Memento CRM Inc.

Privacy Notice

Last updated: May 25, 2026Effective date: May 25, 2026

This Privacy Notice for Memento CRM Inc (doing business as Memento) ("Memento," "we," "us," or "our") describes how and why we collect, store, use, disclose, and otherwise process ("process") your information when you use our services ("Services"), including when you:

  • Download and use our mobile application or our web application at mementocrm.com, or any other application or website of ours that links to this Privacy Notice;
  • Create an account, manage contacts, build digital business cards, scan business cards, or use any other Memento feature;
  • Engage with us in any related way, including through sales, marketing, support, or events.

Reading this notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you have questions or concerns, contact us at privacy@mementocrm.com.

Table of Contents

  1. Summary of Key Points
  2. What Information We Collect
  3. How We Process Your Information
  4. When and With Whom We Share Your Information
  5. Cookies and Tracking Technologies
  6. How We Handle Social Logins
  7. Artificial Intelligence and Automated Processing
  8. How Long We Keep Your Information
  9. How We Keep Your Information Safe
  10. International Data Transfers
  11. Children's Privacy
  12. Your Privacy Rights
  13. Do-Not-Track Features
  14. U.S. State Privacy Rights
  15. Updates to This Notice
  16. Contacting Us
  17. Reviewing, Updating, or Deleting Your Data

Summary of Key Points

This summary highlights the main points of our Privacy Notice. You can find full detail in the sections that follow.

What personal information do we process? When you visit, register for, or use our Services, we process personal information based on how you interact with Memento, the choices you make, and the features you use.

Do we process sensitive personal information? We do not seek out sensitive personal information (such as health, biometric, or precise geolocation data). However, you may choose to enter such information into a contact record, note, or custom field. If you do, we process it solely to provide the Services to you and we do not use it for advertising, profiling, or sale.

Do we receive information from third parties? Yes. We may receive information from authentication providers (such as Auth0, Google, Apple, and LinkedIn), enrichment partners, payment processors, analytics partners, and other sources you connect to your account.

How do we process your information? We process your information to provide and improve the Services, administer your account, secure the platform, prevent fraud, comply with law, and (where you choose to participate) train and improve AI features. We do not sell your personal information.

With whom do we share information? We share information only with service providers acting on our behalf, with parties you authorize, and where required by law. See Section 4 for details.

How do we keep your information safe? We use organizational and technical safeguards, including encryption in transit, access controls, and monitoring. No system can be guaranteed 100% secure, but we work continuously to protect your data.

What about AI features? Some Memento features use AI to enhance bios, generate images, scan business cards, enrich contacts from LinkedIn, suggest follow-ups, and produce other relationship insights. We will be transparent about when AI is processing your data and, where we ever use customer content to improve our AI models, we will provide notice and a clear opt-out before that processing begins. See Section 7.

What are your rights? Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal information, and to opt out of certain uses. See Sections 11–13.

How do you exercise your rights? Email privacy@mementocrm.com or use the in-product data request flow at Settings → Privacy → Data Requests. We respond in accordance with applicable law.

1. What Information We Collect

Personal Information You Provide

We collect personal information you voluntarily provide when you register, use, or interact with the Services. Depending on the context, this may include:

  • Names and display names
  • Email addresses and phone numbers
  • Mailing and billing addresses
  • Job titles, company names, departments, and professional background
  • Usernames and authentication credentials
  • Profile photos, avatars, logos, and other uploaded media
  • Social media profiles and handles
  • Contact preferences
  • Communication content (messages, notes, and follow-up text you write within Memento)

Information About Other People (Your Contacts)

Memento is a contact and relationship management product. When you add, import, scan, or sync contacts, you provide us with personal information about other individuals (your "Contacts"). This may include their names, phone numbers, email addresses, employers, social profiles, photos, addresses, and any notes or tags you associate with them.

You are responsible for ensuring you have the legal right to share your Contacts' information with Memento under the laws that apply to you. We process Contact data on your behalf to provide the Services and do not use it to market to your Contacts.

Payment Information

If you purchase a paid subscription, payment is processed by Stripe (web) or by Apple App Store / Google Play (mobile). These providers collect payment instrument details (such as card number and security code) directly. We receive limited transaction metadata (such as plan, status, and last four digits) but do not store full payment card numbers. See the privacy notices of Stripe, Apple, and Google for details.

