Privacy Policy

Last updated: January 2026

memu is operated by studio179 d.o.o. ("we", "our", or "us"). We believe your memories belong to you and your partner - not to us, not to advertisers, and definitely not to AI training datasets. This Privacy Policy explains what data we collect, why we collect it, and how we keep it safe.

We've tried to keep this policy readable and jargon-free. If something isn't clear, please reach out to us at hello@getmemu.com.

1. Information We Collect

Account & Profile Data

• Email address: Used for authentication via one-time passcode (OTP). We don't store passwords.
• Username: A display name you choose, visible only to your partner.
• Profile photo: An optional photo to personalize your profile.

Couple & Relationship Data

• Partner pairing: We store the connection between you and your partner's accounts.
• Anniversary date: Used to personalize challenges and calculate relationship milestones.
• Timezone: Used to determine your "couple day" for streak calculations.

Photo & Location Data

• Challenge photos: Photos you explicitly select to send as challenges to your partner.
• Photo metadata (EXIF): Date, time, and GPS coordinates embedded in your photos. This metadata powers the "guess when and where" gameplay.
• Geocoded locations: We convert GPS coordinates into readable place names (e.g., "Paris, France") using Apple MapKit.

Gameplay & Usage Data

• Challenge history: Records of challenges sent, received, and answered.
• Streak counts: Your current streak and streak history.
• Points: Scores earned from correct answers.
• Gems: Virtual currency balance and transaction history.
• Streak Saves: Whether you have an active Streak Save.

Device & Technical Data

• Push notification tokens: Used to send you notifications about new challenges.
• Device identifiers: For analytics and crash reporting.
• App version: To ensure compatibility and troubleshoot issues.

2. How We Use Your Information

We use your data to:

• Provide the core service: Enable you to create, send, and receive photo challenges with your partner.
• Power gameplay features: Calculate streaks, award points, manage gems, and track milestones.
• Send notifications: Alert you when your partner sends a challenge or when your streak is at risk.
• Improve the app: Analyze usage patterns (in aggregate) to make memu better.
• Provide customer support: Help you if something goes wrong.
• Process payments: Handle subscriptions and in-app purchases through Apple and RevenueCat.

3. Photo Privacy

• Partner-only access: Photos you share are visible ONLY to your connected partner. No one else - not even memu employees - can view them.
• No AI training: We will never use your photos to train AI or machine learning models.
• No advertising: We don't analyze your photos for advertising purposes.
• No third-party sharing: We never share your photos with third parties for any reason.
• Explicit selection only: We only access photos you explicitly choose to share. We never scan your entire photo library.
• Metadata for gameplay only: Photo location and date data is used solely to create the challenge questions - nothing else.

4. Data Storage & Security

Your data is stored securely using industry-standard practices:

• Cloud infrastructure: We use Google Cloud Platform (via Firebase) for authentication, database, and storage.
• Encryption: Data is encrypted in transit (TLS) and at rest.
• Access controls: Photos are stored with strict access rules - only you and your partner can access them.
• Secure authentication: We use Firebase Authentication with email OTP - no passwords to leak.

5. Third-Party Services

We use trusted third-party services to provide memu. Here's who they are and what data they receive:

Firebase (Google)

• What: Authentication, Firestore database, Cloud Storage, Cloud Functions
• Data shared: Account data, couple data, photos, gameplay data
• Why: Core infrastructure for the app
• Privacy policy: firebase.google.com/support/privacy

RevenueCat

• What: Subscription and in-app purchase management
• Data shared: User ID, purchase history, subscription status
• Why: Manage memu+ subscriptions and gem purchases
• Privacy policy: revenuecat.com/privacy

Apple MapKit

• What: Reverse geocoding service
• Data shared: GPS coordinates (to convert to place names)
• Why: Display readable location names in challenges
• Privacy policy: apple.com/legal/privacy

Sentry

• What: Crash reporting and error monitoring
• Data shared: Device info, app state at time of crash, anonymized user ID
• Why: Find and fix bugs quickly
• Privacy policy: sentry.io/privacy

Apple Push Notification Service (APNs)

• What: Push notification delivery
• Data shared: Device token, notification content
• Why: Notify you about new challenges

6. Data Retention

We retain your data for as long as your account is active. Specifically:

• Account data: Retained until you delete your account.
• Challenge photos: Automatically deleted 6 months after creation. Photos are also deleted if you delete your account.
• Gameplay data: Retained until you delete your account.
• Anonymized analytics: May be retained indefinitely in aggregate form.

When you delete your account, we delete all your personal data within 30 days, except where we're required by law to retain it.

7. Your Rights & Choices

You have control over your data:

• Access: You can request a copy of all personal data we hold about you.
• Correction: You can update your profile information at any time in the app.
• Deletion: You can delete your account and all associated data from the app settings.
• Data portability: You can request your data in a machine-readable format.
• Withdraw consent: You can disable push notifications or revoke photo library access at any time.

To exercise these rights, contact us at hello@getmemu.com.

8. Children's Privacy

memu is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.

If you believe a child under 13 has provided us with personal information, please contact us at hello@getmemu.com.

9. International Data Transfers

memu is operated by studio179 d.o.o., based in Slovenia (European Union). Your data may be processed in the EU and in other countries where our service providers operate (such as the United States for Firebase/Google Cloud services).

When data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. California Privacy Rights (CCPA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your rights

11. European Privacy Rights (GDPR)

If you're in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

• Right to access, correct, or delete your data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is primarily the performance of our contract with you (providing the memu service) and, where applicable, your consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we'll notify you through the app or by email.

We encourage you to review this policy periodically. Your continued use of memu after changes constitutes acceptance of the updated policy.

13. Contact Us

Questions, concerns, or requests about your privacy? We're here to help:

Email: hello@getmemu.com