Privacy Policy

Last updated: March 2, 2026

1. Who we are

Memobase ("we", "us", "our") operates the Memobase memory service available at memobase.ai and the MCP API endpoint at mcp.memobase.ai. We provide persistent long-term memory for AI agents via the Model Context Protocol (MCP).

2. Data we collect

  • Memory content — text snippets you or your AI agent explicitly store using the store_memory tool.
  • Vector embeddings — numerical representations of your memories used for semantic search. These are derived from your memory content.
  • Account identifiers — your user ID from our authentication provider (Zitadel) and, if you subscribe, your Stripe customer ID.
  • Usage data — counts of memory operations per month, used solely for billing quota enforcement.
  • Server logs — standard HTTP access logs (IP address, request path, timestamp) retained for up to 30 days for security and debugging.

We do not collect your full conversation history, AI prompts, or any data beyond what you explicitly store as a memory.

3. How we use your data

  • To store, retrieve, and delete your memories as directed by you or your AI agent.
  • To enforce monthly usage quotas and manage billing via Stripe.
  • To monitor service health and investigate security incidents.
  • To improve the service — only in aggregate and anonymised form, never individual memory content.

We never sell your data or use memory content to train AI models.

4. Data storage and security

Your memories and embeddings are stored in an encrypted PostgreSQL database hosted on AWS RDS in the us-east-1 region. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access is restricted by row-level security — each user can only access their own memories.

Billing is processed by Stripe. We never store full credit card details.

5. Data sharing

We share data with the following third-party processors only:

  • Stripe — payment processing and subscription management.
  • OpenAI — generating vector embeddings from your memory content. Memory text is sent to OpenAI's embeddings API; it is subject to OpenAI's API data usage policy.
  • AWS — cloud infrastructure (compute, database, storage).

We do not share your data with any other third parties.

6. Your rights

You have the right to:

  • Access your stored memories at any time via the search_memory tool.
  • Delete individual memories using the forget_memory tool.
  • Request full deletion of all your data by emailing us. We will delete all your memories, embeddings, and account data within 30 days.
  • Data portability — request an export of your memories in JSON format.

7. Retention

Your memories are retained until you delete them or close your account. Usage counters are reset monthly. Server logs are retained for 30 days. Billing records are retained as required by law (typically 7 years).

8. Children

Memobase is not directed at children under 13. We do not knowingly collect data from children under 13.

9. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.

10. Contact

Questions about this policy? Email us at privacy@memobase.ai.