Privacy Policy

Our Privacy Commitment

Memlode operates in two connected modes: a public website and commercial motion used for demos, pilots, procurement, and support; and a customer-facing product plus implementation service used to build and operate a company brain. Because both parts may involve personal information, operational context, and sensitive business records, we design the service around data minimization, workspace isolation, reviewability, and customer control. This Privacy Policy explains what information we collect, how we use it, when we share it, how AI processing fits in, and what rights and choices individuals and customers have across both the website and the enterprise service.

What This Policy Covers

This policy applies to memlode.com, contact forms, sales conversations, pilots, onboarding, implementation work, hosted workspaces, integrations, APIs, support, security reviews, and related services. It covers information submitted directly by visitors, prospects, customers, vendors, and partners; information generated when someone browses our site or interacts with our emails; and customer-authorized content and metadata imported from connected tools. Depending on configuration, customer content may include messages, tickets, incident timelines, pull requests, comments, documents, meeting notes, approvals, decision records, audit events, and other operational context needed to make the service useful. This policy does not transfer ownership of customer content to Memlode, and it does not permit us to repurpose one customer's data to benefit another customer's workspace.

Data We Collect

Memlode may collect contact and account details such as name, work email, company, title, phone number, billing contacts, authentication events, and workspace membership. On the website and commercial side, we may collect form submissions, meeting requests, proposal history, email engagement, referral source, cookie or analytics signals, device and browser details, and basic logs needed to secure the site and understand demand. In customer workspaces, Memlode may ingest customer-approved content and metadata from systems such as Slack, GitHub, GitLab, Linear, Jira, PagerDuty, incident tools, observability platforms, CRMs, support systems, document repositories, and other approved sources. We may also generate derived data such as summaries, embeddings, entity links, similarity matches, decision records, confidence indicators, redaction markers, approval states, and audit logs. We aim to collect only what is reasonably necessary to run the website, provide pilots and services, secure the platform, support customers, and operate the customer's configured use cases.

How We Use Customer Data

Memlode uses information to operate the website, respond to inquiries, schedule demos, negotiate pilots or enterprise agreements, onboard customers, deliver implementation services, secure accounts, maintain integrations, troubleshoot issues, and support the customer's company-brain environment. In product environments, customer data may be used to organize operational memory, surface source-backed answers, compare current situations to historical decisions, draft summaries, produce incident context, assist with workflow execution, and maintain traceable audit history. We may also use information to detect abuse, improve product quality within the customer's own environment, measure feature reliability, enforce contracts, send service communications, and comply with legal obligations. We do not sell personal information, broker customer content, or knowingly use one customer's source data, decisions, or embeddings to train or enrich another customer's workspace.

Customer Data Ownership and Control

Customers retain ownership of customer data and decide which users, systems, workflows, and integrations Memlode may access. Memlode receives a limited right to process customer data only to provide, secure, maintain, support, and improve the customer's own service environment and related implementation work. Customers control workspace membership, integration scopes, source disconnection, export requests, deletion requests, and approval settings, subject to the customer's agreement and applicable law. If a customer removes an integration, we may stop future ingestion from that source while retaining already processed records according to the applicable retention schedule, backup cycle, audit needs, or written customer instructions. Individuals who interact directly with Memlode through the website or support channels may also request access, correction, or deletion where applicable.

Enterprise Security Measures

Memlode is designed for organizations that expect strong operational security. We use encryption in transit and at rest, role-based access controls, least-privilege integration scopes, secure secrets handling, logging of administrative events, rate limiting, monitoring, backup safeguards, and review controls for access to production environments. Access to customer data is limited to personnel and systems with a legitimate business need, and we aim to log administrative access when it occurs. Depending on plan and contract, enterprise customers may request additional controls such as SSO or SAML, SCIM, private networking, data residency commitments, vendor review materials, custom incident-notification terms, approval workflows, customer-managed retention rules, and other deployment constraints. Security practices evolve over time as the product, threat landscape, and customer expectations change.

