Privacy Policy

Memry Privacy Policy

This Privacy Policy explains how Memry ("Memry," "we," "us," or "our") collects, uses, discloses, and protects information when you use our websites and services (the "Service").

If you do not agree with this Policy, do not use the Service.

1. Who We Are

Memry is operated by Gora Labs LLC located at 1710 W Hillcrest Dr. Newbury Park, CA, USA.

Contact (privacy): support@goralabs.dev

Support: support@goralabs.dev

2. Scope: Hosts, Guests, and Our Role

Memry is an event-media collection platform. A Host creates an event workspace and shares a link/QR code with Guests who upload photos/videos and related content.

Depending on how you use Memry, we act in different roles:

• For Account/Business operations (billing, security, platform administration): Memry generally acts as a data controller for the personal data we collect to run our business and provide the Service.
• For Event Workspace content (uploads and related metadata): in many cases, the Host determines who can upload, view, download, and share content. In those cases, the Host may be the controller and Memry may act as a service provider/processor to store and process data on the Host's behalf.

This matters for rights requests: some requests must be directed to the Host (for example, removal from a specific event workspace) because the Host controls access and sharing.

3. Information We Collect

We collect information in three main ways: (a) information you provide, (b) information collected automatically, and (c) information from third parties.

3.1 Information you provide

Account data (Hosts and registered users)

• Name, email, password (hashed), authentication tokens
• Organization/team details (if applicable)

Event workspace data

• Event name, date/time, settings (visibility, upload rules, export options, retention settings)

User Content (Hosts and Guests)

• Photos, videos, captions, comments, and any other files you upload
• Content metadata (timestamps, file type, size, device-related metadata if embedded in files)

Communications

• Support requests, feedback, form submissions, and messages you send us

Payment and billing data (Hosts)

• Billing name, billing address, tax information (if provided)
• Payment status and transaction records

Note: payment card details are typically handled directly by our payment processor(s) (e.g., Stripe), not stored by Memry in raw form.

3.2 Information collected automatically

When you use the Service, we may collect:

• IP address, device identifiers, browser type, operating system
• Log data (pages viewed, actions taken, timestamps, referring URLs)
• Approximate location derived from IP address
• Cookies and similar technologies (see Section 8)

3.3 Information from third parties

We may receive information from:

• Payment processors (e.g., confirmation of payment, disputes/chargebacks)
• Analytics/security providers (fraud signals, abuse detection indicators)
• Infrastructure providers (hosting/CDN logs, storage operation logs)

4. How We Use Information

We use personal information to:

Provide and operate the Service

• Create and manage accounts and event workspaces
• Enable uploading, processing (e.g., thumbnails/encoding), storing, downloading, and exporting files

Maintain safety, security, and integrity

• Prevent spam, fraud, abuse, and unauthorized access
• Monitor, debug, and maintain reliability

Process payments and manage billing

• Collect payments, handle refunds (if applicable), disputes, and receipts

Provide support and communicate with you

• Respond to requests, send service notices (security, policy updates)

Improve the Service

• Understand usage trends, test features, and fix bugs (using aggregated/de-identified insights where feasible)

Comply with legal obligations

• Respond to lawful requests and enforce our Terms

5. Legal Bases (EEA/UK/Similar Jurisdictions)

Where required by law (e.g., GDPR), we rely on the following legal bases:

• Contract (to provide the Service you request)
• Legitimate interests (security, fraud prevention, analytics, and improving the Service)
• Consent (where required for certain cookies/marketing)
• Legal obligation (tax, accounting, compliance)

6. How We Share Information

We share information only as needed to provide and secure the Service:

6.1 With service providers ("processors")

We use vendors to help run Memry, such as:

• Cloud hosting, storage, and content delivery
• Payment processing
• Analytics and error monitoring
• Customer support tools
• Email delivery

These providers are authorized to process data on our behalf and under contractual restrictions.

6.2 With Hosts and other users (workspace-controlled sharing)

If you upload to an Event Workspace as a Guest, the Host (and anyone the Host authorizes) may view your uploads, download/export them, and share them outside Memry. Memry is not responsible for Host sharing decisions.

6.3 For legal and safety reasons

We may disclose information if we believe it is necessary to:

• Comply with law or legal process,
• Protect rights, safety, and security,
• Investigate fraud or enforce Terms.

6.4 Business transfers

If Memry is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction.

7. Data Retention and Deletion

We retain information as long as needed for providing the Service, complying with legal obligations, resolving disputes, and enforcing agreements.

Event media retention is governed by the event's configured lifecycle (e.g., upload phase, gallery, ZIP-only grace window, and retention end). Auto-delete is expected at the end of the lifecycle. After retention ends, content may be deleted and may not be recoverable.

Deleted data may persist for a limited time in backups or logs.

8. Cookies and Similar Technologies

We use cookies and similar technologies for:

• Authentication and session management,
• Security,
• Preferences,
• Analytics.

You can control cookies through browser settings. Where required by law, we provide cookie consent controls.

9. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, and alteration.

No system is 100% secure. Please use strong passwords and keep credentials confidential.

10. International Data Transfers

Memry may process and store information in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers (e.g., contractual protections).

11. Your Privacy Rights and Choices

11.1 General rights

Depending on your location, you may have the right to:

• Request access to personal information,
• Request correction,
• Request deletion,
• Object to certain processing,
• Withdraw consent (where processing is based on consent).

11.2 California (CCPA/CPRA) disclosures and rights

If you are a California resident, you may have rights such as:

• Right to know categories and specific pieces collected, sources, purposes, and categories of third parties disclosed to
• Right to delete
• Right to correct
• Right to opt out of sale or sharing for targeted advertising (if applicable)
• Right to limit use/disclosure of sensitive personal information (if applicable)
• Non-discrimination for exercising rights

How to exercise rights: email support@goralabs.dev with the subject "Privacy Rights Request." We may need to verify your identity.

Do Not Sell or Share: Memry does not sell or share personal information.

11.3 Host-controlled data (Guests)

If your request relates to an Event Workspace (for example, removal from a specific event), you may need to contact the Host because the Host controls access and sharing for that workspace (see Section 2). We will reasonably assist where feasible.

12. Children's Privacy

Memry is not intended for anyone under 18, and we do not knowingly collect personal information from anyone under 18. If we learn we have collected personal information from someone under 18, we will take steps to delete it.

13. Changes to This Policy

We may update this Policy from time to time. If changes are material, we will provide notice as required by law (e.g., by posting an updated date and/or in-product notice).