Coming soon — MemGhost is in private beta. Join the waitlist

Privacy Policy

Last updated: May 4, 2026

MemGhost ("we", "us", "our") operates the MemGhost platform at my.memghost.com (the "Service") and the marketing website at memghost.com (the "Site"). This policy explains what data we collect, why, and what rights you have.

The short version

  • We do not train AI models on your data.
  • We do not sell your data to anyone.
  • We do not use tracking cookies or third-party analytics on the marketing site.
  • You can export all your data as JSON at any time.
  • You can delete your account and all associated data at any time.
  • Self-hosted users: your data never touches our servers.

1. Data we collect

Account information

When you create an account, we collect:

  • Username and password (password is hashed with bcrypt, never stored in plaintext)
  • Email address (optional, used for account recovery if provided)

Content you create

The Service stores the content you capture: vault items, notes, hub pages, Space conversations, artifacts, webhook data, tags, and classifications. This is the core of what MemGhost does for you.

Usage metadata

We collect minimal usage metadata to operate the Service:

  • Capture counts and session counts (for tier enforcement)
  • Storage usage (for tier enforcement)
  • Timestamps of account activity (login, last active)

We do not collect IP addresses, device fingerprints, browser information, or location data.

Payment information

Payments are processed by Stripe. We do not store credit card numbers or payment details on our servers. Stripe's privacy policy governs payment data: stripe.com/privacy.

2. How we use your data

  • To provide the Service — storing your content, running AI classification, materializing hub pages, powering Spaces
  • To enforce tier limits — counting captures, sessions, and storage against your plan
  • To send transactional emails — account recovery, billing receipts (no marketing emails unless you opt in)

3. AI and third-party processing

When you use AI features on the cloud Service, certain data is sent to AI providers for processing:

  • Classification prompts — a summary of your captured item is sent to determine its type and metadata
  • Hub materialization prompts — source item summaries are sent to synthesize hub page content
  • Space chat messages — your messages in Space conversations are sent for AI responses

We use Anthropic as our primary AI provider. Anthropic does not train on data sent through their API. See Anthropic's privacy policy.

What is NOT sent to AI providers: your raw vault items, webhook payloads, rules, schemas, file attachments, or any data beyond what's needed for the specific AI operation.

Self-hosted users

If you self-host MemGhost, no data is sent to our servers. If you configure a cloud AI provider (Anthropic, OpenRouter), AI prompts are sent directly from your server to that provider. If you use local Ollama, nothing leaves your network.

4. Data storage and security

  • Data is stored in PostgreSQL on AWS infrastructure in the us-east-1 region
  • All connections use TLS encryption in transit
  • Database backups are encrypted at rest
  • Access to production infrastructure is restricted to authorized personnel

5. Data retention

  • Active accounts — data is retained for as long as your account is active
  • After cancellation — data is retained for 30 days, then permanently deleted
  • Account deletion — all data is permanently deleted within 30 days of your request
  • Backups — backup copies are purged within 90 days of deletion

6. Your rights

You have the right to:

  • Access — view all data associated with your account
  • Export — download all your data as JSON at any time from account settings
  • Delete — permanently delete your account and all associated data
  • Correct — update or correct your account information
  • Port — move to self-hosted MemGhost with your exported data

To exercise these rights, use the account settings in the app or contact us at the address below.

7. Cookies

Marketing site (memghost.com): No cookies. No analytics. No tracking scripts. The only client-side storage is a theme key in localStorage for dark mode preference.

App (my.memghost.com): We use a single HTTP-only authentication cookie to maintain your session. No third-party cookies, no tracking cookies, no advertising cookies.

8. Changes to this policy

We may update this policy from time to time. We will notify users of material changes via the app and update the "Last updated" date above. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy questions or to exercise your data rights:
Email: privacy@memghost.com