Welcome to MemorySparks! Your privacy is important to us. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the MemorySparks mobile application ("App").
By using MemorySparks, you agree to the collection and use of information in accordance with this Privacy Policy.
Quick Summary
What we collect: Account info (email, name), memory text & images for AI story generation, subscription status
What we DON'T collect: Device tracking data, usage analytics, crash reports, location, browsing history
Third parties: Google Gemini AI (story generation), RevenueCat (subscriptions), Supabase (authentication)
Your rights: Access, correct, delete, and export your data anytime
Contact: hansleonel@icloud.com
1. Service Provider Information
MemorySparks is operated by:
Hans Leonel Jurado Munoz
Lima, Peru
Email: hansleonel@icloud.com
For privacy-related inquiries, please contact us at: hansleonel@icloud.com
2. Information We Collect
2.1 Information You Provide Directly
Account Information:
When you create an account, we collect:
- Full name (optional, from Apple/Google Sign-In)
- Email address
- Username (user-selected)
- User ID (auto-generated by Supabase)
- Authentication credentials (if using email/password registration)
- Profile picture (optional, from Google Sign-In)
- Bio (optional, user-provided)
Story Generation Input:
When you use MemorySparks to generate stories, we process:
- Your memory text (the text you provide to create a story)
- Uploaded images (photos you choose to include in story generation)
- Story parameters (genre: Romance, Adventure, Mystery, Fantasy, Horror, Sci-Fi, etc.)
- Author style preferences (optional)
- Language preferences
⚠️ IMPORTANT: Your memory text and uploaded images are sent to Google Gemini AI for story generation. These are processed by Google's servers to create your personalized story. We recommend not including highly sensitive personal information in your memory text.
2.2 Information Collected Automatically
Story Interaction Data:
- Number of times you read each saved story (read count)
- Story ratings you provide (1-5 stars)
- Stories you save or mark as favorites
Account Activity:
- Account creation date
- Last sign-in date
- Profile update timestamps
- Authentication provider used (email, Apple, or Google)
Subscription Status:
Through RevenueCat, we track:
- Whether you have an active premium subscription
- Subscription type (weekly: $3.99, monthly: $12.99, annual: $79.99)
- Subscription expiration date
2.3 Local Storage (On Your Device Only)
The following information is stored only on your device in a local database and is NOT transmitted to our servers:
- Full text of generated stories
- Story metadata (title, genre, creation date, status)
- Custom images you upload (stored as file paths)
- Draft stories (automatically deleted after 2 days)
- Your story preferences and settings
✅ What We Do NOT Collect:
- Device model or manufacturer information
- Operating system version for tracking purposes
- Unique device identifiers (IDFA, IDFV) for tracking
- Time spent in the app
- Detailed usage analytics or behavior tracking
- Crash reports or error logs
- IP addresses
- Location data (GPS)
- Your contacts, photos (beyond what you choose to upload), or other apps
- Browsing history outside the app
3. How We Use Your Information
3.1 To Provide Story Generation Service
- Process your memories: Send your memory text to Google Gemini AI to generate personalized stories
- Analyze images: Send uploaded photos to Google Gemini AI for image analysis and story context
- Personalize content: Use your genre preferences and style choices to tailor stories
- Save your stories: Store generated stories locally on your device
3.2 To Manage Your Account
- Create and maintain your user account
- Authenticate your identity when you sign in
- Remember your preferences and settings
- Track your premium subscription status
- Sync your subscription across devices (via RevenueCat)
3.3 To Provide Customer Support
- Respond to your support requests and inquiries
- Troubleshoot technical issues
- Communicate important service updates
3.4 To Ensure Security
- Protect against unauthorized access to your account
- Prevent fraudulent subscription activity
- Enforce our Terms of Service
- Protect the rights and safety of MemorySparks and users
We Do NOT Use Your Data For:
- ❌ Advertising or marketing to you
- ❌ Selling to third parties
- ❌ Behavioral tracking or profiling
- ❌ Analytics beyond basic subscription metrics
4. Third-Party Services and Data Sharing
4.1 Google Gemini AI (Story Generation)
Purpose: Generate personalized AI stories based on your input
Privacy Policy: https://ai.google.dev/gemini-api/terms
Data Shared:
- ✅ Your memory text (the full text you provide)
- ✅ Uploaded images (as base64-encoded data, up to 20MB)
- ✅ Story parameters (genre, theme)
- ✅ Language preference
- ✅ Author style preference (optional)
- ❌ NO personally identifiable information (name, email, user ID)
⚠️ IMPORTANT: Your memory text and images are sent to Google's servers for AI processing. Google processes this data according to their Gemini API terms and privacy policy.
