Privacy Policy

Effective date: April 25, 2026

Rememberly ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights as a user.

1. Data We Collect

When you use Rememberly, we collect and store the following information associated with your account:

Saved content — URLs, links, and files you choose to save.
User-created notes — any notes or annotations you add to saved items.
AI-generated metadata — summaries, tags, highlights, and entity extractions produced by our AI processing pipeline.
Account information — your email address and authentication credentials.
Usage data — anonymous analytics such as feature usage patterns and error reports to improve the service.

2. How Your Data Is Stored

All user data is stored in Supabase, a managed cloud database platform. Your data is scoped to your account using Row Level Security (RLS), meaning no other user can access your saved items, notes, or generated metadata. Data is encrypted at rest and in transit.

3. AI Processing Disclosure

Rememberly uses cloud-based AI services to generate summaries, tags, and other metadata for your saved content. When you save an item, its content may be sent to a third-party AI provider solely for the purpose of generating these enrichments. We do not share your data with third parties for advertising, marketing, or any purpose other than providing the Rememberly service.

AI-generated outputs are stored in your account and are subject to the same privacy protections as all other user data.

4. Instagram Integration (Meta Platforms)

If you choose to connect your Instagram account, Rememberly uses the Instagram Login API (operated by Meta Platforms, Inc.) to read posts and reels you have authored. We request only the instagram_business_basic scope. We do not request, read, or store posts authored by other Instagram users on your behalf.

What we receive from Meta when you connect:

Your Instagram username and Instagram-assigned user ID.
A long-lived OAuth access token (valid for 60 days, automatically refreshed before expiry).
For posts you save to Rememberly that you have authored: the post's caption text, media URL, timestamp, and permalink.

How we store and use it:

Access tokens are encrypted at rest using AES-256-GCM with a per-deployment key. They are never returned to the client and never logged in plaintext.
Captions are stored alongside your other saved items and are subject to the AI processing described in Section 3 (Anthropic / Google LLMs for summarisation; never used to train models).
We do not share Instagram data with advertisers, data brokers, or any third party other than the AI processing providers in Section 3.

Disconnecting:

You can disconnect Instagram at any time from Profile → Integrations → Instagram → Disconnect. Disconnecting immediately deletes your access token from our database. Captions of posts already saved before disconnection remain in your Rememberly library; you can delete them individually under Section 6 below.
You can also revoke access from Instagram itself at accounts.instagram.com/accounts/manage_access. When you do, Meta sends a deauthorize webhook to Rememberly which automatically removes your token.
Per Meta's Data Deletion Callback requirements, requesting full data deletion through Instagram's settings will cause Rememberly to delete your stored Instagram token within 24 hours.

5. Data Sharing

We do not sell, rent, or share your personal data with advertisers or data brokers. Your data may be shared only in the following limited circumstances:

With cloud infrastructure providers (Supabase, Vercel) as necessary to operate the service.
With AI processing providers as described in Section 3 above.
With Meta Platforms as described in Section 4 above (only if you choose to connect Instagram).
With our analytics provider (PostHog) as described in Section 6 below.
If required by law, regulation, or valid legal process.

6. Analytics (PostHog)

Rememberly uses PostHog to measure anonymous product usage — for example, which features are used and where users encounter errors. This helps us prioritize fixes and improvements.

What PostHog receives:

Anonymous event names (e.g., save, search, error) and their aggregate counts.
A random session identifier, your user ID (a UUID from our database), and a coarse device type.
No saved content, no URLs you save, no notes, no email address, no IP-based geolocation, no session recordings.

Autocapture and session recording are disabled. Inputs and text would be masked if they were ever enabled. PostHog's own privacy practices are documented at posthog.com/privacy.

You can opt out at any time under Profile → Analytics → Share usage analytics. Opting out stops all PostHog capture immediately (no page reload required); no events are sent until you opt back in.

7. Your Rights

You have the following rights regarding your data:

Export — You may export all of your saved data at any time from within the app.
Delete individual items — You may delete any saved item, note, or collection at any time.
Delete your account — You may request full account deletion, which will permanently remove all your data from our systems.

8. Cookies & Local Storage

Rememberly uses essential cookies and local storage for authentication and session management. We do not use third-party tracking cookies for advertising purposes.

9. Children's Privacy

Rememberly is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will revise the "effective date" at the top of this page and, for material changes, notify you via the app or email.

11. Contact

If you have questions about this privacy policy or your data, please contact us at:

support@rememberly.app