Privacy Policy | Memoreru

1. Introduction

The Operator respects the privacy of users and is committed to protecting personal information. This Privacy Policy explains the collection, use, sharing, and protection of personal information in the Service.

2. Information We Collect

2.1 Account Information

We collect the following information when you use the Service:

Email address
Password (stored encrypted with bcrypt)
Username and display name
Profile information (profile image, cover image, bio, SNS links, etc., optional)
OAuth authentication information (email address, display name, and profile image provided by each service when logging in via Google, X (formerly Twitter), or GitHub)

2.2 Content Information

Content created and posted by users:

Pages (Markdown text, images, file attachments)
Tables (structured data)
Slides (presentations)
Views, Graphs, Dashboards
Folders, Categories, Label settings
Comments, Likes, Bookmarks, Reposts

2.3 Security & Log Information

To prevent unauthorized access and ensure service security, the following information is automatically recorded:

IP address
Browser, OS, and device information (User Agent)
Country and city of access (estimated from IP address)
Login history (date/time, success/failure, authentication method)
Operation history (audit logs for content creation, updates, deletions, etc.)

2.4 Usage Information

For service improvement, we collect the following information:

Page view history and time spent
Search keywords and actions on search results (clicks, bookmarks, etc.)
Content views, likes, comments, and other interactions

3. Purpose of Use

Collected information is used for the following purposes:

Service provision and operation (content creation, data management, search features, etc.)
User authentication and account management
Billing and payment processing for paid plans
AI feature provision (paid plans only; content analysis, summarization, search, etc.)
Prevention of misuse and security measures (login attempt monitoring, account lockout, password breach checking, etc.)
Service improvement and new feature development
User support and inquiry responses
Response to terms of service violations
Important announcements and service change notifications

4. Information Sharing

4.1 Public Information

Content set to "Public" by the user will be viewable by anyone on the Internet. Content set to "Team" will be viewable only by members of the same team or organization, and content set to "Private" will be viewable only by the owner. The visibility of user profile information varies according to privacy settings.

4.2 Third-Party Disclosure

We will not provide personal information to third parties without user consent, except in the following cases:

When required by law
When necessary for the protection of life, body, or property
When particularly necessary for public health or child welfare
When cooperation with government agencies is required

4.3 Third-Party Services We Use

We use the following third-party services to operate the Service. Each service accesses information only to the extent necessary for service provision and handles information in accordance with their respective privacy policies.

Infrastructure & Hosting

Supabase (database and file storage) - Data is stored in the Tokyo region (ap-northeast-1)
Vercel (hosting and CDN)
Cloudflare (CDN, security, and R2 storage)

Authentication

Google, X (formerly Twitter), GitHub (OAuth authentication providers)

Payment

Stripe (credit card payment processing) - Card information is not stored by our Service; it is securely managed by Stripe

Email Delivery

Resend (transactional emails including email verification, password reset, and notification emails)

OpenAI (GPT-4o-mini, text embeddings) - Paid plans only. Data sent is not used for AI model training

Analytics

Google Analytics 4 (page view and user behavior analysis)
Microsoft Clarity (heatmap and session recording for UI improvement analysis)

Security

Cloudflare Turnstile (bot detection and CAPTCHA)
Have I Been Pwned (password breach database matching) - Only the first 5 characters of the password hash are sent; the password itself is never transmitted

5. Cookies & Tracking Technologies

5.1 Cookies

The Service uses cookies for the following purposes:

Session management (maintaining login status)
Remembering user preferences (sidebar state, display format, active tab, etc.)
Analytics (Google Analytics, Microsoft Clarity)

You can disable cookies in your browser settings, but some features such as login may not function properly.

5.2 Local Storage

Browser local storage is used for the following purposes:

Saving UI settings (theme, display preferences, etc.)
Temporary storage of content drafts

5.3 About Microsoft Clarity

The Service uses Microsoft Clarity for UI improvement. Clarity anonymously records user screen interactions (clicks, scrolls, mouse movements, etc.) and visualizes them as heatmaps and session recordings. No personally identifiable information is collected.

5.4 Disclosure Under External Transmission Regulations

Pursuant to Article 27-12 of the Telecommunications Business Act, we disclose the following information about data transmitted from users' devices to external parties through the Service.

Google Analytics 4 (Google LLC)

Information transmitted: Cookies, IP address (anonymized), page view history, screen resolution, browser and OS information
Purpose: Access analytics and service improvement
Opt-out: Can be disabled via browser cookie settings or the Google Analytics Opt-out Browser Add-on

Microsoft Clarity (Microsoft Corporation)

Information transmitted: Cookies, UI interaction data such as clicks, scrolls, and mouse movements (anonymized)
Purpose: UI improvement through heatmaps and session recordings
Opt-out: Can be disabled via browser cookie settings

Cloudflare Turnstile (Cloudflare, Inc.)

Information transmitted: IP address, browser information, device characteristics
Purpose: Bot detection and prevention of unauthorized access
Opt-out: Cannot be disabled as it is required for service operation

6. Information Protection

The Service implements the following security measures to prevent leakage, loss, and damage of personal information:

bcrypt password encryption
SSL/TLS encryption for all communications
Two-factor authentication (TOTP)
Login attempt rate limiting (account lockout)
Session management (maximum 5 sessions, 7-day expiry)
Row-level security (RLS) for data access control
Audit logging of operation history

7. Data Retention Period

Personal information is retained for the period necessary for service provision or as required by law. Upon account deletion, information will be promptly deleted except for information required to be retained by law (such as audit logs).

Account deletion can be performed from the settings page. Deletion requires two-step identity verification through password confirmation and email verification.

8. User Rights

Users have the following rights:

Request disclosure of their personal information
Request correction, addition, or deletion of personal information
Request suspension of use of personal information
Delete their account
Change notification settings (opt out of email and Web Push notifications)
Change privacy settings (profile visibility, email address display, etc.)
Manage sessions (view and revoke active sessions)

Many of these rights can be exercised from the settings page.

9. Use by Minors

If minors (under 18 years old) use the Service, please obtain parental consent before use. Parents are asked to cooperate in managing their children's account information and content.

10. Changes to Privacy Policy

The Operator may change this Privacy Policy as needed. In case of significant changes, we will notify users through in-service notifications or email. Continued use of the Service after changes constitutes agreement to the updated terms.

11. Operator Information

Operator:Takuya Noro (Trade name: Memoreru)
Address:150-0043 Shibuya Dogenzaka Tokyu Building 2F-C, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo
Contact:Contact Form

12. Inquiries

If you have any questions or concerns about this Privacy Policy, please contact us through the Contact Form.

Last updated: April 28, 2026