4.2 RevenueCat (Subscription Management)
Purpose: Manage in-app subscriptions, verify purchase status, and sync across devices
Privacy Policy: https://www.revenuecat.com/privacy
Data Shared:
- ✅ Your Supabase User ID (anonymized identifier)
- ✅ Subscription status and type
- ✅ Purchase receipts from Apple
- ✅ Platform information (iOS)
- ❌ NO email, name, or other personal information
4.3 Supabase (Backend and Authentication)
Purpose: User authentication, account management, and data storage
Privacy Policy: https://supabase.com/privacy
Data Stored:
- ✅ Account information (email, name, username, user ID)
- ✅ Authentication tokens
- ✅ Profile data (bio, avatar URL, preferences)
- ✅ Account activity (creation date, last sign-in)
- ✅ Subscription status (isPremium flag)
- ❌ Story content is NOT stored on Supabase (stored locally only)
4.4 Apple Sign-In & Google Sign-In
Apple Sign-In: Apple Privacy Policy
Google Sign-In: Google Privacy Policy
4.5 Apple App Store (Payment Processing)
Important: All payment processing is handled exclusively by Apple. We never see or store your credit card information.
Privacy Policy: https://www.apple.com/legal/privacy/
5. Data We Do NOT Collect or Share
To protect your privacy, we DO NOT:
- ✅ Collect credit card or payment information (handled by Apple)
- ✅ Sell your personal data to third parties
- ✅ Share your data with advertisers
- ✅ Track your location (GPS data)
- ✅ Access your contacts or photo library (beyond what you choose to share)
- ✅ Monitor your activity outside of MemorySparks
- ✅ Use analytics or tracking SDKs (Firebase Analytics, Amplitude, etc.)
- ✅ Implement crash reporting tools (Sentry, Crashlytics, etc.)
- ✅ Track browsing behavior or create behavioral profiles
6. How We Store and Protect Your Data
6.1 Data Storage
Cloud Storage (Supabase):
- Account information and profile data
- Encrypted in transit using TLS/SSL
- Encrypted at rest using industry-standard encryption
Local Storage (Your Device):
- Generated story content (SQLite database)
- Custom uploaded images (app file directory)
- App preferences
- All local data is NOT transmitted to servers
6.2 Data Retention
- Account Data: Retained while your account is active, deleted within 30 days of account deletion request
- Local Story Data: Draft stories automatically deleted after 2 days; saved stories remain until you delete them
- RevenueCat Data: Subscription history may be retained for financial/legal compliance (typically 7 years)
6.3 Security Measures
- ✅ Encrypted data transmission (HTTPS/TLS 1.2+)
- ✅ Secure authentication protocols (OAuth 2.0, JWT)
- ✅ Password hashing (bcrypt for email/password auth)
- ✅ Access controls and authentication
- ✅ Secure API key management
However: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Privacy Rights
7.1 General Rights (All Users)
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data
- Export: Request your data in a portable JSON format
How to Exercise: Email us at hansleonel@icloud.com
7.2 GDPR Rights (European Union Residents)
If you are in the EU, you have additional rights under GDPR:
- Right to Access
- Right to Rectification
- Right to Erasure ("Right to be Forgotten")
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Right to Withdraw Consent
- Right to Lodge a Complaint with your local data protection authority
Response Time: We will respond to requests within 30 days
7.3 CCPA/CPRA Rights (California Residents)
Categories of Personal Information Collected:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, username, user ID | ✅ Yes |
| Commercial Information | Subscription status, purchase history | ✅ Yes |
| User-Generated Content | Memory text, uploaded images, story parameters | ✅ Yes |
| Account Activity | Sign-in dates, profile updates | ✅ Yes |
✅ WE DO NOT SELL YOUR PERSONAL INFORMATION TO ANYONE.
Categories of Third Parties We Share With:
| Third Party | Data Shared | Purpose |
|---|---|---|
| Google Gemini AI | Memory text, images, story parameters | AI story generation |
| RevenueCat | User ID, subscription status | Subscription management |
| Supabase | Account info, profile data | Authentication, data storage |
| Apple | Subscription receipts | Payment processing |
Your Rights:
- Right to Know (what data collected in last 12 months)
- Right to Delete
- Right to Opt-Out of Sale (We do NOT sell data)
- Right to Correct
- Right to Non-Discrimination
How to Exercise Your Rights:
- Email: hansleonel@icloud.com
- Subject: "CCPA Privacy Request - [Access/Delete/Correct]"
- Response Time: Within 45 days
8. Children's Privacy
MemorySparks is intended for users aged 13 years and older (17+ in some regions).
8.1 COPPA Compliance (USA)
- We do NOT knowingly collect data from children under 13
- We do NOT direct the service to children under 13
- We do NOT sell information of minors under 16
If we discover that we have collected information from a child under 13 without verified parental consent, we will delete that information immediately.
