. We do not use your data for marketing or profiling.

CCPA Rights (California Users)

Right to Know

Request disclosure of what personal information we collect, use, disclose, and sell (we don't sell data).

Right to Delete

Request deletion of personal information we collected from you, subject to certain exceptions.

Right to Opt-Out

We do not sell personal information, so there is nothing to opt out of in this regard.

How to Exercise Your Rights

Self-Service via Dashboard:

  • Edit memories: Click any memory and use the edit button
  • Delete memories: Use delete button (30-day recovery period)
  • Export data: Settings → Export Data → Download JSON
  • Delete account: Settings → Account → Delete Account

Contact Us for Assistance:

Email us at:

  • GDPR requests: gdpr@purmemo.ai
  • Privacy questions: privacy@purmemo.ai

We will respond to your request within 30 days (GDPR) or 45 days (CCPA).

Data Retention

We retain your data only as long as necessary to provide our service and comply with legal obligations.

Active Memories

Retention Period: Indefinite (until you delete them)

Your conversation memories are stored indefinitely to provide continuous memory across your AI interactions. You can delete any memory at any time.

Soft-Deleted Memories

Retention Period: 30 days (recovery period)

When you delete a memory, it enters a 30-day recovery period. During this time, you can restore it from the Trash. After 30 days, it is permanently and irreversibly deleted.

JWT Access Tokens

Retention Period: 4 hours (then expired)

Short-lived tokens for session authentication. After expiration, you must use your refresh token to get a new access token.

Refresh Tokens

Retention Period: 90 days (with automatic rotation)

Long-lived tokens for maintaining session across devices. Automatically rotated every 90 days for security.

Account Deletion

Retention Period: 30 days (recovery period), then permanent deletion

When you request account deletion, all your data (account info, memories, API keys) enters a 30-day recovery period. After 30 days, everything is permanently and irreversibly deleted from our systems.

Legal Hold Exceptions

We may retain data longer if required by law or legal process.

In rare cases (e.g., ongoing litigation, regulatory investigation), we may be legally required to preserve data beyond our normal retention periods.

Children's Privacy

Age Requirements

pūrmemo is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, do not use pūrmemo or provide any information through the Service.

pūrmemo requires users to be at least 18 years old to create an account. Users between 13 and 17 may only use the Service with the involvement and consent of a parent or legal guardian, who agrees to be bound by these terms on the minor's behalf.

COPPA Compliance

pūrmemo complies with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our systems. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at privacy@purmemo.ai and we will promptly investigate and delete the information.

Cookies & Local Storage

What We Use

pūrmemo does not use third-party tracking cookies, advertising cookies, or cross-site tracking technologies. We use two types of browser storage:

  • Browser localStorage (web app)

    Used to store your authentication tokens (purmemo_api_key, purmemo_refresh_token) and UI preferences. Persists until you log out or clear your browser data. Access tokens expire after 4 hours; refresh tokens expire after 90 days.

  • Chrome extension storage (chrome.storage.local)

    Used by the pūrmemo Chrome extension to store your authentication state, per-platform capture preferences, and consent record. Data is sandboxed to the extension and never accessible to websites.

No Tracking

We do not use cookies or any tracking technology to serve ads, build advertising profiles, or sell your data. We do not use Google Analytics, Facebook Pixel, Mixpanel, or any third-party analytics SDK.

Our backend logs standard server-side request metadata (IP address, timestamps, HTTP method) for security and debugging. These logs are retained for 30 days and are never used for advertising.

International Users

Data Storage and Transfers

Purmemo is based in the United States, and all your data is stored and processed on servers located in the United States:

  • Database: AWS us-west-1 (California)
  • Backend Services: Render (Oregon region)
  • Frontend CDN: Vercel global edge network (US origin)

Important: We do not transfer your data outside the United States. All data processing occurs within US-based infrastructure.

GDPR Compliance (EU Users)

If you are located in the European Union, United Kingdom, or European Economic Area, you have specific data protection rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your data based on:

  • • Contract performance (providing our service)
  • • Legitimate interests (improving our service)
  • • Your consent (where required)

Your GDPR Rights

You have the right to:

  • • Access your data
  • • Rectify inaccuracies
  • • Request erasure
  • • Data portability
  • • Object to processing
  • • Lodge a complaint with a supervisory authority

Contact for GDPR Requests: gdpr@purmemo.ai

We will respond to your request within 30 days as required by GDPR.

Other International Users

If you are accessing Purmemo from outside the United States, please be aware that:

  • Your information will be transferred to and processed in the United States
  • US data protection laws may differ from those in your country
  • By using our service, you consent to this transfer and processing
  • We apply the same privacy protections to all users regardless of location

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

When we make changes to this policy, we will:

  • 1.Update the "Last Updated" date at the top of this page
  • 2.Send you an email notification at your registered email address
  • 3.Display a prominent banner on your dashboard for 30 days

Material Changes

If we make material changes that significantly affect your privacy rights, we will:

  • Provide at least 30 days advance notice
  • Highlight the specific changes in the notification email
  • Give you the option to review and accept the changes

Material changes include: New data collection practices, sharing with third parties, significant changes to data retention, or reduced privacy protections.

Your Continued Use

By continuing to use Purmemo after we post changes to this Privacy Policy, you accept and agree to those changes. If you do not agree with the updated policy, you may:

  • Stop using the service
  • Export your data before the changes take effect
  • Request account deletion (30-day recovery period applies)

Version History

We maintain a version history of this Privacy Policy. Contact privacy@purmemo.ai to request previous versions.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, we're here to help: