Reflect Memory
DocsSign in

Privacy Policy

Last updated: February 2026

1. Overview

Reflect Memory ("we," "our," or "us") is a privacy-first AI memory system. We store only what you explicitly choose to save. You control what gets stored, who can access it, and when it gets deleted. We do not sell, rent, or trade your data.

2. What We Collect

We collect and store the following:

  • Account information: Email address (for magic link sign-in). We do not collect passwords.
  • Memory content: The title, content, tags, and metadata of memories you create. This is user-authored data you explicitly write or approve.
  • Technical data: IP address and request logs for security, rate limiting, and operational debugging. Logs are retained for a limited period and do not include memory content.

We do not collect: browsing history, location data, or any information from your AI conversations that you do not explicitly choose to save to Reflect Memory.

3. How We Use Your Data

  • Provide the Reflect Memory service to you
  • Enable AI integrations (ChatGPT, Claude, Cursor, etc.) to read and write memories at your request
  • Respond to support inquiries
  • Enforce security, prevent abuse, and comply with legal obligations

We do not use your memory content for training AI models, targeted advertising, or any purpose other than delivering the service you signed up for.

4. Data Storage and Security

Storage: Memory data is stored in an isolated SQLite database with per-user scoping. Your data is never mixed with other users' data. We use automated backups to secure, encrypted storage.

Transmission: All data transmitted between your devices, our API, and connected AI tools uses HTTPS/TLS encryption.

Access control: API keys and authentication tokens are required for all access. We use timing-safe comparison and industry-standard practices for credential validation.

5. Your Rights

You have the right to:

  • Access: View all memories and account data via the dashboard or API
  • Delete: Remove individual memories or your entire account and all associated data at any time. Deleted memories are soft-deleted and purged within 30 days
  • Export: Retrieve your data via the API in standard formats
  • Correct: Edit or update your memories and account information
  • Object and restrict: Contact us to object to processing or request restrictions

To exercise these rights, use the dashboard or contact us at privacy@reflectmemory.com.

6. Third-Party Services

We use the following third parties:

  • Hosting (Railway): Server infrastructure for the API and database
  • Backups (Cloudflare R2): Encrypted database backups
  • AI models (OpenAI, Anthropic, etc.): Used only when you invoke the query feature to generate summaries from your memories. Memory content is sent only to the model provider you choose, and only for that request

Each provider has its own privacy policy. We do not share your data with advertisers or data brokers.

7. GDPR and International Compliance

For users in the European Economic Area and United Kingdom, we process your data on the following bases: (1) contract performance (providing the service you requested), (2) legitimate interests (security, abuse prevention), and (3) consent where required. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

We support data subject access requests, deletion requests, and portability. We do not engage in automated decision-making or profiling. You have the right to lodge a complaint with your supervisory authority.

8. Data Retention

Memories are retained until you delete them. Trashed memories are purged within 30 days. Security and operational logs are retained for a limited period necessary for debugging and compliance. Backups are retained according to our backup retention policy.

9. Children

Reflect Memory is not intended for users under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us and we will delete it promptly.

10. Changes

We may update this policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests, contact:

privacy@reflectmemory.com

Reflect Memory

Privacy Policy | Reflect Memory