8.2 Parental Notice
If you are a parent or guardian and believe your child under 13 has provided us with personal information:
- Email us immediately at: hansleonel@icloud.com
- Include your child's username or email
- We will delete the account and all associated data within 24 hours
9. International Data Transfers
MemorySparks is operated from Peru and uses third-party services that may store data in various locations worldwide:
- Supabase: May store data in US, EU, or other regions
- Google Gemini AI: Processes data on Google's global infrastructure (likely US)
- RevenueCat: Stores data in US
Data Transfer Safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Compliance with local data protection laws (GDPR, CCPA, LGPD)
- Third-party processors with adequate data protection measures
10. Cookies and Tracking Technologies
MemorySparks is a mobile application and does not use browser cookies.
What We Use:
- Local Storage (SQLite): Store your stories, preferences, and settings on your device
- Session Management: JWT tokens stored securely to maintain your login session
What We Do NOT Use:
- ❌ Analytics SDKs (no Firebase Analytics, Amplitude, Mixpanel)
- ❌ Advertising SDKs
- ❌ Device fingerprinting for tracking
- ❌ Cross-app tracking identifiers
10.1 iOS App Tracking Transparency
Important: MemorySparks does NOT request App Tracking permission because we do not track you across apps or websites owned by other companies.
11. Data Breach Notification
In the unlikely event of a data breach that affects your personal information:
- Immediate Investigation: Assess the scope and impact
- Notification: Notify you within 72 hours of discovering the breach
- Transparency: Explain what happened, what data was affected, and our response
- Regulatory Compliance: Notify relevant authorities as required by law
- Guidance: Provide steps you can take to protect yourself
12. Changes to This Privacy Policy
12.1 Notification of Changes
Material Changes:
We will notify you at least 30 days before material changes take effect via:
- Email to your registered address
- In-app notification
- Prominent notice on this page
Non-Material Changes:
Minor updates (typos, clarifications, formatting) may be posted without prior notice.
12.2 Your Acceptance
Your continued use of MemorySparks after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes:
- Stop using the app
- Cancel your subscription (through iTunes Account Settings)
- Request account deletion (email hansleonel@icloud.com)
13. Your Choices and Controls
13.1 Account Settings (In-App)
- ✅ Update your profile information (name, username, bio)
- ✅ Manage your saved stories
- ✅ Delete individual stories
- ✅ Change privacy settings
- ✅ View subscription status
13.2 Data Deletion
Delete Account:
- Email hansleonel@icloud.com with subject "Account Deletion Request"
- Provide your registered email address
- We will process within 30 days
What Happens:
- Your account and personal data deleted from Supabase
- Local stories remain on your device until you delete the app
- Active subscriptions continue until end of billing period
- RevenueCat retains subscription history for compliance (typically 7 years)
14. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
General Privacy Inquiries:
- Email: hansleonel@icloud.com
- Subject: "Privacy Inquiry"
- Response Time: Within 7 business days
Privacy Rights Requests (GDPR, CCPA, etc.):
- Email: hansleonel@icloud.com
- Subject: "Privacy Rights Request - [GDPR/CCPA] - [Access/Delete/Correct]"
- Response Time: Within 30 days (GDPR) or 45 days (CCPA)
Account Deletion:
- Email: hansleonel@icloud.com
- Subject: "Account Deletion Request"
- Response Time: Processed within 30 days
15. Supervisory Authority
For EU Residents:
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
Find Your EU Data Protection Authority: https://edpb.europa.eu/about-edpb/board/members_en
Summary: What You Should Know
✅ What We DO Collect:
| Data Type | Purpose | Shared With |
|---|---|---|
| Account info (email, name, username) | Account management | Supabase |
| Memory text & images | Story generation | Google Gemini AI |
| Story parameters (genre, preferences) | Personalization | Google Gemini AI |
| Subscription status | Premium access | RevenueCat |
| Story ratings & read counts | User experience | Local device only |
❌ What We DO NOT Collect:
- Device info for tracking (model, OS, identifiers)
- Usage analytics (time spent, features used)
- Crash reports or error logs
- Location data (GPS)
- IP addresses for tracking
- Your contacts or other apps
- Browsing behavior
🔒 Key Privacy Facts:
- ✅ Payment: Handled by Apple (we don't see your credit card)
- ✅ Stories: Stored locally on your device
- ✅ AI Processing: Memory text/images sent to Google Gemini
- ✅ No Ads: We don't share data with advertisers
- ✅ No Selling: We never sell your data
- ✅ Your Rights: Access, correct, delete, export your data
- ✅ Age: 13 years or older