Privacy Policy

MemoryCode Privacy Policy

Effective Date: 27 June 2026 Version 1.5.2


This Privacy Policy applies to memorycode.ai and the MemoryCode application (the "Service") operated by YI STUDIO ("we", "us", or "our"), a registered business based in Denmark (EU).

MemoryCode is a local-first AI memory configuration tool. Your memory content stays on your device. We do not upload your profiles, life events, skills, or any personally authored content to our servers.

Jurisdiction: This Service is made available globally. As the operator is based in Denmark (EU), the General Data Protection Regulation (GDPR) applies as the baseline legal framework.


1. Data Controller

The data controller for the purposes of the GDPR and equivalent data protection laws is:

Data ControllerYI STUDIO
ProductMemoryCode (memorycode.ai)
Contactprivacy@memorycode.ai
LocationDenmark (EU)

The Service is operated by YI STUDIO, a registered business based in Denmark (EU). For all privacy-related enquiries, contact us at privacy@memorycode.ai.


2. Our Core Privacy Commitment

MemoryCode is built on a Local-First architecture. All memory content you author is stored exclusively in your browser's localStorage on your own device and is never transmitted to our servers.

  • Profile content (name, nickname, roles, life events, skills, cognitive chip configurations, and any other authored fields) remains on your device at all times.
  • MCP configuration files are generated locally in your browser and placed on your machine by you. We do not write MCP configuration files through our servers on your behalf.
  • When you use the Export / Backup feature, the data is packaged as a JSON file and downloaded directly by your browser or shared via your operating system's native share sheet. This transfer does not route through our servers.
  • We do not sell, share with advertisers, or use your memory content for model training under any circumstances.

3. Data We Collect and Process

3.1 Data You Author (Local Only)

The following data exists solely on your device and is not processed by us:

Data CategoryExamples
Profile & identityDisplay name, nickname, professional role, About me text
Deep Memory entriesLife milestones, key experiences, personal reflections
Skills & expertiseSkill tags, proficiency depth, knowledge domains
Cognitive ChipsCustom AI interaction configurations and traits — including both official chips and custom chips you create (marked source: custom). Chips marked "coming soon" are not included in MCP exports.
MCP configuration outputGenerated config JSON for Claude Desktop, Cursor, Windsurf
MCP 1.1 — Cognitive chips libraryChip metadata (name, description, source) for all available chips, embedded in your local MCP export file
MCP 1.1 — CompositionsPre-generated prompt text combining each profile with each chip. These are included by default in every MCP export and cannot be individually excluded. See Section 6 for details.
MCP 1.1 — Runtime statemcp.runtime section recording which profile and chip are currently active for MCP sessions. This may be updated locally by AI client tool calls. See Section 6.6.
Technical metadata in MCP configProduct version (MC_VERSION), build identifier (MC_BUILD), release channel (MC_CHANNEL), schema version — embedded in your local MCP config file for compatibility and troubleshooting purposes. See Section 6.1 for details.
Application preferencesActive view, preview mode, dialog display states

Because this data never leaves your device, we are not a data controller for this content. You retain full ownership and control. Note that this data may contain sensitive personal information (such as health, financial, or relationship details). We encourage strong device-level security to protect your browser's local storage.

3.2 Functional Cookie

We set one functional cookie:

AttributeDetail
Nameoperator_status
ValueFixed string: "active" — contains no personal data
PurposeRouting: after you first open the application, subsequent visits redirect directly to the app view, bypassing the landing page
ExpiryApproximately 1 year (max-age=31,536,000 seconds)
ScopeSite-wide (path=/)
Third-party sharingNone

This cookie is strictly necessary for consistent Service navigation and is exempt from consent requirements under the ePrivacy Directive. It does not track your behaviour, identify you personally, or persist any memory content.

3.3 Anonymous Usage Analytics (Vercel Web Analytics)

We use Vercel Web Analytics to understand aggregate usage of the Service, configured for functional measurement only without intrusive tracking or behavioural profiling.

