Privacy Policy

Last updated: 10 June 2026

Who We Are

POWER MEMORY ("we", "us") is a Memory as a Service platform operated from the United Kingdom. We provide AI memory vaults that let you store, organise, and retrieve personal context across Claude, ChatGPT, and Grok surfaces via MCP (Web, Desktop, Android, iOS) and via our browser extension for Chrome and compatible browsers, which works on Google Gemini, Microsoft Copilot, and Perplexity.

Contact: contact@powermemory.ai

Data Controller: POWER MEMORY is the Data Controller for account data (email, hashed API keys). You are the Data Controller for the memory content you store in your vault; we act as Data Processor on your behalf.

Jurisdiction: Infrastructure is hosted in the European Union (Germany). POWER MEMORY is registered with the UK Information Commissioner's Office (registration number C1909512).

Relationship to AI providers: POWER MEMORY is an independent third-party service. We are not affiliated with, endorsed by, or sponsored by Anthropic, PBC or any other AI provider. "Claude" is a trademark of Anthropic, PBC.

What We Collect

We collect the minimum data needed to provide our service:

Email address — used for authentication via magic link. We do not collect your name, phone number, physical address, or any other personal identifiers.
Memories — text content you choose to store in your vault. You control what goes in and what gets deleted.
API keys — hashed cryptographic keys for MCP access. We store only the hash, never the full key.
Terms acceptance records — when you accept our Service Notice, we record the notice version, the time of acceptance, your browser's user-agent, and a truncated cryptographic hash of your IP address (which cannot be reversed to identify you), solely as evidence of the agreement. Retained for the life of your account plus 6 years.

What We Do NOT Collect

Names, phone numbers, or physical addresses
Payment information (free tier only at this time)
Analytics, tracking pixels, or third-party cookies
IP addresses for profiling or advertising
Browsing history or device fingerprints

How We Protect Your Data

Your memories are encrypted at rest using SQLCipher (AES-256 encryption). All connections use TLS 1.2+ (HTTPS). API keys are stored as SHA-256 hashes — we never store the original key. Session tokens are HTTP-only, secure cookies with strict SameSite policy.

Third-Party Services

We use three third-party services:

Resend (email delivery) — processes your email address solely to deliver magic link authentication emails. Region: EU (Ireland). Resend Privacy Policy.
Contabo GmbH (infrastructure hosting) — provides the servers where your encrypted memory vault is stored. Region: EU (Germany). Data is encrypted at rest; Contabo does not have access to unencrypted vault contents. Contabo Privacy Policy.
Cloudflare, Inc. (edge CDN, DDoS protection, DNS) — processes HTTP request metadata (IP, user-agent) to protect our infrastructure from attacks. No memory content transits Cloudflare in unencrypted form. Region: Global. Cloudflare Privacy Policy.

We do not use Google Analytics, Facebook Pixel, or any advertising or tracking services. We do not sell, share, or trade your data with anyone.

Cookies

We use a single cookie:

session — a JWT authentication token. HTTP-only, Secure, SameSite=Lax. Expires after 30 days. No tracking, no analytics, no third-party cookies.

Your Rights (GDPR)

Under UK GDPR, you have the right to:

Access — view all memories stored in your vault via the dashboard or MCP API.
Delete — remove any or all memories at any time. Delete your account from your dashboard (Security → Danger zone), or by emailing us.
Export — retrieve all your data via the MCP API (memory_read).
Rectify — edit memories by deleting and re-creating them.
Object — contact us to object to any processing.

To exercise any right, email contact@powermemory.ai. We respond within 30 days.

Data Retention

Your memories are stored until you delete them. Magic link tokens expire after 15 minutes and are marked as used. If you delete your account, all data is permanently removed after a 14-day grace period — and in any event within 30 days.

Children

POWER MEMORY is not intended for children under 16. We do not knowingly collect data from children.

Browser Extension (Chrome & Compatible)

The PowerMemory browser extension is an additional client surface that connects to the same vault as our web app. When you install and authorize the extension, the following applies in addition to the policies above:

What the extension stores locally (chrome.storage.local)

  • pm.auth — your access token, encrypted with AES-GCM (v2 envelope). Refresh tokens are stored encrypted only if your authorization granted them.
  • pm.last_saved — timestamp and ID of your most recent memory save, used to display confirmation states.
  • pm.last_seen — per-category timestamps for "NEW badge" tracking. Local-only triage state.
  • pm.acknowledged_ids — list of memory IDs you have manually acknowledged via the ✓ button. Local-only flag, never sent to the server.

No analytics, no fingerprinting, no telemetry. The extension does not collect or transmit data beyond what you explicitly trigger (save a memory, inject a memory, request your vault).

AI platforms the extension runs on

The extension injects a small UI (Save button + side panel) into the following AI chat platforms when you visit them: Google Gemini, Microsoft Copilot, and Perplexity. The extension reads page content (selected text, input draft, or the most recent AI response) only when you explicitly trigger a save — there is no passive monitoring, scraping, or background collection. Claude, ChatGPT, and Grok are reached separately via MCP connectors, not via this extension.

Authentication

The extension authenticates via OAuth 2.1 with PKCE (no client secret, no password handling). Your token is bound to your PowerMemory account; revoke at any time from your dashboard.

Permission justifications

  • alarms — Keep the service worker alive long enough to refresh authentication tokens.
  • storage — Local encrypted token cache and UI state.
  • identity — Run OAuth 2.1 PKCE flow via chrome.identity.launchWebAuthFlow to authorize the extension against your PowerMemory account. Only the powermemory.ai/oauth/* endpoints are contacted.
  • host_permissions for gemini.google.com, copilot.microsoft.com, and www.perplexity.ai — Inject the UI on those pages and read page content only when you click Save.

Distribution

The extension is distributed via the Chrome Web Store. We do not receive analytics from the Chrome Web Store beyond aggregate install counts.

Changes

We may update this policy. Material changes will be communicated via email to registered users. The "last updated" date at the top reflects the latest version.

California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the CCPA:

  • Right to Know: You may request what personal information we collect, use, and retain about you.
  • Right to Delete: Delete your account from your dashboard (Security → Danger zone), or by emailing us. Subject to legal retention exceptions.
  • Right to Opt-Out of Sale: We do not sell personal information to third parties. There is nothing to opt out of.
  • Right to Non-Discrimination: We will not deny service, charge different prices, or provide a different quality of service because you exercised your CCPA rights.

To exercise these rights, contact us using the email or postal address in the Contact section.