Privacy Policy

Last updated: May 23, 2026

This Privacy Policy explains how dmem, operated by DH Cyber Marketing Inc. ("we," "us," or "our"), collects, uses, shares, and protects information when you use dmem (the "Service"). We've tried to write this in plain English. If anything is unclear, email legal@dmem.ai.

What We Collect

We collect the following categories of information:

Account information. When you sign up, we collect your email address and authentication credentials. Billing information (name, payment method) is collected and processed by our payment processor (Stripe); we do not store full payment card numbers on our servers.

Memory data. This is the core of the Service. When you use dmem, we store summaries of your conversations with AI agents — not the raw conversations themselves. These summaries are what get indexed and searched when your agent calls memory_search.

Usage data. We log API requests (timestamps, endpoints called, response sizes, error codes) for operational purposes: debugging, abuse prevention, billing, and capacity planning.

Technical data. We log IP addresses, user agent strings, and similar metadata associated with requests. This is used for security, abuse prevention, and operational diagnostics.

We do not collect: location data beyond what IP addresses imply, browsing history outside the Service, contact lists, device sensors, or any data from third-party tracking SDKs (we don't use any).

Why We Process This Data

We process your data on the following legal bases (relevant for GDPR users) and for the following purposes:

Data	Purpose	Legal basis (GDPR)
Account info	Authenticating you, providing the Service	Performance of contract
Billing info	Processing payments	Performance of contract
Memory data	Storing and retrieving your memories	Performance of contract
Usage data	Operating, securing, and improving the Service	Legitimate interest
Technical data	Security, abuse prevention, diagnostics	Legitimate interest
Tax records and similar	Legal compliance	Legal obligation

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

How We Store It

All data is stored on encrypted EBS volumes using AES-256 encryption at rest.
Data in transit is protected via TLS 1.2 or higher.
Access to production systems is restricted to necessary personnel only.
We do not use third-party analytics or advertising SDKs.

Third Parties and Sub-processors

To operate the Service, we share data with the following sub-processors:

Amazon Web Services (AWS) — hosting infrastructure (compute, storage, networking). Your memory data resides on AWS EC2 instances and EBS volumes.
Stripe — payment processing. Stripe receives your billing information directly; we do not store full payment card details.
Ollama Cloud — when our local model capacity is insufficient, we send memory data to Ollama Cloud for summarization and synthesis.
Anthropic — we use Anthropic's API for certain memory operations (such as synthesizing search results into answers). Memory data may be sent to Anthropic for processing.

We may add, remove, or substitute model providers and sub-processors over time as the underlying infrastructure evolves. If we make material changes to the sub-processors who handle memory data, we'll update this policy and, where material, notify users via email or dashboard notice.

All of our sub-processors are bound by their own terms regarding data handling. We do not sell your data to anyone.

Cookies

We use a small number of cookies that are necessary for the Service to function — for example, to keep you logged in to your dashboard. We do not use cookies for analytics, advertising, or cross-site tracking, and we don't allow third parties to set cookies through our Service.

Data Retention and Deletion

We retain memory data indefinitely while your account is active, so that your agents can search across your full history.

You can delete your data at any time:

From the dashboard. Use the data management section to delete individual memories or all memories.
Via the /delete-data page. This wipes all memory data associated with your account.

When you delete data, it is removed from our live systems immediately. Backups containing deleted data are purged within 30 days through our normal backup rotation.

When you close your account, all associated memory data is deleted on the same schedule. We may retain a minimal record of the account (such as billing records required for tax compliance) for as long as required by law.

International Data Transfers

dmem's servers are located in the United States. If you are outside the US, your data will be transferred to, stored, and processed in the US. By using the Service, you acknowledge this transfer. For EEA/UK/Swiss users, we rely on Standard Contractual Clauses where applicable to provide an adequate level of protection.

Security and Breach Notification

We take reasonable measures to protect your data, as described under "How We Store It." However, no system is perfectly secure.

If we become aware of a data breach affecting your personal data, we will notify affected users within 72 hours of discovery, in accordance with applicable law. Notifications will be sent to the email address associated with your account and will describe what we know about the incident, what data was affected, and what steps you can take.

GDPR — European Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent UK and Swiss laws:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — request correction of inaccurate data.
Right to erasure — request deletion of your personal data ("right to be forgotten"). For memory data, you can exercise this directly via the dashboard or /delete-data page.
Right to restriction — request that we restrict processing of your data.
Right to portability — request your data in a portable, machine-readable format.
Right to object — object to our processing of your data where we rely on legitimate interests.
Right to withdraw consent — where we rely on consent as the legal basis. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, email legal@dmem.ai. We will respond within one month, extendable by up to two further months for complex requests (we will let you know if an extension is needed). If you believe we have not adequately addressed your request, you have the right to lodge a complaint with your local data protection authority.

California (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

Categories of personal information collected in the last 12 months:

Identifiers (email address, IP address)
Commercial information (subscription and billing records)
Internet or other network activity (usage logs, API request metadata)
Inferences drawn from the above (none beyond operational diagnostics)

We do not collect sensitive personal information as defined under CPRA.

Sources: information collected directly from you, and automatically generated through your use of the Service.

Business purposes: providing the Service, billing, security and abuse prevention, legal compliance.

Third parties we share with: the sub-processors listed above (AWS, Stripe, Ollama Cloud, Anthropic) for the purpose of providing the Service. We do not share personal information with third parties for their own marketing or cross-context behavioral advertising.

Your rights:

Right to know what personal information we collect and how it's used.
Right to delete personal information.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information. We do not sell or share personal information, so there is nothing to opt out of, but we are required to inform you of this right.
Right to non-discrimination for exercising any of these rights.

To exercise these rights, email legal@dmem.ai.

Other U.S. State Privacy Rights

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, or another U.S. state with a comprehensive consumer privacy law, you generally have rights similar to those described above: the right to know, access, correct, delete, and (where applicable) opt out of certain processing or sales. We do not sell personal information or use it for targeted advertising. To exercise any applicable rights under your state's law, email legal@dmem.ai.

Children

dmem is not intended for and may not be used by anyone under 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it. If you believe a child has provided us with personal information, please contact legal@dmem.ai.

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or via a notice in the dashboard at least 30 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

Contact

Privacy questions, data requests, or anything else: legal@dmem.ai.