Privacy Policy

Please read the full privacy policy. It is important to us that you understand how we handle your data and privacy. We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and secure manner.

Who is Mycelian AI?

For purposes of this Privacy Policy, "Mycelian" or "Mycelian AI" means Mycelian AI, Inc., the company developing and providing MyMemory, mycelian.ai, and related services.

Summary

We prioritize your privacy by giving you complete control over your data. Here's how we handle your privacy based on your interactions with MyMemory:

• All MyMemory data is stored locally on your device and is never transmitted to our servers.
• We very proudly DO NOT collect any analytics or telemetry data from the App, let alone personal information. There is no tracking of your usage of MyMemory.
• MyMemory connects to the internet only for software updates and license verification. When other tools connect to MyMemory via MCP, those tools control the internet requests.
• Our website uses Vercel's cookie‑less, privacy‑preserving analytics for aggregate traffic measurement only.
• Beta Notice: Export functionality is not yet available. AI models may make mistakes. Always maintain backups of important data.

Privacy of Customer Personal Information

Mycelian AI is dedicated to safeguarding the privacy and security of personal information obtained through the use of MyMemory.

This policy outlines the types of customer personal information we collect, how it is used, and measures taken to ensure appropriate handling of such information.

Limited Collection of Personal Information

MyMemory App

Mycelian AI does not receive or store any content saved locally while using MyMemory. All your memories, notes, and data remain on your device.

Mycelian.ai Website

We do not use cookies on our website. Whenever interacting with us online, certain types of information are collected automatically through cookie‑less analytics. We do not collect any analytics data from MyMemory (the App).

Our website analytics (Vercel Analytics) is completely cookie‑less and privacy‑preserving, meaning no cookies or persistent identifiers are stored in your browser. We collect only anonymized, aggregate traffic data to understand how visitors use our site.

Early Access List: If you sign up for our early access list, we collect your name and email address. This information will be used solely to notify you about MyMemory's launch and will be automatically deleted on or before December 31, 2025.

What Data We Collect (Website only)

We use Vercel Analytics to help us understand website traffic and improve our services. This tool is chosen for its privacy‑focused, cookie‑less approach and is more transparent and minimal than mainstream solutions like Google Analytics.

Through Vercel Analytics, we collect anonymized data such as:

• Pages visited
• Referring websites
• Browser type and device
• Geographical region (approximate)
• Visit duration and actions taken (e.g., button clicks)

We do not collect your name, IP address, email, or any personal identifier through analytics.

For our early access list, we collect:

• Name
• Email address

How We Use Collected Data

We collect minimal, anonymized data through privacy‑focused analytics tools (Vercel Analytics) to better understand how visitors interact with our website. This data helps us:

• Analyze traffic sources to understand where our visitors are coming from (e.g., search engines, social media, referrals).
• Identify visitation trends such as popular pages, time spent on site, and general engagement patterns over time.
• Optimize conversions to evaluate how visitors move through the site to improve signup flows, calls‑to‑action, and content relevance.
• Improve site experience in order to detect broken links or underperforming pages and make data‑driven enhancements.
• Measure marketing effectiveness by assessing the impact of campaigns or content in attracting relevant audiences.

This data is aggregated and anonymized. We do not collect any personal identifiers (such as names, IP addresses, or emails) through analytics.

Early access list data (name and email) is used solely for the purpose of notifying you about MyMemory's launch and will be deleted by December 31, 2025.

Internet Connectivity

MyMemory connects to the internet only in the following circumstances:

• To check for software updates or notify you about new versions
• For license verification through our payment processor, Lemon Squeezy

Important: When other tools (such as Cursor, Claude, or other AI applications) connect to MyMemory via MCP (Model Context Protocol), those tools are initiating the internet requests, not MyMemory itself. MyMemory serves as a local memory layer, and any data transmission to cloud services occurs through the requesting tool's connection. You should review the privacy policies of those tools to understand their data handling practices.

All internet connections initiated by MyMemory use industry‑standard encryption (HTTPS/TLS) to protect data in transit.

Payment Processor (Lemon Squeezy)

We use Lemon Squeezy as our payment processor for licensing and subscriptions. The only customer information retained by Mycelian AI through Lemon Squeezy includes:

• Customer account details for licensing purposes
• Payment metadata (excluding full payment or credit card information)
• License keys and associated active devices

Lemon Squeezy processes billing information under its own privacy policy. We do not store or have visibility into full payment card details.

