Privacy & trust

Your memory is yours. MyMem just listens carefully.

MyMem reads. It never writes back without you. The graph that powers your reflections lives in a Supabase database under row-level security, behind your account. You can export every memory or delete all of them at any time, from Settings → Privacy.

  • Read-only by default

    Every connector (Calendar, Gmail, Notion, Spotify, Oura, Whoop, Linear, Slack, Outlook…) asks for the minimum scope it needs to observe. MyMem never sends a single email, never edits an event, never posts a message.

  • Gmail is snippet-only

    By default MyMem reads the subject line and the first ~200 characters of the snippet — never the full body. Volume, tone, and cadence are signal enough.

  • Food photos aren't stored

    Meal photos are analyzed once on the server, then discarded. Only structured macros and notes stay in your timeline.

  • Tokens live on the server

    OAuth tokens sit in the integrations table and never ship to the browser. Claude runs only in server routes.

  • Export anytime

    One click in Settings → Privacy downloads a JSON archive of every memory event, behavioral pattern, identity snapshot, and observation MyMem holds for you.

  • Delete anytime

    A typed phrase clears memory events. Your account and connector links remain until you disconnect or delete the account.

What we collect

  • Account email and profile basics you provide during setup.
  • Memory events — text summaries, metadata, embeddings for search.
  • Connected app metadata (calendar events, mail snippets, listening, notes, health aggregates).
  • Optional face photo for Future Self — stored in a private bucket under your account.
  • Session cookies required to keep you signed in.

What we do not collect

  • Full Gmail bodies (by design).
  • Food photo files after analysis.
  • Data from apps you never connect.
  • Sold or brokered memory graphs.

How AI uses your data

Server routes retrieve relevant memories before calling Claude. Outputs cite patterns when possible. AI can be wrong — treat suggestions as reflection, not fact. Mirror is not medical, legal, or financial advice.

Third-party providers

Mirror is built on Supabase (database and auth), Vercel (hosting), Anthropic (AI), Stripe (billing when enabled), and the OAuth APIs you choose to connect. Each has its own privacy policy.

Retention

Memories stay until you delete them or your account. Connector tokens remain until you disconnect. We do not promise instant deletion across all backups — contact us for urgent removal requests.

What we never do

  • Sell your memory graph. No ads, no third-party model training, no broker pipelines. MyMem is funded by Pro and Ultra subscribers.
  • Send unrequested emails or calendar events.Guardian drafts a suggestion; you press send. Nothing leaves MyMem without your tap.
  • Make medical claims. Health signals are correlations only. eheadspace.org.au for AU support.
  • Gamify mental health. No streaks that reset, no shame loops. MyMem tracks a rolling seven-day presence rate and nothing more.

Why a suggestion appears

Every insight in MyMem is grounded in your own data — sleep and recovery from your wearable, calendar load, message tone, project movement, and the moments you log. The “Why MyMem suggested this” link on each card shows you the underlying signals and the confidence score behind the read. MyMem never claims to know what someone else feels.