Privacy Policy

Version: 1.0
Effective date: 2026-05-18
Last updated: 2026-05-18
Controller: [Legal Entity Name — TBD] ("MomMem", "we", "us", "our")
Address: São Paulo, Brazil
DPO: dpo@mommem.com

This document exists in two official versions: Brazilian Portuguese (pt-BR) and US English (en-US). In case of interpretive divergence, the Portuguese version governs users in Brazil; the English version governs users in the United States.

1. Who we are

MomMem is a private digital vault for childhood memories. Our purpose is to let parents — especially first-time mothers — capture meaningful moments in their children's lives quickly (a photo plus a 15–30 second voice note), with AI handling curation, transcription, and chronological organization.

MomMem is operated by [Legal Entity Name — TBD], headquartered in São Paulo, Brazil. For any matter relating to this Policy or your data, please contact our Data Protection Officer (DPO) at dpo@mommem.com.

2. This policy, in one sentence

We collect only what the product needs to work, we never sell your data or your children's data, we encrypt everything in transit and at rest, and you can ask us to delete everything at any time.

3. Data we process

3.1. Data you provide to us

Category	Examples	Purpose
Account identification	Name, email, phone (optional), preferred language	Create and operate the family account
Child profiles	Name (or nickname), date of birth, gender (optional), profile photo	Organize memories per child and surface age-relevant milestones
Memory content	Photos, short videos, 15–30s audio clips, typed text, tags	This is the product — it's what you're saving
Family invitees	Names and email addresses of people you invite (grandparents, godparents, co-parents)	Enable limited co-curation and sharing
Support	Messages sent to support, screenshots, bug descriptions	Resolve reported issues

3.2. Data generated by your use

Category	Examples
Media metadata	Timestamp, approximate geolocation (only if you opt in), format, duration
AI output	Audio transcription, generated summary, suggested tags, detected milestones
Product telemetry	Screens viewed, actions taken, performance, errors — no memory content
Device	Model, OS, language, advertising identifiers only if you consent

3.3. Data we do NOT collect

We don't read your calendar, messages, contacts, or other photos on your device without your explicit action.
We don't ask for government IDs for you or your children.
We don't track you outside the MomMem app or website.
We don't sell behavioral advertising.

4. Children and minors

This is the most important section of this document.

MomMem is a product for parents and legal guardians, not for children. The person who creates the account, accepts the terms, and provides consent is always an adult (18+) acting in the capacity of legal guardian.

Because the content stored is by nature about children, we process it with reinforced protections under:

COPPA (US) — protection of personal information of children under 13;
LGPD Art. 14 (Brazil) — processing of personal data of children and adolescents;
GDPR Art. 8 (EU) — parental consent for minors under 16.

In practical terms:

Only the legal guardian may create and administer the child's account.
There is no child login. The child is not a "user" of the product.
No advertising profiling of children, under any circumstances.
Children's data is not used to train third-party AI models. Sub-processors (e.g., OpenAI Whisper) are contractually prohibited from retaining or training on submitted content.
You can export or delete all your child's material at any time.
When inviting grandparents, godparents, or co-parents, you are responsible for ensuring those individuals are authorized to view and contribute.

5. Legal bases for processing (GDPR / LGPD)

Purpose	GDPR basis	LGPD basis
Create and operate your account	Performance of contract (Art. 6(1)(b))	Execução de contrato (Art. 7º V)
Process your memories with AI	Performance of contract	Execução de contrato
Billing and subscription management	Contract + legal obligation	Contract + tax obligation
Transactional communications (welcome, billing, security)	Contract	Contract
Optional marketing communications	Consent	Consentimento
Media geolocation	Consent	Consentimento
Children's data	Parental consent (Art. 8)	Parental consent + legitimate child-protection interest
Product telemetry and bug fixing	Legitimate interest (Art. 6(1)(f))	Legítimo interesse
Fraud and abuse prevention	Legitimate interest	Legítimo interesse
Compliance with court order / legal obligation	Legal obligation (Art. 6(1)(c))	Obrigação legal

You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

6. How we process your memories with AI

When you record a moment (photo + 15–30s audio), this is the chain:

Encrypted upload (TLS 1.2+) of the file to our storage (Cloudflare R2).
Transcription of the audio via OpenAI Whisper API under a Zero Data Retention contract — OpenAI does not retain the audio sent and does not train on it.
Structuring (tag extraction, milestone detection, sentiment) via Anthropic Claude API — also under non-retention and non-training terms.
Storage of original content plus structured metadata in our database (Postgres / Supabase), with Row-Level Security: only your family sees your data.
You review the suggestion. If you edit or delete, we propagate the change.

