Introduction

Kagura Memory Cloud ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI memory platform service.

We operate under the principles of data minimization, purpose limitation, and transparency as outlined in the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Collection

We collect the following types of information:

Account Information: When you create an account, we collect your name, email address, and authentication credentials (via Google or GitHub OAuth).

Memory Data: The memories, contexts, and knowledge you store in our platform. This includes text content, metadata, and any structured data you provide.

Usage Data: We collect information about how you use our service, including API calls, feature usage patterns, and session information.

Technical Data: Browser type, IP address, device information, and other technical details necessary for service operation.

Data Storage & Security

Your data security is our top priority:

Encryption at Rest: All memory data is encrypted at rest using industry-standard AES-256 encryption.

Encryption in Transit: All data transmitted between your device and our servers is protected by TLS 1.3.

Access Control: Strict role-based access controls ensure only authorized personnel can access system infrastructure.

Infrastructure: Our services run on secure cloud infrastructure with regular security audits and monitoring.

Backups: Regular encrypted backups ensure data durability and disaster recovery capability.

How We Use Your Data

We use your information for the following purposes:

Service Provision: To provide, maintain, and improve the Kagura Memory Cloud service.

Service Improvement: To analyze usage patterns and improve our platform's functionality and performance.

Support: To respond to your requests and provide customer support.

Security: To detect, prevent, and address technical issues and security threats.

We Never: Sell your personal data to third parties, use your memory content for advertising, or share your data without your explicit consent.

Your Rights (GDPR)

Under GDPR and applicable data protection laws, you have the following rights:

Right of Access: You can request a copy of all personal data we hold about you.

Right to Rectification: You can request correction of inaccurate personal data.

Right to Erasure: You can request deletion of your personal data ("right to be forgotten").

Right to Data Portability: You can request your data in a machine-readable format.

Right to Restriction: You can request restriction of processing of your personal data.

Right to Object: You can object to processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at the email address below.

Third-Party Services

We use limited third-party services to operate our platform:

Authentication: Google OAuth and GitHub OAuth for secure sign-in.

Infrastructure: Cloud hosting providers for reliable service delivery.

AI APIs: When using AI features, data may be processed by AI service providers (OpenAI, Anthropic, Google) according to their respective privacy policies.

We carefully select third-party providers and ensure they meet our data protection standards.

Data Retention

Active Accounts: We retain your data for as long as your account is active.

Inactive Accounts: Accounts inactive for more than 24 months may be subject to data cleanup after notice.

Deleted Accounts: Upon account deletion, all personal data is removed within 30 days.

Backups: Backup copies may be retained for up to 90 days after deletion for disaster recovery purposes.

Logs: System logs containing personal data are retained for a maximum of 90 days.

Cookies

We use minimal cookies for essential service operation:

Session Cookie: Required for authentication and maintaining your login state.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Children's Privacy

Our service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Sending an email notification to your registered email address
Posting a prominent notice on our website
Displaying an in-app notification

Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

GitHub: kagura-ai/memory-cloud