  • No cookies are set by the analytics system.
  • No cross-site tracking — your activity on MemoryCode is not correlated with activity on any other website.
  • No persistent personal identifiers are collected or stored.
  • Your IP address is used solely to derive an anonymous, daily-rotating hash for unique-visitor counting; the raw IP address is not retained.

Data collected includes: page URL and referring URL; approximate geographic location (country / region / city, derived from IP); device information (operating system, browser, device category); and timestamp. Used solely for aggregate statistics; not shared with advertisers or used for model training.

Legal basis: Legitimate Interest (GDPR Art. 6(1)(f)). Processing is limited to aggregated, anonymised data without persistent identifiers.

Vercel, Inc. processes this data as a data processor on our behalf. See: https://vercel.com/legal/privacy-policy

3.4 Server-Side API Calls

The following server-side API endpoints exist in the application:

API EndpointProduction (Vercel)Local dev onlyData Transmitted
POST /api/mcp/test-connectionAvailableAvailableTool identifier only ("claude", "cursor", or "windsurf"). No memory content.
POST /api/mcp/configureDisabledAvailableTool identifier; writes local AI client configuration file. No memory content.
POST /api/mcp/write-memory-fileDisabledAvailableFull MCP export payload (meta, data, mcp). Writes memorycode-mcp.json to the local machine's home directory.

In the production environment (memorycode.ai), only the test-connection endpoint is active. The configure and write-memory-file endpoints are programmatically disabled in production (isLocalMcpApiEnabled guard) and return an error if called. They are available only when running the application locally in a development environment on your own machine.

In the production environment, no memory configuration content is transmitted via API. MCP configuration files are generated in your browser and placed on your local machine by you, following the step-by-step guidance provided in the MCP Connect panel.

We have configured server-side functions to run in the European region (Vercel fra1, Frankfurt) where operationally feasible. Static assets and cached pages may still be served via Vercel's global edge network; that path does not execute our dynamic API route code.

3.5 Hosting Platform Access Logs (Vercel Infrastructure)

Vercel's hosting infrastructure automatically generates access logs for every HTTP request to memorycode.ai, including: IP address, HTTP method, requested URL path, response status code, User-Agent string, and timestamp. These are processed by Vercel, Inc. for hosting and security services. We access them in aggregate or sampled form for security monitoring and performance diagnostics.

3.6 User Feedback (Tally Form)

We offer an optional in-app feedback form powered by Tally (tally.so). Clicking the feedback prompt opens a Tally-hosted form. Submission is entirely voluntary.

Data collected when you submit a form:

Data ItemNaturePurpose
Q1 branch selection (experience / problem)RequiredRoute form to correct branch; product analytics
Q2 / Q2b structured responses (single-choice or text)Required within branchUnderstand usage patterns or diagnose reported issues
Q3 / Q3b free-text feedback (optional)VoluntaryQualitative product improvement
Entry-point identifier (?src= parameter)AutomaticRecords which in-app trigger point opened the form, so we can understand context without you having to answer an extra question
Email address — Branch A (product updates, optional)VoluntaryIf provided, used to send you occasional product update notifications. You consent to this use by submitting the form after reading the disclosure shown next to the email field.
Email address — Branch B (support follow-up, optional)VoluntaryIf provided, used solely to follow up on the specific problem you reported.

Important distinctions:

  • The Branch A email (Q4) is used for product communications (marketing/updates). The Tally form displays a disclosure statement adjacent to this field: "By leaving your email, you agree to receive occasional product updates from YI STUDIO. We will not share your email with third parties." Your consent is given at that point.
  • The Branch B email (Q4b) is used exclusively for resolving the support issue you described. It is not added to any marketing list.
  • Free-text fields (Q3, Q3b) are optional. You should avoid entering third-party personal information in these fields.
  • The ?src= entry-point parameter is technical metadata only. It does not identify you personally.

Tally processes this data as our data processor under a signed Data Processing Agreement (DPA). Feedback data is not used for advertising or model training.

Tally's Privacy Policy: https://tally.so/privacy


4. Legal Basis for Processing (GDPR)

Processing ActivityLegal Basis (GDPR Art. 6)
Functional cookie (operator_status)Legitimate Interest (Art. 6(1)(f)); also exempt under ePrivacy Directive as strictly necessary
Vercel Web AnalyticsLegitimate Interest (Art. 6(1)(f)) — aggregate usage understanding; no personal identifiers retained
MCP test-connection endpointPerformance of service explicitly requested (Art. 6(1)(b)) — only a tool identifier is transmitted
Technical metadata in MCP config (MC_VERSION, MC_BUILD, MC_CHANNEL)Legitimate Interest (Art. 6(1)(f)) — product integrity, version compatibility, and support diagnostics. Stored locally, not transmitted to our servers.
MCP runtime state updates (load_config, load_chip, unload_chip)Performance of service explicitly requested (Art. 6(1)(b)) — you initiate tool calls via your AI client; updates are written to your local file only
Vercel infrastructure access logsLegitimate Interest (Art. 6(1)(f)) — security, abuse prevention, service reliability
Feedback form — structured responses and entry-point parameterLegitimate Interest (Art. 6(1)(f)) — product improvement using aggregate, non-identifying data
Feedback form — free-text responses (optional)Consent (Art. 6(1)(a)) — voluntarily submitted; may incidentally contain personal information
Feedback form — email, Branch A (optional, product updates)Consent (Art. 6(1)(a)) — explicit consent given via in-form disclosure at submission
Feedback form — email, Branch B (optional, support follow-up)Legitimate Interest (Art. 6(1)(f)) — resolution of a specific support issue you initiated
Support correspondenceLegitimate Interest / Contractual necessity (Art. 6(1)(b) and (f))

We do not process special categories of personal data (GDPR Article 9) on our servers. Although users may enter sensitive personal information into local memory fields, this data remains on-device and is never transmitted to us. You are solely responsible for the content you choose to store locally.


5. Third-Party Services

ServiceRole and Data Processed
Vercel, Inc.Hosting provider and analytics processor. Processes infrastructure access logs and aggregated analytics data. Privacy Policy: vercel.com/legal/privacy-policy
npm, Inc. (a GitHub / Microsoft subsidiary)Package registry. When your AI client starts the MemoryCode MCP Server using the npx command, your device connects to the npm registry to download the server package. npm may log standard network metadata (IP address, User-Agent, timestamp, package identifier). YI STUDIO does not receive or process this metadata. npm Privacy Policy: docs.npmjs.com/policies/privacy
Tally (Tally Solutions BV, Belgium)User feedback form service. Processes voluntarily submitted feedback responses, entry-point parameters, and optional email addresses as our data processor under a signed Data Processing Agreement. Privacy Policy: tally.so/privacy
AI clients (Claude Desktop, Cursor, Windsurf, LM Studio, OpenClaw, and other MCP-compatible tools)When you connect the MemoryCode MCP Server, your AI client reads your local configuration file — including profiles, cognitive chips, composed prompts, and runtime state — and may incorporate this content into its model context window. How your AI client processes, stores, or transmits this data is governed by that provider's privacy policy, not by this Policy. YI STUDIO does not act as an intermediary in this data flow.
Payment processor (future — not yet active)If paid plans are introduced, a third-party processor (such as Stripe or Lemon Squeezy) will process payment information. We will never handle raw payment card data. Full details will be provided at launch.
AI API providers (future — not yet active)Optional AI-powered features may transmit user-provided documents to a third-party AI API. Such features will only activate upon your explicit consent and will be clearly disclosed before any data is transmitted.

We do not sell your data to any third party. We do not share your data with advertising networks or data brokers beyond what is described in Section 3.3.


6. MCP Integration and Agent Tool Access

6.1 Current MCP Integration: Local-First, Manual Import

In the current version of the Service, the MCP (Model Context Protocol) integration is fully local-first. No memory or configuration data is transmitted to our servers as part of the MCP workflow.

  • The MCP Connect panel generates a standardised configuration JSON for your chosen AI client (Claude Desktop, Cursor, Windsurf, or compatible clients) directly in your browser.
  • Step-by-step guidance is provided to help you paste this configuration into your AI client. The placement is performed by you, not by us.
  • The MemoryCode MCP Server runs as a local process on your machine. It reads your local memorycode-mcp.json file and makes your memory configuration available to AI tools within your local environment. No data is transmitted to our servers during a session.
  • Your memory configuration file (memorycode-mcp.json) does not leave your machine unless you deliberately share it. Once placed on your machine, the subsequent use of this file by AI tools is governed by your operating environment and the privacy policies of those AI tools, not by this Policy.

Technical Metadata in Exported Configuration Files:

Your exported MCP configuration file contains a small set of technical metadata fields embedded for product compatibility and support purposes:

FieldValue and Purpose
MC_VERSIONThe MemoryCode product version (e.g., "1.0.0"). Used for configuration compatibility verification.
MC_BUILDA build identifier (e.g., a version release tag). Used to identify which software build generated the configuration.
MC_CHANNELThe release channel (e.g., "web" or "desktop-guide"). Used to understand how the configuration was generated.
schema_versionThe MCP export schema version (e.g., "1.1"). Used for forward compatibility.

These fields contain only technical product information. They do not encode personal identifiers, device fingerprints, IP addresses, user input, or any information that identifies you as an individual.

6.2 MCP 1.1 Export Contents

Starting with MCP schema version 1.1, the exported memorycode-mcp.json file includes the following additional content:

ContentDescriptionIncluded by DefaultCan Be Excluded
Cognitive chips library (mcp.chips[])Metadata for all available cognitive chips — both official chips and any custom chips you have created (marked source: custom). Chips marked "coming soon" in the application are not included.YesNo
Compositions (mcp.compositions[])Pre-generated prompt text combining each profile with each chip. These contain your identity information (from the profile) merged with chip behavioural rules into a complete instruction set.YesNo
Runtime state (mcp.runtime)Records which profile and chip are currently active for MCP sessions (activeProfileId, activeChipByProfile, updatedAt).YesNo
Resources (mcp.resources[])Default prompt for each profile under its currently selected chip, used by AI clients that support the MCP Resources protocol.YesNo

Important: Compositions and resources contain the full text of your composed prompts, which combine your profile identity information with cognitive chip instructions. This content is exposed to any AI client you connect via MCP and may enter that AI's model context window. If you do not wish certain content to be accessible via MCP, you should edit or remove the relevant profile or chip in MemoryCode before exporting, or choose not to connect MCP.

6.3 How the MCP Server Starts (npx)

The MemoryCode MCP Server is distributed as an npm package and is launched automatically by your AI client. The typical flow is:

  • You paste the MemoryCode MCP configuration (containing command: "npx" and the relevant arguments) into your AI client's MCP settings.
  • You restart the AI client.
  • The AI client reads the configuration and automatically executes npx in a local process on your machine, which downloads the MemoryCode MCP Server package from the npm public registry and starts it.
  • You do not need to open a terminal or run any commands manually under normal circumstances. Manual terminal use is only required for troubleshooting.

This process causes your device to connect to the npm public registry to download the server package. Your memory configuration file is read locally by the server process and is not transmitted to our servers or to the npm registry.

Enterprise / Restricted Network Users: If you operate in a corporate firewall or air-gapped environment, the automatic npx download may be blocked. You may use the local installation path instead. See the MCP documentation for alternative configuration options including private registry support and version pinning.

6.4 Local MCP Server Session Behaviour

Once running, the MemoryCode MCP Server reads your local memorycode-mcp.json file and makes your memory configuration available to AI tools within your local environment. No data is transmitted to our servers during a session.

