Privacy Policy

Memry Privacy Policy

This Privacy Policy explains how Memry ("Memry," "we," "us," or "our") collects, uses, discloses, and protects information when you use our websites and services (the "Service").

If you do not agree with this Policy, do not use the Service.

1. Who We Are

Memry is operated by Gora Labs LLC located at 1710 W Hillcrest Dr. Newbury Park, CA, USA.

Contact (privacy): support@goralabs.dev

Support: support@goralabs.dev

2. Scope: Hosts, Guests, and Our Role

Memry is an event-media collection platform. A Host creates an event workspace and shares a link or QR code with Guests who upload photos, videos, and related content.

Depending on how you use Memry, we act in different roles:

• For account and business operations such as billing, security, and platform administration, Memry generally acts as a data controller for the personal data we collect to run our business and provide the Service.
• For Event Workspace content such as uploads and related metadata, the Host often determines who can upload, view, download, and share content. In those cases, the Host may be the controller and Memry may act as a service provider or processor to store and process data on the Host's behalf.

This matters for rights requests: some requests must be directed to the Host, for example removal from a specific event workspace, because the Host controls access and sharing.

3. Information We Collect

We collect information in three main ways: (a) information you provide, (b) information collected automatically, and (c) information from third parties.

3.1 Information you provide

Account data (Hosts and registered users)

• Name, email, password (hashed), and authentication tokens
• Organization or team details, if applicable

Event workspace data

• Event name, date and time, settings, visibility, upload rules, export options, and retention settings

User Content (Hosts and Guests)

• Photos, videos, captions, comments, and any other files you upload
• Content metadata such as timestamps, file type, size, and device-related metadata if embedded in files

Communications

• Support requests, feedback, form submissions, and messages you send us

Payment and billing data (Hosts)

• Billing name, billing address, and tax information if provided
• Payment status and transaction records

Payment card details are typically handled directly by our payment processors, such as Stripe, and are not stored by Memry in raw form.

3.2 Information collected automatically

When you use the Service, we may collect:

• IP address, device identifiers, browser type, and operating system
• Log data such as pages viewed, actions taken, timestamps, and referring URLs
• Approximate location derived from IP address
• Cookies and similar technologies, as described in Section 8

3.3 Information from third parties

We may receive information from:

• Payment processors, such as payment confirmations and dispute or chargeback data
• Analytics and security providers, such as fraud signals and abuse-detection indicators
• Infrastructure providers, such as hosting, CDN, and storage operation logs

4. How We Use Information

We use personal information to:

Provide and operate the Service

• Create and manage accounts and event workspaces
• Enable uploading, processing such as thumbnails or encoding, storing, downloading, and exporting files

Maintain safety, security, and integrity

• Prevent spam, fraud, abuse, and unauthorized access
• Monitor, debug, and maintain reliability

Process payments and manage billing

• Collect payments and handle refunds, disputes, and receipts where applicable

Provide support and communicate with you

• Respond to requests and send service notices such as security and policy updates

Improve the Service

• Understand usage trends, test features, and fix bugs using aggregated or de-identified insights where feasible

Comply with legal obligations

• Respond to lawful requests and enforce our Terms

5. Legal Bases (EEA/UK/Similar Jurisdictions)

Where required by law, such as under GDPR, we rely on the following legal bases:

• Contract, to provide the Service you request
• Legitimate interests, such as security, fraud prevention, analytics, and improving the Service
• Consent, where required for certain cookies or marketing
• Legal obligation, such as tax, accounting, and compliance

6. How We Share Information

We share information only as needed to provide and secure the Service:

6.1 With service providers ("processors")

We use vendors to help run Memry, such as:

• Cloud hosting, storage, and content delivery
• Payment processing
• Analytics and error monitoring
• Customer support tools
• Email delivery

These providers are authorized to process data on our behalf and under contractual restrictions.

6.2 With Hosts and other users (workspace-controlled sharing)

If you upload to an Event Workspace as a Guest, the Host and anyone the Host authorizes may view your uploads, download or export them, and share them outside Memry. Memry is not responsible for Host sharing decisions.

6.3 For legal and safety reasons

We may disclose information if we believe it is necessary to:

• Comply with law or legal process
• Protect rights, safety, and security
• Investigate fraud or enforce Terms

6.4 Business transfers

If Memry is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction.

7. Data Retention and Deletion

We retain information as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Event media retention is governed by the event's configured lifecycle, such as upload phase, gallery, ZIP-only grace window, and retention end. Auto-delete is expected at the end of the lifecycle. After retention ends, content may be deleted and may not be recoverable.

Deleted data may persist for a limited time in backups or logs.

8. Cookies and Similar Technologies

We use cookies and similar technologies for:

• Authentication and session management
• Security
• Preferences
• Analytics

You can control cookies through browser settings. Where required by law, we provide cookie consent controls.

9. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, and alteration.

No system is 100% secure. Please use strong passwords and keep credentials confidential.

10. International Data Transfers

Memry may process and store information in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers, such as contractual protections.

11. Your Privacy Rights and Choices

11.1 General rights

Depending on your location, you may have the right to request access, correction, deletion, or objection to certain processing, and to withdraw consent where processing is based on consent.

11.2 California (CCPA/CPRA) disclosures and rights

If you are a California resident, you may have rights such as the right to know, delete, correct, opt out of sale or sharing for targeted advertising if applicable, limit use or disclosure of sensitive personal information if applicable, and be free from discrimination for exercising rights.

How to exercise rights: email support@goralabs.dev with the subject "Privacy Rights Request." We may need to verify your identity.

Do Not Sell or Share: Memry does not sell or share personal information.

11.3 Host-controlled data (Guests)

If your request relates to an Event Workspace, for example removal from a specific event, you may need to contact the Host because the Host controls access and sharing for that workspace. We will reasonably assist where feasible.

12. Children's Privacy

Memry is not intended for anyone under 18, and we do not knowingly collect personal information from anyone under 18. If we learn we have collected personal information from someone under 18, we will take steps to delete it.

13. Changes to This Policy

We may update this Policy from time to time. If changes are material, we will provide notice as required by law, for example by posting an updated date or showing an in-product notice.