Recall Aid

Privacy Policy — Recall Aid

Effective date: October 06, 2025

Entity responsible (Controller): Memory AI LLC (d/b/a “Recall Aid”), 9539 Saddlebag Row, Columbia, MD 21045, USA. Contact: support@recallaid.com

Scope & Who We Are

This Privacy Policy explains how Recall Aid collects, uses, discloses, and safeguards personal information when individuals visit our public website and use our web application (together, the “Services”). Recall Aid is operated by Memory AI LLC, a Maryland limited liability company. We provide an AI-assisted memory support experience that includes features such as Memoflection™, Memory Recall Network™, and Memory Stacking and may generate narrative summaries and images to support memory recall.

Not a HIPAA Covered Service (generally)

Unless we separately enter into a Business Associate Agreement with a covered entity (e.g., your provider or facility), Recall Aid is not a HIPAA covered service. We are a consumer wellness/mental-wellbeing tool and not a medical device or a substitute for professional care.

Information We Collect

We collect the following categories of information, which may be provided by you, generated by your use of the Services, or obtained from third parties (e.g., payment processors, analytics providers):

  • Account & Contact Data: name, email, password (hashed), username/handle, communication preferences.
  • User Content (“Memories”): text you type; audio/voice you record; photos and other media you upload; AI-generated content (e.g., narratives, images) derived from your inputs. Because users often share intimate life experiences, your User Content may contain sensitive data (e.g., health-related information, race/ethnicity, religious or community affiliations contained in memories, union membership, sexual life, or biometric voice characteristics embedded in audio). You should only upload content you are comfortable sharing with us for the stated purposes.
  • Usage & Device Data: log files, IP address, device/browser type, referring/exit pages, timestamps, language, crash/diagnostics, and cookie identifiers (see §10).
  • Support & Feedback Data: information you submit to our support channel (support@recallaid.com) and product feedback forms.
  • Transactional Data: subscription status, plan, and limited billing metadata from our payment processor (we do not store full card numbers).
  • Research/Study Data (optional/consented): if you opt in to an IRB-approved or other research protocol, we may collect study-specific survey responses, coded transcripts, and de-identified artifacts under a separate consent and protocol (see §9). Prior Recall Aid/Memory AI studies have involved structured prompts, transcripts, and image generation in controlled settings with defined consent, anonymization, and retention procedures.

Sources of Information

  • Directly from you (account creation, uploads, audio recordings, forms).
  • Automatically from your device/browser as you use the Services.
  • Service providers (e.g., analytics, payment, cloud hosting).
  • With your explicit permission, from integrated third-party services you connect.

How We Use Information (Purposes)

We process personal information for:

  • Core Service Delivery: to create and maintain your account; store and render your memories; generate narratives and images; provide voice interactions; and operate features such as Memoflection™, Memory Recall Network™, and Memory Stacking.
  • Personalization & Quality: to tailor prompts and outputs to your preferences and past interactions and to improve clarity, coherence, and safety of AI responses.
  • Customer Support & Safety: to respond to requests, detect/prevent misuse or security incidents, and enforce our Terms.
  • Analytics & Performance: to understand feature usage and improve stability and accessibility.
  • Compliance & Legal: to satisfy legal obligations, resolve disputes, and maintain records.
  • Research (opt-in only): if you separately consent to a study, to conduct IRB-approved or ethics-reviewed research per that consent and protocol (see §9).

Legal bases (GDPR/UK GDPR): consent (especially for sensitive data), contract (to deliver the Services), legitimate interests (security, debugging, product improvement), legal obligation, and—if applicable—public interest research under an approved protocol.

Our Approach to Sensitive Personal Information

What counts as sensitive? Depending on your location, “sensitive” can include health information, precise geolocation, race/ethnicity, religious beliefs, sexual life/sexual orientation, union membership, government IDs, or biometric identifiers (e.g., vocal features in audio).

Your choices & our commitments:

  • We only process sensitive information if you choose to upload it or otherwise explicitly consent (e.g., via an in-product consent box).
  • We use sensitive data only for the limited purposes you expect (e.g., rendering your memories, product safety, or research you opted into) and not for cross-context behavioral advertising or selling.
  • California: You may limit use and disclosure of Sensitive Personal Information to service delivery and security (see §11).
  • You can delete your sensitive User Content at any time from within the web app or by contacting support@recallaid.com (verification required).

How AI Processing Works

Your inputs (text, audio, photos) are processed by our systems and trusted service providers to generate outputs (e.g., personalized prompts, narratives, images) that support memory recall. Our product roadmap and security commitments emphasize defense-in-depth controls (encryption, audits, incident response, and compliance readiness).

Model training: We do not allow vendors to use your Memories/User Content to train their foundation models without your explicit opt-in.

We take precautions to reduce risks such as confabulation or false memory suggestions; research workflows follow separate consents and constraints (see §9).