Privacy Rule

MyMemory is designed with privacy by default. Mycelian AI does not collect, process, or store any Protected Health Information (PHI) or personally identifiable information (PII) from user sessions on our servers. All session data generated through MyMemory is stored locally on the user's device. Mycelian AI does not have any mechanism to access or transmit this session data.

The only customer information retained by Mycelian AI is limited and includes the information managed through our payment processor, Lemon Squeezy, as outlined above.

Mycelian AI does not store or have visibility into any proprietary data, PII, patient data (HIPAA/PHI), nor any other data that may be deemed sensitive. All sensitive data is stored locally by the user on their device.

When other applications (such as Cursor, Claude, or other AI tools) connect to MyMemory via MCP and retrieve your data, those applications may transmit that data to their own cloud services. Users are responsible for ensuring that those third‑party applications comply with their security requirements and meet their organizational privacy standards.

Data Privacy and Security Rules

Mycelian AI does not collect or transmit any data during MyMemory sessions, including telemetry, usage logs, or session content. As a result, Mycelian AI does not store or have access to any Personal Identifying Information (PII), Protected Health Information (PHI), nor any other similar sensitive data — neither at rest nor in transit.

Key security assurances include:

• No central data retention: MyMemory is architected to ensure that all user data remains local to the user's device
• Restricted internal access: No Mycelian AI employee, contractor, or consultant has access to customer session data
• Secure MCP connections: When applications connect to MyMemory via MCP (including from other devices on your local network), connections use industry‑standard encryption (HTTPS/TLS) to protect against network snooping
• User‑responsible third‑party tools: When third‑party applications connect to MyMemory and retrieve your data, those applications are responsible for their own security practices and any subsequent data transmission to external services. Mycelian AI is not responsible for how those applications handle your data after retrieval

Third‑Party Applications That Connect to MyMemory

MyMemory serves as an MCP (Model Context Protocol) server that other applications can connect to. When third‑party applications (such as Cursor, Claude, or other AI tools) connect to MyMemory and retrieve your data:

• Those applications control what data they request from MyMemory
• Those applications are responsible for how they transmit, store, or process the data they retrieve
• You are responsible for reviewing and accepting the privacy policies of applications you allow to connect to MyMemory
• Mycelian AI is not responsible for the data handling practices of third‑party applications that connect to MyMemory
• You should ensure third‑party applications meet your organization's security and compliance requirements before allowing them to access MyMemory

HIPAA Breach Notification Rule

In the unlikely event that a security incident occurs within Mycelian AI systems that leads to unauthorized access of PHI (e.g., due to a core application vulnerability), Mycelian AI will comply with the HIPAA Breach Notification Rule, which includes:

• Prompt notification to affected individuals
• Notification to the U.S. Department of Health and Human Services (HHS)
• Documentation of the incident and responsive actions taken

However, because Mycelian AI does not oversee or monitor third‑party applications that connect to MyMemory, breaches occurring within those third‑party platforms fall outside of Mycelian AI's responsibility. Users are advised to conduct independent security reviews of any applications they allow to connect to MyMemory.

Data Retention & Deletion

Because MyMemory data is stored locally on your device, you control retention. Deleting files or uninstalling MyMemory removes all App‑created data stored on your device.

Beta Notice — Export Feature: MyMemory is currently in beta. Users cannot currently export their memories before app deletion. We are working on adding export functionality in a future release. Until this feature is available, uninstalling the app will result in permanent loss of all stored memories.

AI Model Limitations: Memories are managed by AI models which may make mistakes, leading to inaccurate or incomplete memory storage and retrieval. While we have designed the system for high‑quality performance, real‑world usage may vary. Users should verify important information and not rely solely on AI‑generated memories for critical decisions.

Important — Data Loss and Backups: Data loss can occur due to software bugs, AI model errors, system failures, or user error. You are responsible for maintaining a secondary copy of your data and performing frequent backups. We strongly recommend regularly backing up important data stored by MyMemory. Mycelian AI is not liable for any data loss that may occur while using MyMemory.

Early access list data (name and email) will be automatically deleted on or before December 31, 2025.

Children's Privacy

The services are not directed to children under 13, and we do not knowingly collect personal information from children.

Changes to This Policy

We may update this Policy to reflect product changes or legal requirements. Material updates will be noted by revising the date above and, where appropriate, surfaced in‑product.

Contact

Privacy questions? Feel free to reach out via electronic mail at privacy@mycelian.ai.