Authentication and Social Login Data

If you sign in using a third-party authentication provider (such as Auth0, Google, Apple, LinkedIn, or other supported identity providers), we receive the profile information that provider shares with us — typically name, email, profile picture, and a unique identifier. We use that data only as described in this notice. See Section 6.

Information Collected Automatically

When you use the Services, we automatically collect certain technical and usage information, including:

  • Device data: device type, model, manufacturer, operating system and version, unique device identifiers, mobile carrier, browser type, and screen settings.
  • Log and usage data: IP address, access times, pages or screens viewed, features used, in-app actions, error reports, crash logs, and performance information.
  • Approximate location: derived from your IP address. We do not collect precise GPS location unless you grant location permission for a specific feature (for example, attaching location to a scanned business card), and you may revoke that permission in your device settings at any time.
  • Cookies and similar technologies: see Section 5.

Mobile Device Permissions

The Memento mobile application may request access to features of your device, including the camera (to scan business cards and QR codes), contacts (to import or sync), photo library (to upload images), notifications (for reminders and updates), and NFC (to write to NFC tags). You can grant, deny, or revoke any of these permissions in your device settings.

Information From Other Sources

To improve and personalize the Services, we may receive information about you from:

  • Authentication providers (when you sign in via a third-party identity provider);
  • Enrichment partners (such as professional-data providers that help fill in missing fields for a contact you have added);
  • Analytics and attribution partners (such as Mixpanel, Segment, Adjust, and Branch);
  • Public databases and publicly available social profiles (such as LinkedIn public information used for contact enrichment you initiate).

2. How We Process Your Information

We process personal information to provide, administer, secure, and improve our Services. Specifically, we process information to:

  • Create and manage your account, including authentication, password reset, and account linking;
  • Deliver the core Services — store and sync your contacts, business cards, reminders, notes, groups, tags, and brand assets across your devices;
  • Enable sharing and exchange of digital business cards, including QR codes, NFC writes, web card pages, and contact requests;
  • Process and fulfill purchases, including subscription billing through Stripe, Apple, and Google;
  • Provide customer support and respond to your inquiries;
  • Send administrative communications, such as service updates, security alerts, billing notices, and changes to our legal terms;
  • Send marketing and promotional communications, where permitted by law and consistent with your preferences (you can opt out at any time);
  • Operate AI-powered features that you choose to use, such as bio enhancement, image generation and editing, business card scanning, contact enrichment, greeting suggestions, and the Daily Brief (see Section 7);
  • Measure, analyze, and improve the Services, including identifying usage trends, debugging, and evaluating feature adoption;
  • Protect the platform, including fraud detection, abuse prevention, security investigations, and enforcement of our Terms of Use;
  • Comply with legal obligations, including responding to lawful requests from public authorities.

We process your information based on the legal bases of contract performance (to deliver the Services you signed up for), legitimate interests (to improve and secure the Services), consent (where required, such as for marketing or certain AI-training uses), and legal obligation.

3. When and With Whom We Share Your Information

We do not sell your personal information. We share information only as described below:

Service Providers and Sub-processors

We share information with vendors that perform services on our behalf under written contracts requiring them to protect your data. Categories include:

  • Cloud infrastructure and storage: Google Cloud Platform, Firebase, Firestore
  • Authentication: Auth0
  • Payments: Stripe
  • AI and machine learning: third-party AI model providers used for specific AI features
  • Analytics and attribution: Mixpanel, Segment, Adjust, Branch
  • Error monitoring and reliability: Sentry
  • Email and transactional messaging: SendGrid
  • Contact enrichment: professional-data providers (such as People Data Labs and similar vendors)

A current sub-processor list is available on request at privacy@mementocrm.com.

Other Users

When you share your business card, send a contact request, or use Memento's exchange features, the information on that card or in that request is shared with the recipient. When you create a public card page, anyone with the link or QR code can view the information you have chosen to publish.

Google Maps Platform APIs

Some features may use Google Maps Platform APIs (such as Maps and Places). Your use of those features is also subject to Google's Privacy Policy.

