Privacy Policy

Last Updated: December 1, 2025

1. Introduction

Welcome to Memorium, operated by Sintonik Technosoft, a proprietorship registered in India ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our memory preservation and sharing platform (the "Service").

Business Name: Sintonik Technosoft

Registered Address: F-26, Site C, UPSIDC Indl. Area, Greater Noida, Uttar Pradesh - 201306, India

This policy complies with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, along with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws worldwide.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Email address, first name, last name, password (encrypted), profile picture, bio, and timezone preferences
  • Memory Content: Photos, videos, audio recordings, text descriptions, dates, locations, and tags
  • Circle Information: Circle names, descriptions, member relationships, and hierarchy structures
  • Payment Information: Billing details processed through our payment providers (Razorpay). We do not store credit card information on our servers
  • Communications: Messages you send to our support team or other users within the platform

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Analytics Data: We use Vercel Analytics to understand how users interact with our Service
  • Cookies and Tracking: Essential cookies for authentication, preference cookies for settings, and analytics cookies (with your consent)

2.3 Information from Third Parties

  • Payment Providers: Transaction status and payment verification from Razorpay
  • Email Services: Delivery status from our email service provider

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Memorium platform
  • Account Management: To create and manage your account, authenticate your identity
  • Memory Preservation: To store, organize, and display your memories according to your preferences
  • Communication: To send you service-related notifications, updates, and support responses
  • Payment Processing: To process subscription payments and maintain billing records
  • Analytics and Improvement: To understand usage patterns and improve our Service (anonymized where possible)
  • Security: To detect, prevent, and address fraud, security issues, or technical problems
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your data based on:

  • Contract Performance: Processing necessary to provide our Service
  • Legitimate Interests: Analytics, security, and service improvement
  • Consent: Marketing communications and non-essential cookies
  • Legal Obligation: Compliance with laws and regulations

5. Data Sharing and Disclosure

5.1 Within Circles

Memories you create are shared according to your privacy settings within circles. You control who can view or edit each memory through granular permission controls.

5.2 Service Providers

We share data with trusted third-party service providers:

  • Cloud Hosting: AWS/Digital Ocean for infrastructure
  • Payment Processing: Razorpay for subscription management
  • Email Delivery: Email service providers for transactional emails
  • Analytics: Vercel Analytics for usage insights
  • Media Storage: Cloud storage providers for photos, videos, and audio

All service providers are contractually bound to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5.5 We Never Sell Your Data

We do not and will never sell your personal information or memories to third parties for marketing purposes.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: Data in transit uses TLS/SSL encryption; data at rest is encrypted
  • Access Controls: Role-based access with principle of least privilege
  • Authentication: Secure password hashing (bcrypt) and session management
  • Monitoring: Regular security audits and vulnerability assessments
  • Backups: Regular encrypted backups with secure storage
  • Incident Response: Documented procedures for security incidents

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

7.1 GDPR Rights (EEA, UK, Switzerland)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for processing at any time
  • Lodge Complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Residents)

  • Know: Know what personal information is collected
  • Delete: Request deletion of personal information
  • Opt-Out: Opt-out of sale of personal information (we don't sell data)
  • Non-Discrimination: Not be discriminated against for exercising your rights

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or as required by law).

You can also manage many settings directly in your account dashboard:

  • Update profile information
  • Manage privacy settings
  • Download your data
  • Delete your account

8. Data Retention

We retain your data for as long as necessary to provide our Service and comply with legal obligations:

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Most data deleted within 30 days; some data retained for legal/security purposes (up to 7 years)
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Backup Systems: Data in backups deleted within 90 days

9. International Data Transfers

Memorium operates globally. Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to approved countries
  • Privacy Shield framework where applicable

10. Children's Privacy

Memorium is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

Memories about children may be shared by parents/guardians within private family circles with appropriate consent.

11. Cookies and Tracking Technologies

We use cookies and similar technologies. Please see our Cookie Policy for detailed information about the cookies we use and how to manage them.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy with a new "Last Updated" date
  • Sending you an email notification (for material changes)
  • Displaying a prominent notice on our platform

Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us:

Business Name: Sintonik Technosoft

Address: F-26, Site C, UPSIDC Indl. Area, Greater Noida, Uttar Pradesh - 201306, India

Email: [email protected]

14. Specific Regional Provisions

14.1 EEA, UK, and Switzerland

For users in these regions, the data controller is Sintonik Technosoft. You have the right to lodge a complaint with your local supervisory authority.

14.2 California Residents

California residents have additional rights under the CCPA. We do not sell personal information. You may designate an authorized agent to make requests on your behalf.

14.3 India

For users in India, we comply with the Information Technology Act, 2000 and its rules, including the (Indian) Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.