Data Isolation and Access Controls

Customer workspaces are intended to be logically isolated from one another. Memlode does not intentionally commingle one customer's source content, indexes, embeddings, decision records, or operational history with another customer's environment. Retrieval and workflow actions are designed to respect workspace boundaries, account permissions, integration scopes, and available source-system permission signals. A user should not be shown content through Memlode that the workspace or source system does not authorize them to access. Because source permissions can be complex and may change outside Memlode, customers remain responsible for maintaining accurate permissions in their connected systems and for deciding which users may enable or approve automated workflows.

AI Processing and Model Training

Memlode may use retrieval systems, embeddings, classifiers, and large language models to summarize, compare, validate, and surface customer-specific context. Customer data is not used to train public foundation models. Where third-party model providers or subprocessors are used, Memlode seeks enterprise settings and contractual controls that restrict provider-side training on customer content and limit retention of prompts, outputs, and source material. Memlode may also apply filters and validation steps designed to reduce prompt injection risk, accidental disclosure, unsupported conclusions, and unsafe automation. Sensitive customers may request additional model, retention, data residency, self-hosting, redaction, approval, and deployment controls through enterprise agreements.

Verification, Validation, and Human Review

Memlode is built to make important outputs reviewable rather than opaque. The service may provide citations, linked source material, confidence signals, decision-record references, approval states, change history, and audit logs so teams can inspect why a recommendation or draft was produced. Depending on configuration, outputs may be informational, low-confidence, draft, approval-required, or eligible for limited automation. Customers remain responsible for choosing how much authority to give the system in any workflow and for keeping humans in the loop where the context, law, or risk level requires it. For high-impact employment, legal, security, compliance, customer-remediation, or financial decisions, Memlode should be treated as a support tool unless a separate written agreement and workflow design expressly authorize a higher level of automation.

Retention, Deletion, and Export

Customers may request export, deletion, correction, or disconnection of customer data as permitted by their agreement and applicable law. Deletion requests may apply to individual records, imported sources, specific users, connected systems, or entire workspaces. Some information may be retained for limited periods in backups, audit logs, billing systems, security records, dispute files, and incident-response materials where necessary to operate the service, document actions taken, investigate abuse, enforce agreements, or comply with legal obligations. When data is deleted from active systems, related indexes, summaries, or derived records may also be removed or de-linked according to the relevant retention policy and technical architecture. Enterprise customers may request documented retention schedules, legal-hold processes, and deletion-certification workflows.

Customer-Managed Controls and Enterprise Requests

Memlode is intended to support customer privacy and compliance programs, including access control, auditability, data-processing documentation, review gates, deletion workflows, and customer-managed controls. Customers may request information about subprocessors, transfer mechanisms, security practices, data locations, retention controls, incident-notification procedures, and how Memlode supports legal frameworks such as GDPR, UK GDPR, CCPA/CPRA, and similar laws. We may share relevant information with service providers that support hosting, analytics, communications, identity, billing, security, customer support, and model or infrastructure operations, subject to contractual and operational controls. Our website may use cookies or similar technologies for security, analytics, and site functionality, and although browser do-not-track standards are not applied uniformly across the internet, users can still manage cookies through their browser settings and any controls we make available. Enterprise customers may also request vendor review materials, subprocessor details, and deployment-specific restrictions where available.

Individuals may have rights to know, access, correct, delete, or object to certain processing depending on where they live and how they interact with Memlode. To make a privacy or security request, contact privacy@memlode.com or security@memlode.com. Memlode may update this Privacy Policy as the website, product, integrations, legal obligations, service providers, and deployment options evolve. Material changes will be posted on this page, and customers with signed agreements may receive additional notice when required by those agreements or applicable law. Continued use of Memlode after an update means the revised policy applies to future use, subject to any separate written agreement between Memlode and the customer.