Effective Date (v1.0): November 4, 2025
1.1 Controller: Rumi Chiapella Stefano (RUT: 00218633460015), a company registered in Uruguay, with its registered office at Graseras, Roque 640, Apto. 904, CP: 11300, Montevideo, Uruguay.
1.2 Support / Privacy Contact: for any questions or concerns regarding your Personal Data or this Privacy Policy, please contact us at: contact@memoryhunt.com.
1.3 EU representative: Silvia Curti, silviacurti421@gmail.com.
If you are located in the EU, you may contact our appointed representative regarding all issues related to processing of personal data and to exercise your rights under the General Data Protection Regulation (GDPR).
1.4 Data Protection Officer: Silvia Curti, silviacurti421@gmail.com.
If you have any questions about our data protection practices, you may contact our Data Protection Officer at the above email address.
1.5 Jurisdictions: we comply with all applicable data protection laws, including Uruguay Law No. 18.331 and, where applicable, the EU GDPR.
2.1 You must be at least 13 years old, or meet the minimum legal age required in your country, to use Memory Hunt. By using the App, you acknowledge that you meet this requirement and that you are legally allowed to enter into this agreement.
2.2 Parents or guardians are responsible for any information or media they share about minors.
2.3 We do not operate any separate verifiable parental consent flow beyond what Apple App Store and Google Play (together the “App Stores”) provide.
3.1 We collect several different types of information to provide and improve our App, keep your account secure and comply with legal requirements.
3.2 The types of data we collect are as follows:
3.2.1 Personal Data: while using our App, we may ask you
to provide us with certain personally identifiable information that can
be used to contact or identify you (“Personal Data”). Personally
identifiable information may include, but is not limited to:
a) Email address;
b) First name and last name; and
c) Phone number;
3.2.2 Usage Data: we may also collect information on how
and when the App is accessed and used (“Usage Data”). This Usage
Data may include information such as:
a) Computer’s Internet Protocol address (e.g. IP address),
b) Hardware model;
c) Unique device identifiers; and
d) Other diagnostic data.
3.2.3 Tracking Data: we use technologies to track the
activity on our App and hold certain information.
3.3 All the information we collect is stored securely in our database located in Paris, France.
4.1 When you use our App, you can create audio and video recordings to answer questions that the App presents to you, this is part of the core functionality.
4.2 We keep track of your progress in the App, including questions unlocked and completed.
4.3 This information helps us show your progress and enable you to unlock more questions.
4.4 All your media files are stored securely with encryption in AWS Paris, and you can delete them at any time. Backup copies are maintained for disaster recovery in AWS Stockholm and progress and metadata are stored in our database accessible only to authorized users.
5.1 Our App allows users to share content with other family members by joining a shared space. Any content that you or other family members post will be visible and accessible to all members of that space.
5.2 When you use our app’s family features, Memory Hunt collects
information necessary to manage your shared space. This may include:
5.2.1 Shared space’s name and its registration code;
5.2.2 Name, email address, role (e.g. owner, member), date of user’s
creation, subscriptions, videos and audios of each family member; and
5.2.3 Status of request to join the shared space (e.g. pending,
accepted, declined).
5.3 We use this information to enable group-based features, such as sharing content, managing access, and providing group-specific notifications. All group data is stored securely and is only accessible to authorized users and administrators.
5.4 We do not share group information with third parties except as required to provide the App or comply with legal obligations.
5.5 We use this information so that you and your family can share memories and manage access within your family group. All this data is stored securely in our database, which uses strong security controls to make sure only authorized users can access it.
6.1 We may collect information about the device you use to access our App, including the device’s unique ID, operating system, and a Firebase Cloud Messaging (FCM) token that lets us send you push notifications.
6.2 If the App crashes or encounters an error, we collect error reports and technical logs to help us fix problems and improve the App. These logs only include information about the error itself and the runtime data.
6.3 All technical data is stored securely on our servers. In particular, Supabase logs are stored in Paris, France and Sentry logs are stored in Frankfurt, Germany. Access to such data is restricted to authorized personnel only.
7.1 We may send you push notifications to your mobile device to provide you updates and communications related to your use of the App. You can opt out of receiving these notifications at any time by changing the settings on your device.
7.2 If you contact us through the App or send us feedback, we collect the messages you send so we can respond to your questions or improve our App.
7.3 All information related to push notifications is managed using Firebase Cloud Messaging, while your feedback messages are stored securely in our Supabase database.
8.1 We maintain a consent log that records the user’s name, date, time, type and way of consent you provide (“Consent Records”), such as acceptance of our Terms of Services or our Privacy Policy. This log helps us demonstrate compliance with data protection laws and is securely stored for audit purposes.
8.2 You have the right to request access to, correction of, or deletion of your Personal Data (“Data-Subject Request”). To exercise these rights, please contact us at contact@memoryhunt.com. We will verify your identity and respond within the timeframe required by law. We keep a record of all such requests, including the request itself, verification steps, actions taken, and response dates.
8.3 We store all Consent Records, Age Verification Data, and Data-Subject Request logs securely in our Supabase database and email systems. These records are retained for as long as required by applicable law and are accessible only to authorized personnel.
9.1 We keep records about your subscription to our App. This includes
information such as:
9.1.1 Product you subscribed to;
9.1.2 Subscription status (active, paused, expired, or lifetime);
9.1.3 Whether your subscription is set to renew or cancel:
9.1.4 Platform you used (e.i. Apple or Google); and
9.1.5 Transaction identifiers.
9.2 These details are managed by RevenueCat and the App Stores.
9.3 All payments are handled securely by the App Stores. We do not receive or store your credit card information.
9.4 In our database, we keep technical details related to your
subscription, such as:
9.4.1 Unique ID;
9.4.2 When your subscription was created and last updated;
9.4.3 Product identifier;
9.4.4 When your subscription ends;
9.4.5 Which App Store you used; and
9.4.6 Subscription status.
10.1 We use the information we collect for various purposes, including:
10.1.1 To provide and maintain our App (Art. 6(1)(b) and Art. 6(1)(f));
10.1.2 To ensure the security, integrity, and stability of our App (Art.
6(1)(f)) and Art. 6(1)(c));
10.1.3 To send you service messages, reminders, updates (Art. 6(1)(b),
Art. 6(1)(f)) - for device-level push - Art. 6(1)(a));
10.1.4 To manage subscriptions and purchases (Art. 6(1)(b)) and Art.
6(1)(f));
10.1.5 To gather analysis or valuable information so that we can improve
our App (Art. 6(1)(f)); and
10.1.6 To comply with legal obligations (e.g. Consent Records,
Data-Subject Request, safeguarding users) (Art. 6(1)(c)) and Art. 6(1)(f)).
11.1 We may share your information with third-party service providers
set out in the Annex 1 (“Data Processing Subprocessors”) who assist with:
11.1.1 App operations (with Supabase, AWS, Firebase, RevenueCat and
Sentry); and
11.1.2 Payment processing (with the App Stores);
11.2 These Data Processing Subprocessors are authorized to use your information only as necessary to provide these services to us.
11.3 We do not sell your Personal Data to third parties.
12.1 In relation to any Personal Data that is transferred from Memory Hunt to any of its Data Processing Subprocessors in connection with the App, from the European Economic Area (EEA) to a third country which is not deemed to have adequate safeguards in place within the meaning of Data Protection Legislation (“Third Countries”), Memory Hunt will (i) procure that any international transfer to its Data Processing Subprocessors located outside the EEA will be made in accordance with a valid lawful transfer mechanism under the Data Protection Legislation, and (ii) where required, carry out the necessary transfer risk assessment so as to ensure any international transfers of Personal Data to Third Countries comply with Data Protection Legislation.
13.1 We will erase Personal Data from any computers, storage devices and storage media that are to be retained as soon as practicable after it has ceased to be necessary for us to retain such Personal Data under applicable Data Protection Legislation and our Privacy Policy (save to the extent (and for the limited period) that such information needs to be retained by an entity for statutory compliance purposes or as otherwise required by the contract), and taking all further actions as may be necessary to ensure our compliance with Data Protection Legislation and our Privacy Policy.
13.2 We use trusted Data Processing Subprocessors to help us operate our App. Each Data Processing Subprocessors may retain your data for different periods, as shown below. Where possible, we specify the exact retention period; otherwise, we explain the criteria used:
| Subprocessor | Type of Data | Retention Period |
|---|---|---|
| Sentry | Error logs / Diagnostics | 90 days |
| Supabase | Usage logs | 7 days |
| RevenueCat | Subscription meta | Duration of subscription + 3 years |
| AWS S3 | Backups | 150 days |
13.3 At the end of the retention period, your Personal Data will be anonymized and retained only in aggregate form, ensuring that it cannot identify you personally.
13.4 You have the right to request the deletion of your Personal Data at any time. To exercise this right, please contact us at contact@memoryhunt.com. We will verify your identity and process your request in accordance with applicable laws. If you request deletion of your account, we will remove your Personal Data within 30 days unless a longer retention period is required or permitted by law. If your request is complex, we may extend this period by up to two additional months and will notify you of any such extension.
14.1 We apply privacy-by-design principles and implement technical and
organizational measures to protect your Personal Data against
unauthorized access, use, disclosure, alteration, or destruction. These
measures include, but are not limited to:
14.1.1 Encrypting your data:
a) When it is stored (“at rest”), with strong key management practices,
b) When it is sent over the internet (“in transit”) using
industry-standard protocols like TLS;
14.1.2 Access controls to encrypted data using the following methods:
a) Secure, time-limited, scoped links for uploading and downloading
media files, so your files are only accessible to you and those you authorize,
b) Data access controls within our databases (e.g., row-level access
constraints),
c) Limit access to only those employees or service providers who need
it to perform their job (“least-privilege access”);
14.1.3 Network-level protections (such as firewalls and traffic
filtering) to reduce exposure to unauthorized access and common attack
vectors;
14.1.4 Encrypted backups and disaster-recovery procedures designed to
restore availability and access to Personal Data in a timely manner following an incident.
14.2 However, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.
15.1 If you are using the App on behalf of another person (such as an elderly or vulnerable user), you are responsible for ensuring that you have the legal authority to act on their behalf and to share their Personal Data. We do not provide any in-app mechanism for proxy consent.
16.1 European and UK residents, as a data subject, have the following rights: access, rectify, erase, restrict, port, object, and not to be subject to automated decision-making.
16.2 Uruguayan residents may have rights to access, correct, update, and delete Personal Data, subject to legal exceptions.
16.3 California residents have the right to request access to their Personal Data, request deletion, opt out of the sale of their Personal Data and not be discriminated against for exercising privacy rights.
16.4 To exercise your rights set out above, please email us at contact@memoryhunt.com. We may need to verify your identity and account ownership before processing your request. We do not provide a web form for these requests.
17.1 Memory Hunt may, from time to time, make changes to these Privacy Policy. When we make material changes to the Privacy Policy, we will provide you with prominent notice as appropriate under the circumstances (e.g. by displaying a prominent notice within the App or by sending you an email). Your continued use of the App after such changes will constitute your acceptance of the changes.
18.1 This Privacy Policy is meant to be read alongside our Terms of Service. Together, they explain your rights and responsibilities when using our App. If you have questions about how these documents work together, please review both or contact us for more information.
As at the Effective Date of this Privacy Policy the list of Data Processing Subprocessors is as follows:
| Data Processing Subprocessor | Type of Processing | Type of Data | Location |
|---|---|---|---|
| Supabase | Database and authorization | Account data, metadata, family data | Paris, France |
| AWS S3 | Media storage | Audio/video files | Paris, France (primary), Stockholm, Sweden (disaster recovery) |
| Amazon CloudFront | Media delivery | Signed URL request metadata (headers) | Global CDN |
| Firebase Cloud Messaging | Push delivery | Device tokens, notification payloads | Global service |
| RevenueCat | Subscription management | Subscription status, receipt IDs | USA |
| Apple App Store Connect | Billing | Transaction data | USA |
| Google Play Console | Billing | Transaction data | As per Google’s regional data hosting policies |
| Sentry | Error logging | Error traces, device/OS info | Frankfurt, Germany |