Business Transfers

If Memento is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred to the successor entity, subject to this Privacy Notice (or a notice you accept at that time).

Legal Requirements and Safety

We may disclose information when we believe in good faith that disclosure is necessary to (i) comply with applicable law, legal process, or a lawful government request; (ii) enforce our Terms of Use; (iii) detect, prevent, or address fraud, security, or technical issues; or (iv) protect the rights, property, or safety of Memento, our users, or the public.

With Your Direction or Consent

We share information with third parties when you direct us to — for example, when you connect Zapier, Google Contacts, or another integration to your account, or when you send your information to a third party through Memento's sharing features.

4. Cookies and Tracking Technologies

We and our service providers use cookies, pixels, local storage, software development kits (SDKs), and similar technologies to operate, secure, measure, and improve the Services. Specific information about how we use these technologies and how you can control them is set out in our Cookie Notice (available within the web application).

Most browsers accept cookies by default but allow you to refuse them. If you reject cookies, some features of the Services may not work as intended.

5. How We Handle Social Logins

You may register or log in using a third-party identity provider (such as Google, Apple, LinkedIn, or Microsoft) through our authentication partner Auth0. When you do, we receive certain profile information from that provider — typically your name, email address, profile picture, and a unique identifier — along with any other information you have authorized the provider to share.

We use that information only as described in this Privacy Notice. We do not control, and are not responsible for, other uses of your information by the third-party provider. Please review the provider's own privacy notice and privacy settings.

6. Artificial Intelligence and Automated Processing

Memento uses AI and machine learning to power several features. We want you to understand clearly how this works.

Current AI Features

The following AI features are part of the Services. Each operates only when you actively choose to use it:

  • AI Bio Enhancement: improves the text you write on your business card.
  • AI Image Generation and Editing: generates or edits avatar, logo, or background images you upload.
  • Business Card Scanner (OCR): extracts contact details from photos of paper business cards.
  • Contact Enrichment: when you provide a LinkedIn URL or QR code, fetches and previews additional public professional information from third-party data providers before you decide whether to save it.
  • Greeting and Note Suggestions: drafts or titles short messages.
  • Daily Brief and Relationship Insights: summarizes your relationships and surfaces follow-up suggestions.

When you use these features, the relevant input (such as the bio text, an uploaded image, a scanned card, or a LinkedIn identifier) is sent to a third-party AI model provider that processes it on our behalf under a data-processing agreement. We do not authorize those providers to use your data to train their own models, except where they offer that as a contractual default we cannot override; in those cases, we will say so on the feature description and offer you a way to avoid using the feature.

Use of Your Content to Improve Memento's Own AI Features

Today, Memento does not use your personal information, your Contacts, your notes, your business card content, or any other customer data to train our own AI models.

In the future, we may want to use customer data to train, fine-tune, evaluate, or improve AI features so that we can serve you better — for example, to make our scanner more accurate, our enrichment suggestions more relevant, or our Daily Brief more useful. If we ever do this, we will:

  1. Update this Privacy Notice with a clear description of what data is used, for what AI purpose, and how it is protected;
  2. Notify you in advance through in-product messaging, email, or both, before any such processing begins;
  3. Provide a clear and accessible opt-out in your account settings, available before the new processing takes effect, and we will respect that choice going forward;
  4. Default to de-identification or aggregation where it is reasonably possible to do so without defeating the purpose;
  5. Exclude sensitive categories of personal information from training data, and exclude data from users we know to be under 18;
  6. Never use your data to build models that we sell or license to third parties for use outside the Memento Services without your separate, opt-in consent.

We will not retroactively use historical data that you stored with Memento before the effective date of any such opt-in or notice without complying with the steps above.

Automated Decision-Making

We do not use your personal information to make decisions that produce legal effects concerning you or similarly significant effects (such as eligibility for credit, employment, or insurance). AI features in Memento are productivity aids; the decisions about what to send, save, or share are made by you.

7. How Long We Keep Your Information

We retain personal information for as long as is necessary to provide the Services to you and to fulfill the purposes described in this Privacy Notice, unless a longer retention period is required or permitted by law (for example, for tax, accounting, dispute-resolution, or fraud-prevention purposes).

