privacy policy

This Privacy Policy explains how Entrinsia Inc. ("we," "us," or "our") collects, uses, shares, and protects your information when you use the MementoBook application and services (the "Service").

By using MementoBook, you agree to the collection and use of information as described in this Privacy Policy.

1. information we collect

1.1 information you provide directly

Account Information: When you create an account, we collect:

• Name
• Email address
• Password (encrypted)
• Phone number (optional)

Event Information: When you create events, we collect:

• Event name and description
• Event date and time
• Guest list information (names, relationships)
• Event settings and preferences

Payment Information: When you purchase Event Credits or subscriptions:

• Billing name and address
• Payment card information (processed by Stripe, PayPal, Apple Pay, or Google Pay - we do not store complete card numbers)
• Transaction history

User Content: Content you and your guests create through the Service:

• Video messages
• Voice recordings
• Photos and images
• Text messages and handwritten notes
• Guest names and relationships

Communications: When you contact us:

• Support inquiries and correspondence
• Feedback and survey responses
• Any other information you choose to provide

1.2 information collected automatically

When you use the Service, we automatically collect:

Device Information:

• Device type, model, and operating system
• Browser type and version
• Device identifiers (such as IP address, device ID)
• Screen resolution and display settings

Usage Information:

• Pages and features you access
• Time and date of access
• Time spent on pages
• Actions taken within the Service
• App crashes and performance data

Location Information:

• General location based on IP address
• We do not collect precise GPS location unless you explicitly grant permission

Cookies and Similar Technologies:

• Session cookies for authentication
• Preference cookies to remember your settings
• Analytics cookies to understand usage patterns

1.3 information from third parties

We may receive information from:

• Payment processors (Stripe, PayPal) - transaction confirmations and status
• App stores (Apple, Google) - download and purchase information
• Authentication providers - if you sign in using OAuth (Google, Apple, etc.)

2. how we use your information

We use the information we collect to:

2.1 provide and improve the service

• Create and manage your account
• Process and store event content
• Compile videos from guest messages
• Deliver compiled videos to you
• Provide customer support
• Send service-related notifications (event status, processing updates, credit expiration)
• Improve app features and user experience
• Fix bugs and resolve technical issues

2.2 process payments

• Process Event Credit purchases and subscriptions
• Send receipts and payment confirmations
• Prevent fraud and unauthorized transactions
• Manage refunds and billing issues

2.3 communicate with you

• Respond to your inquiries and support requests
• Send important service updates and security alerts
• Notify you of Event Credit expiration (30 days before)
• Send video compilation status updates
• Request feedback and conduct surveys (with your consent)

2.4 marketing (with consent)

• Send promotional emails about new features or offers (only if you opt in)
• You can unsubscribe from marketing emails at any time
• We never send unsolicited marketing to guests

2.5 analytics and research

• Understand how users interact with the Service
• Analyze usage patterns and trends
• Conduct research to improve features
• Generate aggregated, anonymized statistics

2.6 legal and security purposes

• Comply with legal obligations and regulations
• Enforce our Terms and EULA
• Protect against fraud, abuse, and security threats
• Respond to law enforcement requests
• Protect our rights and property

3. how we share your information

We do not sell your personal information to third parties. We share information only in the following circumstances:

3.1 service providers

We share information with third-party service providers who perform services on our behalf:

• Cloud hosting: Amazon Web Services (AWS), Google Cloud Platform - for data storage and processing
• Payment processing: Stripe, PayPal, Apple Pay, Google Pay - for payment transactions
• Email services: For sending transactional and notification emails
• Analytics: To understand app usage and performance
• Content delivery: CDNs for faster video delivery

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

3.2 within your events

Important: When you create an event:

• You control who can access the event and its content
• Guest messages are shared with you (the event host)
• If you share the compiled video, recipients can see all included messages
• You are responsible for how you share and use event content

3.3 legal requirements

We may disclose your information if required by law or in response to:

• Subpoenas, court orders, or legal process
• Government or law enforcement requests
• National security requirements
• Protection of our legal rights
• Investigation of fraud or security issues

3.4 business transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the new owner. We will notify you of any such change.

3.5 with your consent

We may share information for other purposes with your explicit consent.

4. data controllers and processors

This is important to understand who controls your data:

4.1 for event hosts (you)

• Your account data: Entrinsia is the data controller
• Guest data you collect: You are the data controller, Entrinsia is the data processor

4.2 for guests

• Your messages: The event host is the data controller
• Processing: Entrinsia processes your message on behalf of the host

What this means:

• Hosts are responsible for complying with privacy laws (GDPR, CCPA, etc.) for Guest data
• Hosts must obtain necessary consents from Guests
• Guests should contact the event host for data requests (access, deletion, etc.)
• Entrinsia will assist hosts in responding to Guest requests where possible

5. data retention

How long we keep your information:

5.1 account information

• Retained as long as your account is active
• Deleted within 30 days after you close your account (except as noted below)

