Back to Documentation
pūrmemo
Your Privacy, Your Control

Privacy Policy

We believe your data belongs to you. This policy explains exactly how we collect, use, and protect your AI conversation memories.

Last Updated: November 18, 20255 minute read

Introduction

Welcome to pūrmemo ("we," "our," or "us"). pūrmemo is a memory system for AI conversations that helps you capture, organize, and recall information from your interactions with ChatGPT, Claude, Google Gemini, and other AI platforms.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Chrome extension and web application. We are committed to transparency and giving you control over your data.

Our Privacy Principles

Your Data Belongs to You

You own all your conversation memories and can export or delete them at any time.

Minimal Collection

We only collect data necessary to provide our core service.

No Selling

We will never sell your personal information or conversation data to third parties.

Transparency

We explain clearly what data we collect and how we use it.

Security First

We use industry-standard security measures to protect your data.

Information We Collect

1. Account Information

  • Email address (required for account creation and authentication)
  • Full name (optional)
  • Password (encrypted with bcrypt hashing)
  • OAuth credentials (if you sign up with Google or GitHub)

2. Conversation Data

  • ChatGPT: Your prompts and responses from chat.openai.com and chatgpt.com
  • Claude: Your prompts and responses from claude.ai
  • Google Gemini: Your prompts and responses from gemini.google.com
  • Metadata: Conversation titles, timestamps, platform identifiers

Important: We only capture conversations when our Chrome extension is actively installed and you are using these AI platforms. We never access conversations from other websites or your general browsing activity.

3. Usage Information

  • Feature usage (which features you use and how often)
  • Search queries within pūrmemo
  • Extension settings and preferences
  • Error logs and crash reports (for debugging)

4. Technical Information

  • Browser type and version
  • Operating system
  • IP address (for security and authentication)
  • Device identifiers (for session management)

How We Use Your Information

We use your information solely to provide and improve our memory service. We never sell your data to third parties or use it for advertising.

Core Service Delivery

  • Storing and organizing your AI conversation memories
  • Providing semantic search across your saved conversations
  • Auto-recall feature: Suggesting relevant past memories during new conversations
  • Syncing your memories across devices and platforms

Account Management

  • Creating and managing your account
  • Authenticating your identity (via email/password or OAuth)
  • Processing your subscription payments via Stripe ($9.99/month)
  • Sending service-related emails (password resets, security alerts, subscription updates)

Security & Compliance

  • Detecting and preventing fraud, abuse, and security threats
  • Maintaining session security with JWT tokens (15-minute expiration, 90-day refresh)
  • Monitoring for unusual activity or unauthorized access
  • Complying with legal obligations (GDPR, CCPA)

Product Improvement

  • Debugging errors and fixing technical issues
  • Understanding which features are most valuable to users
  • Improving semantic search and recall accuracy

What We DON'T Do

  • We DO NOT sell your data to third parties or data brokers
  • We DO NOT use your conversations for AI model training
  • We DO NOT share your data with advertising networks
  • We DO NOT use third-party analytics or tracking services
  • We DO NOT send marketing emails (service-related only)

Need to Exercise Your Privacy Rights?

You can access, export, or delete your data at any time through your dashboard settings.

Go to DashboardContact Us

Data Storage and Security

Where Your Data Is Stored

All your data is stored and processed in the United States:

  • Database: PostgreSQL on Supabase (AWS us-west-1, California)
  • Backend Services: Render (Oregon region)
  • Frontend: Vercel CDN (global edge network with US origin)

We do not transfer your data outside the United States.

Security Measures

Encryption

All data encrypted in transit (TLS/SSL) and at rest. Passwords hashed with bcrypt (cost factor 10).

JWT Tokens

Short-lived access tokens (15 min) with automatic refresh. 90-day refresh token rotation.

OAuth Security

Google & GitHub OAuth integration. We never see your OAuth passwords.

API Keys

SHA-256 hashed API keys for MCP server access. Never stored in plaintext.

Payment Security

We use Stripe for all payment processing. Your payment information (credit card details) is handled directly by Stripe and never stored on our servers.

We only store your Stripe customer ID for subscription management. Stripe is PCI-DSS Level 1 certified.

Chrome Extension Privacy

IMPORTANT: Automatic Conversation Capture

The Purmemo Chrome extension automatically captures all your conversations with ChatGPT, Google Gemini, and Claude AI when auto-capture is enabled. This happens in real-time as you chat, without requiring manual action. You can control auto-capture through extension settings (master toggle plus per-platform toggles for ChatGPT, Gemini, and Claude).

How Auto-Capture Works

Supported Platforms

  • ChatGPT: chat.openai.com and chatgpt.com
  • Google Gemini: gemini.google.com
  • Claude AI: claude.ai

What Gets Captured

  • All messages you send to the AI
  • All responses from the AI
  • Conversation titles and timestamps
  • Platform identifiers (which AI you were using)

When Capture Occurs

  • Automatically after each message exchange (500ms debounce)
  • On page load (captures existing conversation after 2 seconds)
  • Uses MutationObserver to detect new messages in real-time

Extension Permissions

storage

Saves your authentication token and extension settings locally in your browser

activeTab

Accesses the current tab when the extension is active on supported AI platforms

scripting

Injects content scripts to detect and capture conversations using MutationObserver

Auto-Recall Feature

The extension also provides automatic context recall by:

  • Searching your saved memories for relevant context when you start typing
  • Optionally injecting this context into your messages before sending to the AI
  • Saving your original message (not the injected version) to prevent circular injection

This happens seamlessly without manual intervention, powered by semantic search across your memory bank.

