Early Alpha: Memoato is in early development. Features may be incomplete or change frequently.

Memoato Logo
memoato
Follow
Contact
Lab
Privacy-first by design

Your privacy matters

Transparency about how we collect, use, and protect your personal information. Your data belongs to you—we're just the custodians.

Last updated: June 16, 2025

Our privacy principles

These core principles guide every decision we make about your data.

Your data, your control

You own your data completely. Export it, delete it, or modify it anytime. We provide the tools, you maintain control.

Minimal data collection

We collect only what's necessary to provide our service. No unnecessary tracking, no invasive analytics.

Transparent practices

Clear, understandable privacy practices. No hidden data usage, no surprise policy changes.

What data we collect

Account Information

  • • Email address (for account creation and communication)
  • • Encrypted password hash (we never store your actual password)
  • • Account preferences and settings
  • • Subscription and billing information (if applicable)

Content Data

  • • Your journal entries and personal notes
  • • AI-generated categories and insights
  • • Custom tags and organizational data
  • • Analytics and progress tracking data

Technical Information

  • • Basic usage analytics (page views, feature usage)
  • • Error logs and debugging information
  • • Session tokens for secure authentication
  • • API usage metrics for service optimization

How we use your data

Service Delivery

  • • Process and categorize your entries using AI
  • • Generate insights and analytics
  • • Provide personalized recommendations
  • • Maintain your account and preferences

Service Improvement

  • • Improve AI model accuracy (anonymized data only)
  • • Fix bugs and enhance user experience
  • • Develop new features and capabilities
  • • Monitor service performance and security

Communication

  • • Send important service updates
  • • Provide customer support responses
  • • Share relevant tips and best practices
  • • Send opt-in promotional content

Legal & Security

  • • Comply with legal obligations
  • • Prevent fraud and abuse
  • • Protect user safety and security
  • • Enforce our Terms of Service

Data security & protection

Encryption

  • • All data encrypted in transit (TLS 1.3)
  • • Database encryption at rest
  • • End-to-end encryption for sensitive content
  • • Regular security audits and updates

Access Controls

  • • Strict employee access controls
  • • Multi-factor authentication requirements
  • • Regular access reviews and monitoring
  • • Zero-trust security architecture

AI Processing Security: Your content is processed by our AI systems in isolated, encrypted environments. We use privacy-preserving techniques and never store your data in AI training datasets without explicit consent.

Your privacy rights

Access & Portability

Request a copy of all your personal data in a portable format.

Rectification

Correct or update any inaccurate personal information.

Erasure

Request complete deletion of your account and all associated data.

Restriction

Limit how we process your personal information.

Objection

Object to certain types of data processing activities.

Withdraw Consent

Revoke previously given consent for data processing.

Easy Control: Most of these rights can be exercised directly through your account settings. For additional requests, contact us at privacy@memoato.com

Data controller & GDPR compliance

Data Controller Information

Company: HILLS Lab d.o.o.

Registration: Croatia

VAT ID: HR48104693060

Website: hills-lab.hr

Product: Memoato Platform

Data Protection Officer: dpo@hills-lab.hr

EU Representative: HILLS Lab d.o.o. (Croatia)

GDPR Rights

  • • Right of access (Art. 15 GDPR)
  • • Right to rectification (Art. 16 GDPR)
  • • Right to erasure (Art. 17 GDPR)
  • • Right to restrict processing (Art. 18 GDPR)
  • • Right to data portability (Art. 20 GDPR)
  • • Right to object (Art. 21 GDPR)

Legal Basis

  • Contract performance: Service delivery
  • Legitimate interest: Service improvement
  • Consent: Marketing communications
  • Legal obligation: Compliance requirements

Supervisory Authority

If you have concerns about our data processing practices, you have the right to lodge a complaint with the relevant supervisory authority:

Croatia (Primary):
Croatian Personal Data Protection Agency (AZOP)
azop.hr

Your Local Authority:
You may also contact your local EU data protection authority if you reside in a different EU member state.

Contact & policy updates

Questions or concerns?

We're committed to transparency and are happy to answer any questions about our privacy practices.

Privacy Team: privacy@memoato.com

Data Protection Officer: dpo@hills-lab.hr

General Support: support@memoato.com

Policy updates

We may update this privacy policy from time to time. When we make significant changes:

  • • We'll notify you via email (if you have an account)
  • • We'll post a prominent notice on our platform
  • • We'll update the "Last updated" date at the top
  • • Major changes require 30 days advance notice
  • • Significant changes comply with GDPR notification requirements