5.2 event content

• Free storage: 3 months from event end date
• Extended storage: Based on your plan or paid extension
• After storage expires: Content may be deleted unless you download it

5.3 event credits

• Transaction records retained for 7 years (tax and accounting requirements)
• Credit status tracked until expiration (1 year from purchase)

5.4 backups

• Backup copies may be retained for up to 90 days after deletion
• Used only for disaster recovery and system stability

5.5 legal requirements

• We may retain information longer if required by law
• Information related to legal disputes retained until resolved
• Payment records retained for tax compliance (7 years)

5.6 anonymized data

• We may retain anonymized, aggregated data indefinitely for analytics
• This data cannot be linked back to you

6. data security

We implement reasonable security measures to protect your information:

6.1 technical safeguards

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access controls: Role-based access with authentication requirements
• Secure infrastructure: Data stored on secure cloud servers with industry-standard protections
• Regular updates: Security patches applied promptly

6.2 organizational safeguards

• Limited employee access to personal information (need-to-know basis)
• Confidentiality agreements with employees and contractors
• Security training for team members
• Regular security audits and assessments

6.3 no guarantee

Important: No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for:

• Keeping your password secure and confidential
• Not sharing your account credentials
• Logging out of shared devices
• Maintaining security of kiosk devices at events

6.4 data breaches

In the event of a data breach that affects your personal information, we will:

• Notify you via email within 72 hours of discovering the breach
• Describe what information was affected
• Explain steps we're taking to address the breach
• Provide guidance on how to protect yourself
• Comply with applicable data breach notification laws

7. your privacy rights

You have the following rights regarding your personal information:

7.1 access

• Request a copy of the personal information we hold about you
• Access your account information through your account settings
• Email support@entrinsia.com for additional information

7.2 correction

• Update inaccurate or incomplete information
• Edit account details in your account settings
• Contact us to correct information you cannot change yourself

7.3 deletion

• Request deletion of your account and associated data
• Close your account through account settings
• Email support@entrinsia.com to request deletion
• Note: Some information may be retained as described in Section 5 (Data Retention)

7.4 data portability

• Export your event content and data
• Download videos and messages through the Service interface
• Request a copy of your data in a structured, machine-readable format

7.5 opt-out of marketing

• Unsubscribe from marketing emails using the link in any marketing email
• Update communication preferences in account settings
• Note: You will still receive transactional and service-related emails

7.6 object to processing

• Object to certain uses of your information
• Contact support@entrinsia.com with your objection
• We will review and respond to your request

7.7 withdraw consent

• Withdraw consent for processing that requires consent
• This does not affect processing based on other legal grounds

7.8 lodge a complaint

• File a complaint with a data protection authority
• EU residents: Contact your local data protection authority
• California residents: See Section 8 for CCPA rights

how to exercise your rights

To exercise any of these rights:

• Email: support@entrinsia.com with subject line "Privacy Rights Request"
• Mail: Entrinsia Inc., 559 S El Monte Ave, Los Altos, CA 94022
• Include your name, email address, and specific request
• We will respond within 30 days (or as required by applicable law)

8. california residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

8.1 right to know

You have the right to request:

• Categories of personal information we collect
• Specific pieces of personal information we hold about you
• Categories of sources from which we collect information
• Business or commercial purposes for collecting information
• Categories of third parties with whom we share information

8.2 right to delete

• Request deletion of personal information we collected from you
• Subject to certain exceptions (legal obligations, completing transactions, etc.)

8.3 right to opt-out of sale

• We do not sell your personal information
• We do not share information for cross-context behavioral advertising

8.4 right to non-discrimination

• We will not discriminate against you for exercising your CCPA rights
• We will not deny service, charge different prices, or provide different quality of service

8.5 authorized agents

• You may designate an authorized agent to make requests on your behalf
• The agent must provide proof of authorization

8.6 verification

To protect your privacy, we must verify your identity before responding to CCPA requests. We may ask for:

• Your email address and account information
• Additional information to confirm your identity

8.7 ccpa contact

For CCPA requests:

• Email: support@entrinsia.com (subject: "CCPA Request")
• Toll-free: We will add a toll-free number before launch

8.8 california consumer notice

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

9. european residents (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

9.1 legal basis for processing

We process your personal information based on:

• Contract: To provide the Service and fulfill our agreement with you
• Consent: When you opt in to marketing or optional features
• Legitimate interests: To improve the Service, prevent fraud, ensure security
• Legal obligation: To comply with applicable laws

9.2 data transfers

• Your data may be transferred to and processed in the United States
• The U.S. may not have the same data protection laws as your country
• We use appropriate safeguards (Standard Contractual Clauses) for transfers

9.3 gdpr rights

In addition to the rights listed in Section 7, you have the right to:

• Restriction: Request restricted processing in certain circumstances
• Data portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Automated decisions: Not be subject to automated decision-making (we don't use this)

9.4 data protection authority

You have the right to lodge a complaint with your local data protection authority:

• Find your authority: https://edpb.europa.eu

9.5 gdpr representative

Our GDPR contact:

• Email: support@entrinsia.com (subject: "GDPR Request")
• Address: Entrinsia Inc., 559 S El Monte Ave, Los Altos, CA 94022

10. children's privacy

The Service is not intended for children under 13.