How We Share Information

We disclose personal information to:

  • Service Providers / Processors: cloud hosting, security, analytics, content rendering/generation, email/support, and payments—bound by contract to use the data only to provide services to us.
  • Research Collaborators (opt-in only): if you enroll in a protocol, de-identified or coded data may be shared as described in the study consent.
  • Corporate Transactions: in a merger, acquisition, financing, or sale of assets, subject to continued protections.
  • Legal/Compliance: to comply with law, respond to lawful requests, or protect rights, safety, and security.
  • Aggregated/De-identified Data: we may publish or share information that cannot reasonably be linked back to you.

We do not “sell” personal information or “share” it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act as amended by the CPRA (the “CPRA”). If this changes, we will update this Policy and provide opt-out mechanisms.

Data Security

We use administrative, technical, and physical safeguards, including encryption in transit and at rest, access controls, change management, periodic reviews, and an incident response plan. Our launch and strategy materials emphasize robust cybersecurity measures, regular security audits, adherence to global data protection frameworks, and transparent data usage.

No method of transmission or storage is 100% secure; risks remain despite safeguards. If we discover a breach affecting your data, we will notify you consistent with applicable laws.

Research & IRB Context (Optional Participation)

From time to time, Recall Aid may be used in research. Participation is always optional and governed by separate informed consent and IRB/ethics review describing data elements, coding/anonymization, uses, retention, and contacts for questions/concerns. Examples include a Morehouse College protocol that used structured prompts, transcripts, surveys, and AI-generated images with informed consent, anonymization, and confidentiality measures. Research data are segregated and subject to additional protections and retention schedules defined in the study documents.

Cookies & Similar Technologies

We use cookies, local storage, and similar technologies to:

  • keep you signed in, remember preferences, and protect your session;
  • measure usage and improve performance; and
  • (if enabled) deliver basic, non-cross-context service communications.

You can manage cookies via your browser settings. If we add any advertising or cross-context tracking in the future, we will update this Policy and present appropriate consent/opt-out tools.

Your Privacy Rights

Your rights depend on your jurisdiction and may include:

  • United States (state privacy laws, e.g., CA/CO/CT/UT/VA and others):
    • Know/Access, Portability, Correction, Deletion: request a copy, correction, or deletion of your personal information.
    • Opt-Out: of targeted advertising (we do not perform cross-context advertising), of “sale”/“sharing” (we do not sell/share PI), and of certain profiling decisions.
    • Limit Use of Sensitive Personal Information (CA): restrict use to necessary purposes.
    • Appeal: if we decline a request (where applicable).
  • You (or your authorized agent) can submit rights requests at support@recallaid.com. We will verify your identity, respond within the statutory timeframe, and explain any denials and appeal rights.
  • Global Privacy Control (GPC): If we ever engage in activities that constitute “sale”/“sharing,” we will honor GPC signals as an opt-out where required.

EEA/UK/Switzerland (GDPR/UK GDPR)

  • You have rights to access, rectify, erase, restrict, object, and data portability, plus the right to withdraw consent at any time (without affecting lawful processing before withdrawal).
  • You also have the right to lodge a complaint with your data protection authority.
  • Legal bases include consent (especially for sensitive data), performance of a contract, legitimate interests (security/fraud prevention, service improvement), legal obligations, and, if applicable, public-interest research under ethics approval.
  • EU/UK Representative: [To be designated if required.]

Data Retention

  • User Content (Memories): retained until you delete it or close your account; system backups may persist up to [30–45] days thereafter.
  • Account, Logs & Device Data: typically [12–24] months for security, analytics, and troubleshooting.
  • Support Records: [24] months after closure.
  • Research Data (if applicable): per study consent and IRB protocol (e.g., stored de-identified for a fixed period, then deleted).

We may retain data longer if required by law or to resolve disputes, enforce agreements, or maintain security.

Children’s Privacy

The Services are not directed to children under 13 (or under 16 in some jurisdictions). We do not knowingly collect personal information from children under these ages without appropriate parental/guardian consent. If you believe a child has provided us information in violation of this Policy, contact support@recallaid.com for removal.

International Data Transfers

We are U.S.-based and may transfer, store, or process information in the United States and other countries with different data protection laws than your home country. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) to protect transferred data.

Third-Party Services & Links

The Services may link to third-party websites or integrate third-party features (e.g., payment, analytics). Their privacy practices are governed by their own policies. Review their terms before sharing information with them.

Protecting Others’ Privacy

Only upload memories, photos, or audio that you have the right to share. If your content includes information about others, you are responsible for obtaining any necessary permissions under applicable law.

Changes to This Policy

We may update this Policy to reflect changes to our practices or legal requirements. We will post the updated version with a new “Effective date” and, where required, provide additional notice.

How to Contact Us

Memory AI LLC (Recall Aid)
9539 Saddlebag Row, Columbia, MD 21045, USA
Email: support@recallaid.com

© Memory AI, LLC