6.5 Available MCP Tools

The MemoryCode MCP Server provides the following tools, which your AI client may invoke during a session:

ToolCategoryNature
list_configsProfilesRead-only
load_configProfilesUpdates local mcp.runtime
list_chipsCognitive ChipsRead-only
load_chipCognitive ChipsUpdates local mcp.runtime
unload_chipCognitive ChipsUpdates local mcp.runtime
get_cognitive_chipCognitive ChipsRead-only
get_user_profileIdentity & SkillsRead-only
get_expertiseIdentity & SkillsRead-only

Read-only tools return data from your local configuration file without modifying it. Tools that update mcp.runtime save your current profile and chip selection to the local file so that selections persist across sessions. These updates are described in Section 6.6.

A complete description of each tool's capabilities is also displayed in the MemoryCode MCP Connect panel after successful configuration.

6.6 Local Runtime State Updates (MCP 1.1)

When you (or your AI client on your behalf) invoke load_config, load_chip, or unload_chip, the MemoryCode MCP Server writes the updated selection to the mcp.runtime section of your local memorycode-mcp.json file. This mechanism allows your profile and chip selections to persist between AI client sessions.

Key characteristics:

  • Runtime updates are written only to your local file on your machine. They are not transmitted to the MemoryCode website, our servers, or any third party.
  • Runtime updates do not modify your profile content, chip definitions, or composed prompts — they only record which profile and chip are currently selected.
  • On the first local runtime update (e.g., switching profile or chip via an MCP tool), the MCP Server may create a one-time local backup file (memorycode-mcp.backup.json) alongside your configuration file. Subsequent runtime updates do not replace that backup unless you delete it manually.
  • The MemoryCode website (browser localStorage) and the MCP runtime state are independent. Switching a chip via an MCP tool in your AI client does not change the chip selected on the MemoryCode website, and vice versa. They synchronise only when you perform a new MCP export from the website.

6.7 AI Client Context Exposure

When you connect the MemoryCode MCP Server to an AI client, that client can read your profiles, cognitive chips, composed prompts, and runtime state through the MCP protocol. This data may be incorporated into the AI's model context window during your session.

This data flow occurs locally between the MCP Server process and the AI client on your machine. MemoryCode does not act as an intermediary and does not receive any data exchanged during MCP sessions.

You should be aware that:

  • The AI client may send the content of your profiles and composed prompts to its cloud-based model API (e.g., Anthropic, OpenAI) as part of processing your conversation. This is governed by the AI provider's privacy policy, not by this Policy.
  • By connecting the MemoryCode MCP Server and using MCP tools, you authorise the connected AI client to read your locally stored memory configuration during sessions.

6.8 Future: Agent Modifications to Profile and Chip Content

We may in a future version introduce optional features that allow AI agents, upon explicit user authorisation, to modify the content of profiles or cognitive chips (as distinct from the runtime selection changes described in Section 6.6). Any such feature will: require a clear, affirmative in-application consent action; be disclosed in an updated version of this Policy prior to release; maintain a local audit log of agent-initiated content modifications; and clearly distinguish between user-authored and AI-generated content.


7. Data Retention

Data CategoryRetention Period
Your memory content (localStorage)Until you clear your browser data, use the in-app Clear All Memory function, or uninstall. Not subject to our retention schedules.
MCP configuration file, compositions, chips library, and technical metadata (local)Stored on your machine under your control. Deleted when you remove the file or reset your MCP configuration. Not subject to our retention schedules.
MCP runtime state and backup file (local)mcp.runtime is updated on your machine when you switch profiles or chips via MCP tools. The one-time backup file (memorycode-mcp.backup.json) persists until you delete it manually. Both are under your control.
Functional cookie (operator_status)Approximately 1 year from date set, or until you clear browser cookies.
Vercel Web AnalyticsAggregated; event-level data not retained to a degree allowing reconstruction of individual browsing history.
Vercel infrastructure access logsManaged by Vercel per their data retention policies.
npm package download logsManaged by npm, Inc. per their data retention policies. Not accessible to YI STUDIO.
Tally feedback form responses (non-email)Retained by Tally as our data processor for as long as necessary for product improvement purposes. We review and delete feedback data periodically and at minimum upon a valid erasure request.
Email addresses submitted via feedback formRetained until you request deletion (contact privacy@memorycode.ai) or until the communication purpose is fulfilled. Branch A email addresses will be removed promptly upon unsubscribe request.
Support correspondenceRetained for as long as reasonably necessary to resolve your inquiry.

