Data Usage & Processing Terms

Last Updated: December 30, 2025

1. Definitions

1.1 "User Data" refers to all data that the user provides, authorizes access to, or that is synchronized from third-party platforms (including but not limited to Notion, Slack, Google Workspace, Email, Calendar, IM tools) through the use of the Service, including but not limited to text, files, messages, metadata, timestamps, and any derived or processed content.

1.2 "Processing" means any operation performed on User Data, whether automated or not, including but not limited to collection, storage, parsing, structuring, indexing, analysis, summarization, retrieval, deletion, or export.

1.3 "Service" refers to the AI-powered memory, knowledge management, data aggregation, and related software and services provided by the Company.

2. Data Ownership

2.1 Users retain full ownership of their User Data.

2.2 The Company does not claim any ownership, intellectual property rights, or derivative rights over the User Data itself.

2.3 Users grant the Company a limited, revocable, non-exclusive license to process User Data solely for the purpose of providing the Service in accordance with these Terms and user instructions.

3. Purpose and Scope of Data Use

The Company processes User Data only to the extent necessary for the following purposes:

3.1 Core Service Functionality

  • Data synchronization, storage, indexing, and search
  • Generation of to-do items, summaries, meeting notes, and memory records
  • Conflict detection, timeline aggregation, deduplication, and merging

3.2 User-Initiated AI Processing

  • Summarization, structuring, and tagging
  • Analysis, review, or Q&A explicitly requested by the user

3.3 Service Reliability and Security

  • Logging and debugging
  • Abuse prevention, attack detection, and system security

4. AI and Model Usage

4.1 User Data is processed solely to provide AI inference and functionality for the individual user.

4.2 By default, User Data is not used to train general-purpose AI models.

4.3 If anonymized or de-identified data is used in the future to improve models or services, the Company will:

  • Provide prior notice
  • Offer an explicit opt-in mechanism
  • Ensure no impact on users who do not opt in

5. Third-Party Data Sources and Authorization

5.1 When users authorize the Service to access third-party platforms via OAuth or other methods, users represent that they have the lawful right to grant such access.

5.2 The Company accesses and processes third-party data only within the scope of the authorization granted and in compliance with applicable third-party platform policies.

5.3 Users may revoke third-party access at any time, after which the Company will cease further synchronization of the relevant data.

6. Data Storage and Security

6.1 The Company implements reasonable technical and organizational measures to protect User Data, including but not limited to:

  • Encryption in transit and at rest
  • Access control and permission isolation
  • Least-privilege access principles
  • Periodic security reviews

6.2 User Data is stored on secure cloud infrastructure. Storage locations may vary depending on service deployment and availability.

7. Data Retention and Deletion

7.1 Users may, at any time, through product features or written request:

  • Export their User Data
  • Delete part or all of their User Data

7.2 Upon data deletion or service termination:

  • The Company will delete User Data within a reasonable timeframe
  • Except where retention is required by applicable law

8. Data Sharing and Disclosure

8.1 The Company does not sell, rent, or trade User Data to third parties.

8.2 User Data may be disclosed only in the following circumstances:

  • Upon explicit user instruction or authorization
  • To infrastructure or service providers strictly necessary to deliver the Service
  • Where required by law, regulation, or lawful governmental request

9. Compliance and Cross-Border Transfers

9.1 The Company is committed to complying with applicable data protection laws and regulations, including but not limited to GDPR and CCPA, where applicable.

9.2 Where cross-border data transfers occur, appropriate lawful safeguards will be implemented.

10. User Responsibilities

10.1 Users represent and warrant that they have the legal right to provide or authorize access to the User Data and that such data does not infringe the rights of any third party.

10.2 Users are responsible for assessing the compliance implications of connecting data sources to the Service, including internal policies and regulatory obligations.

11. Updates to These Terms

11.1 The Company may update these Terms from time to time due to legal, regulatory, or service changes.

11.2 Material changes will be communicated through reasonable means. Continued use of the Service constitutes acceptance of the updated Terms.

12. Contact Information

For any questions regarding these Data Usage & Processing Terms, please contact:

📧 bussiness@supermem.io