Privacy Policy

Last updated: 2026-07-16

MemoEcho ("the Service") respects your privacy. This policy explains what information we collect through our app and website, and how we handle it.

1. Information we collect

Account information: email address, password (stored hashed — never in plain text), display name, avatar, interface language, and timezone.

Usage information: playback history (track, playback type, timestamp), favorites, playlists, and notification read state.

Technical information: IP address, user agent (device, OS and browser type), and login session records. Used to prevent abuse and to determine regional availability.

Order information: if you order a custom song, the story and requirements you submit, your contact details, messages exchanged with our team, and delivered files.

We do not run advertising trackers and embed no third-party advertising SDKs. We do not access your contacts, location, photos, or microphone.

2. How we use information

To provide the Service: sign-in, music delivery and playback, and syncing favorites and playlists.

To process, produce, deliver, and support custom song orders.

To send transactional email: address verification, password resets, and important notices.

To detect and prevent unauthorized access or abuse, and to comply with applicable law.

To improve the Service through aggregated, statistical analysis.

3. Third parties and processors

We do not sell your personal information. We share it only with the processors below, and only as needed to run the Service.

Amazon Web Services: server and database hosting.

Cloudflare R2: storage and delivery (CDN) of audio and image files.

Stripe: payment processing for custom song orders. Card numbers are collected directly by Stripe and are never stored on our servers.

Resend: delivery of transactional email such as verification and password reset messages.

We may also disclose information where required by law.

4. Retention

Account information is retained while your account is active.

Playback history and technical logs are deleted or anonymized within 24 months of collection.

Order and payment records are retained for as long as legally required.

On an account deletion request, we delete your data within 30 days, except where law requires us to retain it.

5. Your rights

You may request access to, correction of, deletion of, or restriction of processing of your personal information.

Send requests to [email protected]. We will verify your identity and respond as required by applicable law.

6. Children’s privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them.

If we learn that we hold information belonging to a child under 13, we will delete the account and the data promptly. Please contact us at the address above if you believe this has occurred.

7. International transfers

Our servers and processors may be located outside your country. Your information may be transferred and stored abroad, subject to appropriate safeguards under applicable law.

8. Security

We apply reasonable safeguards including encrypted transport (HTTPS), password hashing, and access controls. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

9. Changes to this policy

We may update this policy. If we make material changes we will post them on this page and update the date shown above.

10. Contact

Questions about this policy: [email protected]

Personal data requests: [email protected]