8. localStorage — Important User Notice and Limitation of Liability

Because your memory content is stored in your browser's localStorage, you should be aware of the following risks:

  • Browser data clearing: Clearing your browser's cookies and site data will permanently delete your MemoryCode profiles and memory content from that device.
  • Safari / iOS Intelligent Tracking Prevention (ITP): Apple's ITP mechanism may automatically clear localStorage for websites not visited for 7 consecutive days. Your data may be deleted by the browser without warning and without any action on our part.
  • Device failure or replacement: Data stored in localStorage is not backed up to any cloud service. If your device fails, is lost, or is reset, your data will be lost.
  • Recommendation: Use the Backup feature (Settings → Backup) to export your data as a JSON file and store it securely.

Limitation of Liability: To the maximum extent permitted by applicable law, YI STUDIO disclaims all liability for any loss of locally stored data, failure to back up data, service interruption, or any direct, indirect, incidental, or consequential damages arising from: the local-first nature of the Service; actions taken by your device's operating system or browser (including ITP-related data clearance); your failure to create backups; or any circumstance beyond our reasonable control.

The Service is provided "as is" and "as available" without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or uninterrupted availability.


9. Your Rights

9.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights in relation to personal data we process about you (i.e., technical and analytical data described in Sections 3.2 to 3.6):

RightDescription
Access (Art. 15)Request a copy of personal data we hold about you.
Rectification (Art. 16)Request correction of inaccurate personal data.
Erasure (Art. 17)Request deletion of your personal data where no overriding legal basis applies.
Restriction (Art. 18)Request that we restrict processing in certain circumstances.
Objection (Art. 21)Object to processing based on legitimate interests.
Withdrawal of consent (Art. 7(3))Where processing is based on consent (e.g., Branch A email for product updates), you may withdraw your consent at any time by contacting privacy@memorycode.ai. Withdrawal does not affect the lawfulness of processing before withdrawal.
Portability (Art. 20)Receive data in a structured, machine-readable format. Your memory content can be exported at any time via the in-app Backup function.
ComplaintLodge a complaint with the Danish Data Protection Authority (Datatilsynet, www.datatilsynet.dk), our lead supervisory authority. You may also contact the data protection authority in your country of residence.

To exercise these rights, contact us at privacy@memorycode.ai. We will respond within 30 days.

Note: because your memory content is stored exclusively on your device and is not accessible to us, we cannot retrieve, modify, or delete it on your behalf. Technical metadata, runtime state, and backup files stored in your local MCP configuration are also under your control and can be managed by deleting or regenerating the relevant files.

9.2 California Residents — CCPA / CPRA

  • We do not "sell" or "share" your personal information as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
  • Your memory content stays strictly on your device and is not subject to sale or disclosure to third parties for cross-contextual behavioural advertising.
  • The limited personal data we process (analytics, access logs, and voluntarily submitted feedback form data including optional email addresses) is used solely for service operation, improvement, and the communication purposes described in Section 3.6. It is not sold or used for targeted advertising.

To exercise any California privacy rights, contact us at privacy@memorycode.ai.


10. Data Security

  • All data in transit between your browser and our servers is encrypted using HTTPS / TLS.
  • Server-side API endpoints are stateless and do not persist memory content to remote databases.
  • MCP configuration API endpoints that handle memory content are disabled in the production environment.
  • Access to hosting infrastructure, analytics dashboards, and feedback form data is restricted to the operator.
  • Your locally stored memory data is protected by your device's own security controls.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.