What We DON'T Capture

  • Conversations on other websites (only ChatGPT, Gemini, Claude)
  • Your general browsing history
  • Passwords or payment information
  • Content from websites outside the 3 supported AI platforms

User Control

✓ What You CAN Do

  • • Control auto-capture with master toggle (enable/disable all platforms)
  • • Choose which platforms to capture (ChatGPT, Gemini, Claude toggles)
  • • Delete captured conversations from dashboard
  • • Recover deleted conversations (30-day window)
  • • Export all your data in JSON format
  • • Uninstall extension to stop all capture

✗ What You CANNOT Do

  • • Disable auto-recall feature
  • • Configure capture on a per-conversation basis

Your Rights and Choices

You have comprehensive rights over your personal data under GDPR (if you're in the EU) and CCPA (if you're in California). We respect these rights for all users, regardless of location.

GDPR Rights (EU Users)

Right to Access

View all personal data we hold about you. Export your memories in JSON format from the dashboard.

Right to Rectification

Edit or correct inaccurate memories and account information through the dashboard settings.

Right to Erasure

Delete your account and all associated data. 30-day recovery period before permanent deletion.

Right to Data Portability

Export all your memories in machine-readable JSON format for transfer to another service.

Right to Restriction

Request temporary restriction of processing while disputing accuracy or lawfulness of processing.

Right to Object

Object to processing based on legitimate interests. We do not use your data for marketing or profiling.

CCPA Rights (California Users)

Right to Know

Request disclosure of what personal information we collect, use, disclose, and sell (we don't sell data).

Right to Delete

Request deletion of personal information we collected from you, subject to certain exceptions.

Right to Opt-Out

We do not sell personal information, so there is nothing to opt out of in this regard.

How to Exercise Your Rights

Self-Service via Dashboard:

  • Edit memories: Click any memory and use the edit button
  • Delete memories: Use delete button (30-day recovery period)
  • Export data: Settings → Export Data → Download JSON
  • Delete account: Settings → Account → Delete Account

Contact Us for Assistance:

Email us at:

  • GDPR requests: gdpr@purmemo.ai
  • Privacy questions: privacy@purmemo.ai

We will respond to your request within 30 days (GDPR) or 45 days (CCPA).

Data Retention

We retain your data only as long as necessary to provide our service and comply with legal obligations.

Active Memories

Retention Period: Indefinite (until you delete them)

Your conversation memories are stored indefinitely to provide continuous memory across your AI interactions. You can delete any memory at any time.

Soft-Deleted Memories

Retention Period: 30 days (recovery period)

When you delete a memory, it enters a 30-day recovery period. During this time, you can restore it from the Trash. After 30 days, it is permanently and irreversibly deleted.

JWT Access Tokens

Retention Period: 15 minutes (then expired)

Short-lived tokens for session authentication. After expiration, you must use your refresh token to get a new access token.

Refresh Tokens

Retention Period: 90 days (with automatic rotation)

Long-lived tokens for maintaining session across devices. Automatically rotated every 90 days for security.

Account Deletion

Retention Period: 30 days (recovery period), then permanent deletion

When you request account deletion, all your data (account info, memories, API keys) enters a 30-day recovery period. After 30 days, everything is permanently and irreversibly deleted from our systems.

Legal Hold Exceptions

We may retain data longer if required by law or legal process.

In rare cases (e.g., ongoing litigation, regulatory investigation), we may be legally required to preserve data beyond our normal retention periods.

International Users

Data Storage and Transfers

Purmemo is based in the United States, and all your data is stored and processed on servers located in the United States:

  • Database: AWS us-west-1 (California)
  • Backend Services: Render (Oregon region)
  • Frontend CDN: Vercel global edge network (US origin)

Important: We do not transfer your data outside the United States. All data processing occurs within US-based infrastructure.

GDPR Compliance (EU Users)

If you are located in the European Union, United Kingdom, or European Economic Area, you have specific data protection rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your data based on:

  • • Contract performance (providing our service)
  • • Legitimate interests (improving our service)
  • • Your consent (where required)

Your GDPR Rights

You have the right to:

  • • Access your data
  • • Rectify inaccuracies
  • • Request erasure
  • • Data portability
  • • Object to processing
  • • Lodge a complaint with a supervisory authority

Contact for GDPR Requests: gdpr@purmemo.ai

We will respond to your request within 30 days as required by GDPR.

Other International Users

If you are accessing Purmemo from outside the United States, please be aware that:

  • Your information will be transferred to and processed in the United States
  • US data protection laws may differ from those in your country
  • By using our service, you consent to this transfer and processing
  • We apply the same privacy protections to all users regardless of location

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

When we make changes to this policy, we will:

  • 1.Update the "Last Updated" date at the top of this page
  • 2.Send you an email notification at your registered email address
  • 3.Display a prominent banner on your dashboard for 30 days

Material Changes

If we make material changes that significantly affect your privacy rights, we will:

  • Provide at least 30 days advance notice
  • Highlight the specific changes in the notification email
  • Give you the option to review and accept the changes

Material changes include: New data collection practices, sharing with third parties, significant changes to data retention, or reduced privacy protections.

Your Continued Use

By continuing to use Purmemo after we post changes to this Privacy Policy, you accept and agree to those changes. If you do not agree with the updated policy, you may:

  • Stop using the service
  • Export your data before the changes take effect
  • Request account deletion (30-day recovery period applies)

Version History

We maintain a version history of this Privacy Policy. Contact privacy@purmemo.ai to request previous versions.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, we're here to help: