This Privacy Policy explains howGemora ("Gemora," "we," "us," or "our") collects, uses, shares, and protects information when you use our apps, websites, and related services (the "Service").
If you do not agree with this Privacy Policy, please do not use the Service.
1. Who We Are (Controller/Business)
- Company/Operator: Gemora Inc.
- Support Email: support@gemora.app
- Privacy Email: privacy@gemora.app
- Website: https://gemora.app
Depending on your location, Gemora may act as a data controller (or "business") for personal data processed under this Policy.
2. Quick Summary (Plain English)
- You provide content such as messages, notes, files, photos, or audio when you choose to use those features. We process it to deliver the Service, including AI-assisted features and personalization ("Memory").
- You can control Memory (view/edit/delete) where the feature exists.
- We use trusted infrastructure and vendors (e.g., hosting, analytics, payment processors, AI providers) to run the Service.
- We do not sell your personal data.
- We use reasonable security measures, but no system is perfect.
- You have rights over your data (access, delete, correct, etc.) depending on where you live.
3. Information We Collect
We collect information in these categories:
3.1 Information You Provide
- Account information: name, email, username, profile photo (optional), authentication details (hashed/secured).
- User Content: messages, prompts, notes, journal entries, uploaded files, images, documents, and anything else you submit to the Service.
- Voice and audio content: microphone input, voice recordings, transcripts, and generated audio when you use voice features.
- Camera, photos, and files: images, videos, documents, and related metadata when you choose to capture, pick, or upload them.
- Memory data: information you choose to save, and structured data created from your interactions (e.g., summaries, tags, preferences) for personalization.
- Support communications: messages you send to support, bug reports, feature requests.
- Payment information (if applicable): subscription status, billing metadata, transaction IDs. Payment card details are handled by our payment processor, not stored directly by us.
3.2 Information We Collect Automatically
- Device and usage data: device type, OS version, app version, language, time zone (approx.), usage events (e.g., feature interactions), crash logs.
- Log data: IP address, timestamps, request metadata, error logs.
- Approximate location: derived from IP address (city/region-level), not precise GPS unless you explicitly grant permission and a feature requires it.
3.3 Cookies and Similar Technologies (Web)
If you use the website, we may use cookies/local storage for:
- keeping you logged in
- remembering preferences
- analytics and performance
- security and fraud prevention
You can control cookies via your browser settings. Some features may not work without them.
3.4 Sensitive Information
Note: Avoid submitting passwords, one-time codes, full payment card numbers, government ID numbers, or similar sensitive information unless the Service specifically requests it for a feature.
4. How We Use Your Information
We use information for the following purposes:
4.1 Provide and Operate the Service
- Create and manage your Account
- Deliver core features (chat, journaling, planning, retrieval)
- Generate AI-assisted responses and summaries
- Maintain "Memory" and personalization features (as configured by you)
- Provide customer support and communicate with you
4.2 Improve and Secure the Service
- Debugging, performance monitoring, and crash diagnostics
- Prevent abuse, spam, fraud, and security incidents
- Enforce our Terms of Service and policies
- Develop new features and improve user experience
4.3 Payments and Subscriptions (if applicable)
- Process subscriptions, manage renewals/cancellations
- Handle billing-related support
- Comply with tax and accounting requirements
4.4 Legal Compliance
- Comply with legal obligations and lawful requests
- Protect rights, safety, and property of users, Gemora, and others
5. AI Processing and "Memory"
Gemora provides AI-assisted features that process your inputs to generate responses, summaries, and related app functionality.
5.1 What AI Sees
To respond to your request, the Service may process:
- your latest message/prompt
- relevant prior conversation context
- relevant Memory items (if enabled)
- optional files you provide (if you use file-based features)
5.2 Memory: What It Is and How It Works
"Memory" is information stored to improve personalization (e.g., preferences, recurring context, summaries). Memory may be:
- explicitly saved by you
- automatically suggested/derived based on your use (depending on settings)
5.3 Your Controls
Where available, you can:
- view Memory items
- edit or delete Memory items
- adjust whether Memory is enabled and what categories may be stored
5.4 Model Training / Improvement
We do not use your private User Content (including chats and Memories) to train generalized AI foundation models unless you explicitly opt in, or the content is first de-identified/aggregated to a level that cannot reasonably be linked back to you.
When we use third-party AI providers, we require them to process data only to provide the Service, consistent with our contracts and configurations where available.
Note: AI-assisted output may be incomplete or inaccurate and is provided for general information and productivity support.
6. Legal Bases for Processing (EEA/UK and Similar Regions)
If you are located in the EEA/UK (or where similar laws apply), we process personal data under these legal bases:
- Contract: to provide the Service you request
- Legitimate interests: to secure, improve, and maintain the Service (balanced against your rights)
- Consent: where required (e.g., certain cookies, optional features, marketing emails)
- Legal obligation: to comply with law, tax, accounting, and lawful requests
7. How We Share Information
We share information only as described here:
7.1 Service Providers (Processors)
We use vetted vendors to operate the Service, such as:
- Cloud hosting & storage: Google Cloud Platform, AWS, Supabase
- AI model providers / inference services: Google AI, OpenAI
- Analytics & crash reporting: Firebase Analytics
- Customer support tools: Internal support system
- Payment processors: Stripe, Apple App Store, Google Play, RevenueCat
- Authentication providers: Firebase Authentication, Google Sign-In, Sign in with Apple, and Facebook Login when you choose those login methods.
They may process personal data only to provide services to us, under contractual obligations.
7.2 Legal, Safety, and Rights
We may disclose information if we believe it is reasonably necessary to:
- comply with law, regulation, legal process, or lawful requests
- protect safety, rights, and property of users, Gemora, or others
- investigate and prevent fraud, abuse, or security incidents
7.3 Business Transfers
If Gemora is involved in a merger, acquisition, reorganization, or asset sale, your information may be transferred as part of that transaction. We will provide notice if required by law.
7.4 We Do Not Sell Personal Data
We do not sell your personal data in the ordinary meaning of "sell." If laws define "sale" or "share" differently (e.g., some advertising contexts), see Region-Specific Rights below.
8. Data Retention
We retain information as long as needed to:
- provide the Service
- meet legal and accounting obligations
- resolve disputes
- enforce agreements
- maintain security and prevent abuse
Typical retention periods:
- Account data: while your Account is active, plus up to 30 days after deletion request
- Logs/security records: 90 days
- Backups: removed on rolling cycles within 30 days
- Payment records: as required by law and financial regulations
When you delete your Account, we delete or de-identify data within a reasonable timeframe, except where retention is required for legal, security, or fraud-prevention purposes.
9. Your Rights and Choices
Depending on where you live, you may have rights to:
- Access your personal data
- Correct inaccurate or incomplete data
- Delete your data
- Object to certain processing
- Restrict processing
- Port your data (data portability)
- Withdraw consent (where processing is based on consent)
9.1 How to Exercise Rights
You can exercise certain controls in-app (if available) or contact us at privacy@gemora.app. We may need to verify your identity to protect your data.
9.2 Marketing Communications
If we send marketing emails, you can unsubscribe via the link in the message or by contacting us. We may still send service-related communications (billing, security, updates).
10. International Transfers
We may process and store data in countries other than your own. When required, we use appropriate safeguards for cross-border transfers, such as:
- Standard contractual clauses (where applicable)
- equivalent legal mechanisms
Primary processing locations: United States, European Union.
11. Security
We use reasonable administrative, technical, and organizational measures to protect data, such as:
- access controls and least-privilege practices
- encryption in transit (e.g., TLS)
- monitoring and abuse detection
- regular security reviews and patching practices
No method of transmission or storage is 100% secure. You are responsible for keeping your credentials secure and using strong passwords.
12. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal data from children below that age without legally required consent. If you believe a child has provided personal data, contact us at privacy@gemora.app.
13. Third-Party Links and Services
The Service may contain links to third-party websites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party practices.
14. Region-Specific Disclosures
14.1 EEA/UK: GDPR Rights
You may have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve the issue.
14.2 California (CCPA/CPRA)
If applicable, California residents may have rights to know, access, delete, correct, and opt out of certain "sharing" as defined by law.
- Do we sell personal information? No, we do not sell personal information.
- Do we share for cross-context behavioral advertising? No.
- Sensitive personal information: We do not use sensitive personal information for purposes requiring opt-out under CPRA, except as necessary to provide the Service.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If changes are material, we will notify you by email or through the Service as required by law. The updated Policy becomes effective on the stated Effective Date.
16. Contact Us
If you have questions or requests, contact:
- Privacy Contact: privacy@gemora.app
- Support Email: support@gemora.app
- Company: Gemora Inc.
- Website: https://gemora.app
Appendix: "Memory" Controls
Memory Feature Information:
- What Memory stores: Preferences, recurring context, summaries, and information you choose to save.
- Why it helps: Personalization and improved retrieval of context you share.
- How to view/edit/delete: Use in-app Memory settings or contact support.
- How to disable: Adjust Memory settings in your account preferences.
- Note: Avoid storing passwords, one-time codes, full payment card details, government IDs, or similar sensitive information in Memory unless a feature specifically asks for it.