← Back to MnemoGit

Privacy Policy

Last updated: April 13, 2026

MnemoGit (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered learning platform, website, and related services (collectively, the “Service”). MnemoGit is operated from the Commonwealth of Virginia, United States.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

1. Information We Collect

1.1 Personal Information

When you register for an account or use the Service, we may collect the following personal information:

  • Name and email address (required for account registration)
  • Password (stored in hashed form; we never store plaintext passwords)
  • Billing information (processed and stored by Stripe; we retain only a truncated card identifier and billing address)
  • Profile information you voluntarily provide (display name, avatar)
  • Third-party API keys you provide through our BYOK feature (encrypted at rest with AES-256)

1.2 Usage Data

We automatically collect certain information when you access or use the Service:

  • IP address, browser type and version, operating system, and device identifiers
  • Pages visited, features used, time spent on pages, and click patterns
  • Study session data, including flashcard review history, performance metrics, and spaced repetition scheduling data
  • Error logs and diagnostic data
  • Referral URLs and search terms that directed you to the Service

1.3 AI Processing Data

When you use AI-powered features of the Service, the following data may be processed:

  • Flashcard content and study materials you submit for AI generation or enhancement
  • Prompts and instructions you provide to AI features
  • AI-generated responses and content created for you
  • Metadata about AI API calls (model used, token counts, timestamps) for billing and rate limiting purposes

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Send transactional emails (account verification, password resets, billing receipts)
  • Send service-related communications (feature updates, maintenance notices, security alerts)
  • Personalize your learning experience through spaced repetition algorithms
  • Process your content through AI APIs to generate and enhance flashcard materials
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations

3. Third-Party Data Sharing

We share your information with the following third-party service providers, solely for the purposes of operating the Service:

3.1 AI API Providers

  • Anthropic (Claude API):Flashcard content you submit for AI processing is sent to Anthropic’s API. Anthropic’s data handling is governed by their Privacy Policy. As of our last review, Anthropic does not use API inputs for model training.
  • OpenAI: When you select an OpenAI model, your content is processed through the OpenAI API subject to their Privacy Policy. API usage data is not used for model training by default.
  • OpenRouter: When routed through OpenRouter, your content is processed subject to OpenRouter’s Privacy Policy and the downstream model provider’s policies.

3.2 Payment Processing

  • Stripe:All payment processing is handled by Stripe, Inc. We transmit your billing information directly to Stripe and do not store full credit card numbers on our servers. Stripe’s handling of your data is governed by their Privacy Policy.

3.3 Email Communications

  • Resend: We use Resend for transactional email delivery. Your email address and the content of transactional emails are shared with Resend subject to their privacy policy.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request.

4. GDPR Rights (European Economic Area Users)

If you are a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
  • Right to Erasure: You may request that we delete your personal data, subject to certain legal exceptions.
  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You may request a machine-readable copy of your personal data to transfer to another service.
  • Right to Object: You may object to the processing of your personal data for direct marketing or on grounds relating to your particular situation.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing performed prior to withdrawal.

Our legal basis for processing personal data includes: performance of a contract (providing the Service), legitimate interests (improving the Service, fraud prevention), compliance with legal obligations, and consent (where specifically obtained). To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days.

5. CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request the deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. However, you have the right to opt out of any future sale of personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: You may direct us to limit the use and disclosure of your sensitive personal information.

To submit a CCPA request, contact us at [email protected]. We will verify your identity before fulfilling any request.

6. VCDPA Compliance (Virginia Residents)

As a Virginia-based business, we comply with the Virginia Consumer Data Protection Act (VCDPA). Virginia residents have the following rights:

  • Right to Access: You may confirm whether we are processing your personal data and access such data.
  • Right to Correction: You may request correction of inaccuracies in your personal data.
  • Right to Deletion: You may request deletion of your personal data.
  • Right to Data Portability: You may obtain a copy of your personal data in a portable and readily usable format.
  • Right to Opt Out: You may opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise your VCDPA rights, contact us at [email protected]. If we decline your request, you may appeal our decision by contacting us, and we will respond within sixty (60) days.

7. Cookie Usage

We use cookies and similar tracking technologies to operate and improve the Service. For detailed information about the cookies we use, please see our Cookie Policy.

8. Data Retention

We retain your personal data as follows:

  • Account data: Retained for the duration of your account and for thirty (30) days after account deletion to allow for recovery.
  • Study and flashcard data: Retained for the duration of your account and deleted within thirty (30) days of account deletion.
  • BYOK API keys: Deleted immediately upon your request or account termination.
  • Payment records: Retained for seven (7) years to comply with tax and accounting obligations.
  • Usage logs: Retained for ninety (90) days for operational purposes, then aggregated and anonymized.
  • AI processing logs: Metadata retained for ninety (90) days; content submitted to AI APIs is not stored by MnemoGit after processing is complete.

9. Security Measures

We implement industry-standard security measures to protect your personal data, including:

  • TLS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest, including BYOK API keys
  • Bcrypt hashing for passwords with appropriate cost factors
  • Regular security audits and vulnerability assessments
  • Access controls and principle of least privilege for internal systems
  • Monitoring and alerting for suspicious activity

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

10. Children’s Privacy

The Service is not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 13, please contact us at [email protected].

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as necessary to provide the Service.

For transfers of personal data from the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms, to ensure adequate protection of your personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by sending an email to the address associated with your account or by posting a prominent notice on the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

13. Contact Information

If you have questions or concerns about this Privacy Policy, your personal data, or wish to exercise your privacy rights, please contact us at:

MnemoGit — Privacy Inquiries
Email: [email protected]
Commonwealth of Virginia, United States