In general:

  • Account and profile data: retained while your account is active and for a reasonable period after deletion to allow recovery, resolve disputes, and meet legal obligations.
  • Contacts, cards, notes, reminders, and other content: retained while your account is active. When you delete this content within the app, we remove it from active systems and from backups within a commercially reasonable period (typically up to 90 days).
  • Billing and transaction records: retained for the period required by tax and accounting law (typically up to seven years).
  • Logs, security records, and aggregated analytics: retained for shorter operational periods, generally 30 days to 24 months depending on the data type.

When we no longer have a legitimate need to process your information, we delete or anonymize it. Where that is not immediately possible (for example, because information is stored in backup archives), we securely isolate the information from further processing until deletion is possible.

You can request deletion of your account and associated data at any time from Settings → Privacy → Delete Account, or by emailing privacy@mementocrm.com.

8. How We Keep Your Information Safe

We implement appropriate technical and organizational measures designed to protect your personal information, including:

  • Encryption of data in transit using industry-standard TLS;
  • Encryption at rest for sensitive data stored in our cloud infrastructure;
  • Role-based access controls and least-privilege access for our personnel;
  • Authentication safeguards, including secure password storage handled by Auth0 and support for social and federated login;
  • Logging, monitoring, and alerting for suspicious activity;
  • Regular review of our security practices, sub-processors, and vendor agreements.

Despite these measures, no method of electronic transmission or storage can be guaranteed 100% secure. You play an important role in protecting your account: choose a strong password, enable any available multi-factor authentication, and notify us immediately at security@mementocrm.com if you suspect unauthorized access.

If we become aware of a personal-data breach that affects you, we will notify you and applicable regulators as required by law.

9. International Data Transfers

Memento is based in the United States and our infrastructure providers operate from facilities in the United States and other countries. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States and other jurisdictions in which we or our service providers operate.

These jurisdictions may have data protection laws different from those of your country. Where required by law (for example, for transfers from the European Economic Area, United Kingdom, or Switzerland), we use appropriate safeguards such as Standard Contractual Clauses to protect your information.

10. Children's Privacy

The Services are not directed to, and we do not knowingly collect personal information from, children under the age of 16. If you are under 16, please do not use the Services or provide any information about yourself to us.

If we become aware that we have collected personal information from a child under 16 without verified parental or guardian consent, we will delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at privacy@mementocrm.com.

If you are between 16 and 18 and reside in California, see the additional rights described in Section 13.

11. Your Privacy Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Right to access — request a copy of the personal information we hold about you.
  • Right to correct — ask us to correct inaccurate or incomplete information.
  • Right to delete — ask us to delete your personal information, subject to certain legal exceptions.
  • Right to portability — receive your information in a portable, machine-readable format.
  • Right to object or restrict — object to, or restrict, certain processing of your information.
  • Right to withdraw consent — withdraw consent at any time where we process information based on your consent (this does not affect the lawfulness of prior processing).
  • Right to opt out of sale or sharing — opt out of the sale or sharing of your personal information. We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to opt out of profiling — opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in such profiling.
  • Right to non-discrimination — exercise your privacy rights without discriminatory treatment.

How to Exercise Your Rights

The easiest way to exercise your rights is in-product at Settings → Privacy → Data Requests, or by emailing privacy@mementocrm.com. We will respond in accordance with applicable law (typically within 30–45 days, depending on the jurisdiction).

We may need to verify your identity before fulfilling a request. To do so, we may ask you to provide information that matches what we already have on file. We will use any information provided for verification only for that purpose and will delete it as soon as verification is complete.

You may also use an authorized agent to submit a request on your behalf. We may require proof that the agent is validly authorized.

EEA, UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland and believe we are processing your information unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority:

Marketing Opt-Out

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing message, or by emailing privacy@mementocrm.com. Even if you opt out of marketing, we may still send you transactional and service-related messages (such as billing notices, security alerts, and important changes to the Services or this notice).

12. Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. Memento currently honors Global Privacy Control (GPC) signals where required by law and will update this notice as standards evolve.

13. U.S. State Privacy Rights

A growing number of U.S. states — including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, and others — provide comprehensive consumer privacy rights. If you are a resident of one of these states, you have the rights described in Section 11, as applicable under your state's law.

