Privacy Policy

Last updated: June 15, 2026.

This Privacy Policy explains how xmemory Inc. ("xmemory", "we", "us", or "our") collects, uses, stores, shares, and protects information when you use our website, console, APIs, OAuth flows, and related services.

Information You Provide

When you submit a form, create an account, contact us, or use xmemory services, we may collect information you provide, such as your name, work email, organization, role, use case, support messages, and the content or configuration you choose to store in xmemory.

We use this information to respond to requests, provide and improve xmemory services, operate customer accounts, provide support, maintain security, and communicate about xmemory products, services, and onboarding options.

Google OAuth and Google User Data

If you sign in to the xmemory console or connect an xmemory OAuth flow using Google, we access Google user data only for authentication, account setup, account linking, access control, and security. The Google user data we may access includes your Google account email address, name, profile image, Google account identifier, email verification status, hosted domain or organization information when Google provides it, and OAuth tokens or authentication assertions needed to complete and maintain the sign-in or authorization session.

We use Google user data to verify your identity, create or locate your xmemory account, display the signed-in user in the console, associate your session with the correct workspace or organization, prevent unauthorized access, troubleshoot authentication issues, and maintain audit and security records. We do not use Google user data for advertising, sell Google user data, or use Google user data to train general-purpose AI models.

Unless a separate integration clearly asks for additional permission and you grant it, xmemory does not access the contents of your Gmail, Google Drive, Google Calendar, Google Docs, or other Google workspace content through Google OAuth. If we add a Google integration that requires additional Google API scopes, we will request only the scopes needed for that integration and explain the purpose before you authorize it.

How We Share Information

We do not sell personal information or Google user data. We may share information with service providers that help us operate xmemory, such as cloud hosting, database, security, analytics, logging, communications, and customer support providers. These providers are allowed to process information only to provide services to xmemory and must protect it under appropriate contractual obligations.

We may also disclose information if required by law, legal process, or government request; to protect the rights, safety, and security of xmemory, our users, or others; or as part of a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality and data protection safeguards.

Storage and Protection

We use technical and organizational safeguards designed to protect personal information and Google user data, including access controls, encryption in transit, encrypted storage where appropriate, monitoring, least-privilege internal access, and operational security procedures. OAuth tokens, if issued to us, are stored securely and used only for the authorized authentication or integration purpose.

No method of transmission or storage is perfectly secure, but we work to protect information against unauthorized access, loss, misuse, alteration, and disclosure.

Retention and Deletion

We retain personal information and Google user data only for as long as needed to provide services, maintain accounts and security records, comply with legal obligations, resolve disputes, enforce agreements, and keep legitimate business records. Authentication logs and audit records may be kept for security and compliance purposes for a limited period.

You can request access, correction, export, or deletion of your personal information, including Google user data associated with your xmemory account, by contacting privacy@xmemory.ai. We will respond to deletion requests in accordance with applicable law and will delete or de-identify information unless we must retain it for legal, security, anti-fraud, or legitimate business record purposes.

Cookies and Similar Technologies

We use essential cookies and similar storage technologies to run the website and services, maintain security, remember your cookie consent preference, and support core functionality such as session handling.

Analytics cookies are optional and are only enabled when you consent. When you accept them, we use Google Analytics 4 to understand how visitors use the site, including page views, navigation patterns, documentation engagement, chat interactions, and form submission outcomes. We configure analytics to avoid advertising use and do not enable analytics cookies before consent.

Google may process technical information such as your IP address, device/browser details, pages viewed, approximate location derived from IP, and interaction events that we send from the site after consent. You can accept or reject non-essential cookies in the cookie banner, and you can clear browser storage to reset your choice.

International Processing

We may process and store information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for international transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date above and provide additional notice where required.

Contact

For privacy questions, rights requests, or data deletion requests, contact privacy@xmemory.ai.