No memory of yours is viewed by MomMem humans, except if you actively open a support ticket and attach the memory.

7. Sharing and sub-processors

MomMem works with the following sub-processors. Each has been evaluated for LGPD / GDPR / COPPA compliance and is bound by a Data Processing Agreement with standard data-protection clauses.

Sub-processor	Role	Data location
Supabase	Postgres database, authentication	US (São Paulo region under evaluation)
Cloudflare R2	Storage of photos, videos, audio	Multi-region; object stored closest to user
Cloudflare (CDN/WAF)	Content delivery, attack protection	Global edge
Fly.io	Application servers	Multi-region; São Paulo (GRU) is the default for Brazilian users
OpenAI	Audio transcription (Whisper)	US, under Zero Data Retention agreement
Anthropic	AI memory structuring (Claude) — tag, milestone, and summary extraction	US, under non-retention and non-training agreement
Apple In-App Purchase	iOS payment processing	US (Apple)
Google Play Billing	Android payment processing	US (Google)
PostHog	Product analytics (no memory content)	US; EU self-host option under evaluation
Sentry	Error monitoring (no memory content)	US

The current list is published at mommem.com/subprocessors and we'll notify you at least 30 days before adding any new sub-processor.

We do not sell, rent, or trade your personal data with third parties for advertising or commercial purposes.

8. International data transfers

Because most of our sub-processors operate in the US, personal data is transferred internationally. The safeguards we apply:

GDPR: EU Standard Contractual Clauses (SCCs) and/or EU-US Data Privacy Framework.
LGPD: transfer based on specific contractual guarantees (standard clauses), performance of contract with you, and where applicable, consent.
US → BR / US → EU: the sub-processors we use are certified or contracted under recognized adequacy frameworks.

9. Retention and deletion

Data type	Retention period
Memory content (photos, audio, video, transcriptions)	While your account is active
Account after subscription cancellation	12 months to allow reactivation. After that, full deletion.
Billing data	7 years after end of relationship (US/IRS tax requirements)
Security logs	180 days
Aggregated and anonymous telemetry	Retained indefinitely for product analytics

Immediate deletion on request: if you formally request deletion before the 12 months, we process within 15 business days (LGPD) or 30 calendar days (GDPR / CCPA). Backups are purged in rotations of up to 90 days.

10. Your rights as a data subject

You have the right, at any time, to:

Access the data we process about you and your family.
Correct incomplete, inaccurate, or outdated data.
Request deletion of your data and your children's data.
Port your data in a structured format (JSON + original files).
Withdraw consent for processing based on consent.
Object to processing based on legitimate interest.
Request human review of significant automated decisions (we do not currently use significant automated decisions in the product).
Lodge a complaint with the data protection authority in your jurisdiction.

California residents (CCPA/CPRA) additionally have the right to: know what categories of personal information we collect; opt out of any sale or sharing (we do not sell or share — but the right is preserved); non-discrimination for exercising rights; limit the use of sensitive personal information.

How to exercise these rights: inside the app, under Settings → Privacy → My Data, or by email to dpo@mommem.com. We respond within 15 business days (LGPD) / 45 calendar days (CCPA).

11. Security

Encryption in transit: TLS 1.2 or higher on all connections.
Encryption at rest: AES-256 for files in R2 and database.
Access control: Row-Level Security in Postgres; each family can only see its own data.
Authentication: password + optional MFA + session tokens with expiration.
Team access: principle of least privilege; production-data access logs; no engineer can read memory content without an audit trail.
Incident response: in case of a security incident affecting your data, we will notify the relevant data protection authority within 48 hours and you within 72 hours, as required by LGPD; California users will be notified per CCPA requirements.

12. Cookies and similar technologies

The mobile app does not use cookies. It uses installation identifiers for authentication and product telemetry (only if you consent).

The mommem.com website uses:

Essential cookies (always): login session, language preference.
Analytics cookies (PostHog, opt-in): visitor counts and signup funnel.
No behavioral advertising cookies.

A consent banner is active on first visit; preferences can be revised at mommem.com/cookies.

13. Changes to this policy

We update this policy whenever there is a material change in how we process your data. When that happens:

We notify you by email and inside the app at least 30 days in advance.
Previous versions remain accessible at mommem.com/privacy/history.
For changes that require new consent, you must explicitly accept them before they take effect.

14. Contact

General email: support@mommem.com
Data Protection Officer (DPO): dpo@mommem.com
Postal address: [Full address — TBD], São Paulo, Brazil
Authority complaints:
- Brazil: ANPD — gov.br/anpd
- EU: your local Data Protection Authority
- California: California Privacy Protection Agency (CPPA) — cppa.ca.gov