California Residents

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"). The categories of personal information we may have collected in the past 12 months, the purposes for collection, and the categories of recipients are described below.

CategoryCollected?Examples
A. IdentifiersYesReal name, alias, postal address, phone number, unique personal identifier, online identifier, IP address, email address, account name
B. Personal information categories listed in Cal. Civ. Code § 1798.80YesName, signature, address, telephone, employment information
C. Protected classification characteristicsNoWe do not collect protected-class information such as race, religion, or gender, except where you voluntarily add such fields to a contact record
D. Commercial informationYesSubscription plan, billing history, transaction metadata
E. Biometric informationNoWe do not collect biometric identifiers
F. Internet or other similar network activityYesApp and website usage, feature interactions, referring URLs, device events
G. Geolocation dataYes (approximate)IP-derived approximate location; precise location only when you grant permission for a specific feature
H. Audio, electronic, visual, or similar informationYes (limited)Photos and images you upload to the Services
I. Professional or employment-related informationYesJob title, company, and similar information you add to your profile or contacts
J. Education informationNoWe do not collect education records
K. InferencesYes (limited)Inferences drawn from your use of the Services to personalize features, such as suggested follow-ups
L. Sensitive personal informationNot soughtWe do not knowingly collect sensitive personal information beyond account credentials. We do not use sensitive personal information to infer characteristics

Sale or sharing: We do not sell or share personal information as those terms are defined under the CCPA/CPRA. We have not done so in the preceding 12 months.

Sources: We collect personal information directly from you, from your devices, from authentication providers, from enrichment partners (when you initiate enrichment), and from analytics partners.

Recipients: We disclose personal information to the categories of service providers and other recipients described in Section 4.

California Shine the Light: California residents may request, once per year, information about disclosures of personal information to third parties for those third parties' direct-marketing purposes. We do not make such disclosures. Requests may be sent to privacy@mementocrm.com.

Minors under 18: If you are under 18, reside in California, and have a Memento account, you have the right to request removal of unwanted data you publicly posted. Email privacy@mementocrm.com with your account email and a statement that you reside in California.

Virginia, Colorado, Connecticut, Utah, Texas, and Other State Residents

If you reside in a state with a comprehensive consumer privacy law, you have rights to access, correct, delete, port, and opt out of certain processing (including sale, targeted advertising, and certain profiling) as provided under your state's law. To exercise these rights, contact us at privacy@mementocrm.com.

You may also have a right to appeal a decision we make about your request. If we deny your request, we will explain why and provide instructions for appeal.

Nevada Residents

Nevada residents may opt out of any future sale of personal information by emailing privacy@mementocrm.com. We do not currently sell personal information.

14. Updates to This Notice

We may update this Privacy Notice from time to time. The updated version will be indicated by a new "Last Updated" date and will be effective as soon as it is accessible. If we make material changes — including changes to how we use AI or whether we use your information to train AI models — we will notify you by prominently posting a notice within the Services, by email, or both, before those changes take effect.

We encourage you to review this Privacy Notice regularly to stay informed about how we protect your information.

15. Contacting Us

If you have questions or comments about this Privacy Notice or our privacy practices, please contact us:

Email: privacy@mementocrm.com Security issues: security@mementocrm.com General support: support@mementocrm.com

Mailing address: Memento CRM Inc Attn: Privacy Team 3225 McLeod Dr, Suite 100 Las Vegas, NV 89121 United States

Registered office: 1201 N Orange St, Suite 750 Wilmington, DE 19801 United States

16. Reviewing, Updating, or Deleting Your Data

You may review, update, export, or delete most of your information directly within the Services:

  • Update your profile or business card: Settings → Profile, or open any of your business cards.
  • Edit or delete a contact, note, reminder, or group: open that item in the app.
  • Export your contacts: Settings → Export Contacts (CSV, VCF, or both, delivered by email).
  • Clear your data: Settings → Privacy → Clear My Data.
  • Delete your account: Settings → Privacy → Delete Account.

If you cannot complete a request in-app, or if you have a request that requires our help, email privacy@mementocrm.com.

*This notice was last reviewed and updated on May 25, 2026.*