Security & Privacy

All data is encrypted at rest (AES-256) and in transit. Your conversations, chapters, photos, audio, and video are never stored in plain text. We need to process your data to generate chapters, but access is strictly controlled and limited to what is necessary.

Your data is stored on European servers (database in Frankfurt, files and voice synthesis in the EU). Some processing uses US-based services (AI generation, speech-to-text, email delivery) but data is not retained after processing — it is sent, used, and discarded. See our subprocessors page for the full list.

Every API request is authenticated and authorized. Stories are private by default — only you can see them. Role-based access (owner, contributor, reader) ensures people only see what you've allowed. Rate limiting protects against abuse on all endpoints.

Your conversations are processed by AI to create your chapters, but they are never used to train AI models. We do not sell, share, or monetize your data in any way. Our AI providers are contractually bound to the same standards.

All payment processing is handled by Stripe. We never see, store, or have access to your credit card numbers. Stripe is PCI DSS Level 1 certified — the highest level of payment security.

Deleted chapters are kept in a 30-day trash before permanent removal — you can restore them anytime within that window. Your complete data (stories, photos, audio, video) can be exported at any time from Settings.

You can permanently delete your account and all associated data at any time from Settings. Deletion is thorough: all chapters, photos, audio, video, and personal information are removed from our servers and storage. A confirmation email is sent for your records.

Personal data is automatically redacted from all error logs — your stories and conversations never appear in diagnostic data. Sensitive operations (password changes, account deletion, memorial activation) are recorded in a secure audit trail.

We enforce strict Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), clickjacking protection (X-Frame-Options), and MIME type sniffing prevention. These headers protect against common web attacks.

All sensitive tokens (email verification, password reset) are hashed before storage — only you hold the original link. Sessions can be revoked instantly on logout. Cross-site request forgery (CSRF) protection validates the origin of every request. Login attempts are rate-limited with automatic alerts on suspicious patterns. Two-factor authentication is enabled on all our infrastructure services.

Every release runs an automated security suite covering: cross-user access (verifying you can never read or modify another person's stories, chapters, photos, or comments), chapter privacy enforcement (private/circle/public/secret levels), file upload validation (type, size, magic-byte sniffing), CSRF protection, security headers, XSS escaping, rate limiting, open-redirect protection, and dependency vulnerability scanning. Tests run on every code change before deployment.

We comply with the EU General Data Protection Regulation. Your data is hosted in Europe, analytics only load with your consent, and you can export or delete everything at any time. We maintain a Data Protection Impact Assessment and publish a full list of our subprocessors. We never sell your data or use it for advertising.

If you have any questions about how we protect your data, contact us at security@memoira.app