11. Children's Privacy

The Service is not directed at children under the age of 13 (as defined under COPPA) or under the age of 16 in EU jurisdictions where GDPR Article 8 applies. We do not knowingly collect personal data from children below these thresholds. If you are under 16, obtain your parent or legal guardian's permission before using the Service.

If you become aware that a child has provided us with personal data without parental consent, please contact us at privacy@memorycode.ai.


12. International Data Transfers

The Service is hosted by Vercel, Inc., a US-based company. Your usage data (analytics and access logs) may be transferred to and processed in the United States. Vercel participates in the EU-U.S. Data Privacy Framework and implements Standard Contractual Clauses (SCCs) to legitimise transfers from the EEA.

Our dynamic API routes are configured to execute in the European region (Vercel fra1, Frankfurt). Vercel Web Analytics and infrastructure access logs are processed by Vercel according to their data retention and transfer policies; the applicable Vercel privacy documentation should be consulted for current specifics.

Package distribution via npm may involve connections to Fastly CDN nodes used for global delivery, which may be located outside the EEA. This involves only standard network metadata and is governed by npm's privacy policy.

Feedback form data is processed by Tally Solutions BV, a company headquartered in Belgium (EU). Any international transfers by Tally to sub-processors are governed by Tally's privacy policy and our Data Processing Agreement with Tally.

When you connect the MemoryCode MCP Server to an AI client, that client may transmit your profile and prompt data to its cloud-based model API (e.g., Anthropic, OpenAI), which may be located outside the EEA. This transfer is initiated by your AI client, not by MemoryCode, and is governed by the AI provider's privacy policy.

Memory content authored by you is not subject to international transfer by us, as it is never transmitted to our servers.


13. Expected Future Features and Data Handling

The following provisions describe features that are planned but not yet implemented. They apply only if and when these features are actively developed, released, and enabled by you. No data flows described in this section are currently active.

13.1 One-Click MCP Configuration

The application includes MCP configuration API endpoints (/api/mcp/configure, /api/mcp/write-memory-file) that are currently available only in local development environments and are disabled in the production deployment. If a production-ready one-click MCP configuration capability is introduced in a future version, this Policy will be updated prior to launch to disclose: the environment in which the write operation takes place; the scope of memory content accessed; and confirmation that configuration data will not be used for advertising, profiling, or model training.

13.2 Payment Processing

If paid subscription plans are introduced, payment information will be collected and processed by a third-party payment processor. We will never handle raw payment card data. The processor's own privacy policy will be presented at the point of purchase.

13.3 AI-Assisted Features

Optional AI-powered features (such as Smart Extract) may in a future version transmit user-provided documents to a third-party AI API. Such features will only activate upon your explicit confirmation and after clear disclosure.

13.4 Agent Content Modifications

As described in Section 6.8, any feature enabling AI agents to modify the content of profiles or cognitive chips (as distinct from runtime selection changes in Section 6.6) will require explicit in-application consent, be accompanied by a Policy update, and maintain a local audit log.

13.5 Multi-Device Sync

Any synchronisation feature involving transmission of your memory data across devices will be preceded by a clear disclosure and Policy update prior to launch.


14. Changes to This Policy

We may update this Privacy Policy from time to time. The current version and effective date are always displayed at the top of this document and at memorycode.ai/privacy.

For material changes that meaningfully affect your rights or introduce new categories of data processing, we will provide notice via a prominent in-application banner at least 14 days prior to the changes taking effect where practicable. Your continued use of the Service after a policy update constitutes your acceptance of the revised Policy.


15. Contact

Emailprivacy@memorycode.ai
ProductMemoryCode — memorycode.ai
OperatorYI STUDIO, Denmark (EU)
Response timeWe aim to respond to all privacy-related enquiries within 5 business days.

To lodge a complaint with our lead supervisory authority:

  • Datatilsynet (Denmark): www.datatilsynet.dk | +45 33 19 32 00
  • You may also contact the data protection authority in your country of residence.

MemoryCode Privacy Policy — v1.5.2 — Effective 27 June 2026