10.1 no collection from children

• We do not knowingly collect personal information from children under 13
• You must be 18 or older to create an account
• The Service is designed for adults to create events

10.2 minors in events

If your events include minors (under 18):

• You are responsible for obtaining parental consent
• You must comply with COPPA and similar laws
• You should not collect personal information from minors without consent
• Inform guests if minors will appear in messages

10.3 if we discover children's data

• If we learn we've collected information from a child under 13, we will delete it promptly
• If you believe a child has provided information, contact us immediately at support@entrinsia.com

10.4 parental rights

If you are a parent/guardian and believe your child provided information:

• Contact us at support@entrinsia.com
• Request access to, correction of, or deletion of the information
• We will verify your identity and relationship to the child

11. cookies and tracking

11.1 what are cookies?

Cookies are small text files stored on your device that help us provide and improve the Service.

11.2 cookies we use

Essential Cookies (Required):

• Authentication - keep you logged in
• Security - prevent fraud and protect accounts
• Session management - maintain your session state

Functional Cookies (Optional):

• Preferences - remember your settings
• Language - remember your language choice

Analytics Cookies (Optional):

• Usage analytics - understand how you use the Service
• Performance monitoring - identify and fix issues
• Feature testing - test new features

11.3 third-party cookies

Some cookies are placed by third-party services:

• Payment processors (Stripe, PayPal)
• Analytics providers (if we use them)
• Cloud services (AWS, Google Cloud)

11.4 managing cookies

You can control cookies through:

• Browser settings: Most browsers allow you to refuse cookies
• Cookie preferences: We may provide cookie preference tools in the future
• Note: Disabling essential cookies may affect Service functionality

11.5 do not track

• We do not currently respond to "Do Not Track" browser signals
• We do not track you across third-party websites

11.6 mobile app tracking

• Our mobile app may collect device identifiers for analytics and crash reporting
• You can limit tracking through your device settings (iOS: "Limit Ad Tracking", Android: "Opt out of Ads Personalization")

12. international users

12.1 data storage location

• Data is primarily stored on servers in the United States
• We may use cloud services in other countries
• By using the Service, you consent to transfer of your data to these locations

12.2 data protection standards

• We implement appropriate safeguards for international transfers
• We use Standard Contractual Clauses (SCCs) for EU data transfers
• We comply with applicable data protection laws

12.3 local laws

• If you use the Service from outside the U.S., you are responsible for compliance with local laws
• Recording consent laws vary by jurisdiction - you must comply with applicable laws

13. third-party services and links

13.1 third-party services

The Service integrates with third-party services that have their own privacy policies:

• Stripe: https://stripe.com/privacy
• PayPal: https://www.paypal.com/privacy
• Apple Pay: https://www.apple.com/legal/privacy/
• Google Pay: https://payments.google.com/privacy
• AWS: https://aws.amazon.com/privacy/
• Google Cloud: https://cloud.google.com/privacy

13.2 not responsible for third parties

• We are not responsible for third-party privacy practices
• Review their privacy policies before providing information
• Third-party data collection is subject to their terms, not ours

13.3 third-party links

• The Service may contain links to external websites
• We do not control these websites or their privacy practices
• Clicking these links is at your own risk

14. biometric information

MementoBook does not collect, store, or use biometric information.

14.1 what we don't do

• We do not use facial recognition technology
• We do not extract or analyze biometric identifiers (fingerprints, facial geometry, iris patterns, etc.)
• We do not create biometric templates or identifiers
• We do not use biometric data for authentication or identification

14.2 video and photos

• Videos and photos may contain images of faces
• These are stored as media files, not analyzed for biometric data
• We do not process these images to extract biometric information

14.3 state biometric laws

We comply with state biometric privacy laws including:

• Illinois Biometric Information Privacy Act (BIPA)
• Texas Capture or Use of Biometric Identifier Act
• Washington State biometric privacy law
• California biometric privacy provisions

15. changes to this privacy policy

15.1 we may update this policy

• We reserve the right to modify this Privacy Policy at any time
• Changes become effective immediately upon posting
• Your continued use constitutes acceptance of changes

15.2 how we notify you

For material changes, we will notify you via:

• Email to your account email address
• In-app notification
• Prominent notice on our website
• Update to the "Last Updated" date at the top

15.3 review regularly

• We encourage you to review this Privacy Policy periodically
• Check the "Last Updated" date to see if changes were made

16. contact us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

specific requests

• CCPA requests: Email with subject "CCPA Request"
• GDPR requests: Email with subject "GDPR Request"
• Data deletion: Email with subject "Data Deletion Request"
• Data export: Email with subject "Data Export Request"
• Security concerns: Email with subject "Security Issue"