Privacy Policy

Effective April 15, 2026

This policy explains what we collect, why, and your rights.

What we collect

• Account: email, password hash, plan.
• Billing: handled by Stripe; we store only the customer ID.
• Usage: request counts, API key fingerprints, error logs (no memory content).
• Memories (managed only): the content you store via the Service, encrypted at rest.

What we don't collect

• No analytics scripts, no third-party trackers, no ad networks.
• No memory content if you use Local mode.

Why we collect it

To run the Service, bill you accurately, prevent abuse, and respond to support requests.

Sharing

We share data only with Stripe (billing) and our hosting provider (infrastructure). We do not sell data, ever.

Your rights

You can export or delete all your data at any time via the dashboard or memory.copy(). Email privacy@oramemory.com for GDPR/CCPA requests.

Retention

Active account: as long as you have one. Cancelled account: deleted within 30 days unless you request earlier.

Changes

Material changes will be emailed 30 days before they take effect.