MemoChat Privacy Policy
Last updated: 15/5-2026
We welcome you to MemoChat, our website at www.memochat.net and/or our iOS and Android Mobile application (collectively our "Platform"). In the below Privacy Policy, we inform you about the scope of the processing of your Personal Data. MemoChat proceeds with all data processing procedures (e.g., collection, processing, and transmission) in accordance with Estonia's Personal Data Protection Act and the EU's General Data Protection Regulation ("GDPR").
Responsible for data processing
Responsible for data processing in accordance with the provisions of Estonian law and GDPR is:
AnimaTech OÜ
Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia
Web: www.memochat.net
E-Mail: info@memochat.net
The Supervisory Authority
The competent data protection authority in Estonia is:
Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Tatari 39, 10134 Tallinn, Estonia
Web: https://www.aki.ee
General information on data processing
In the course of our business and platform operations, we process data, and this data is generally transferred to our Amazon Web Services (AWS) server and we also use AWS for the provision of our website.
All Personal Data that we obtain from you via the platform will only be processed for the purposes described in more detail below. This is done within the framework of the respective legal regulations mentioned or only with your consent. In particular, Estonian law and GDPR specify when data processing is permitted. MemoChat collects Personal Data if:
You have given your consent,
The data is necessary for the fulfillment of a contract / pre-contractual measures,
The data is necessary for the fulfillment of a legal obligation or
The data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.
MemoChat processes and stores your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular Estonian commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
Processing of Automatically Collected Data
a) Collection of access data and log files
We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.
b) Use of cookies
To improve the services provided on the website, we use cookies that collect information about your usage behavior. Cookies are files that your web browser stores on your hard drive when you visit a website. Cookies may, under certain circumstances, personally identify you either directly (for example, with an e-mail address) or indirectly (for example, with a unique identification code of a cookie, an IP address or the identification code of a device). The data stored may include the pages you visit, the date and time of your visit, and other tracking information. For more information, please refer to our Cookie Policy.
c) Downloading the APP
The APP can be downloaded from the "Google Playstore" a service offered by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland if you are a resident within the EU, or the Apple App service "App Store" a service of Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, US, if you are resident outside the EU and Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland, if you are a resident within the EU, to install our APP. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
d) Installing the APP
As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which Personal Data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. This could in particular be Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. We cannot influence which Personal Data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
e) Device information
Google and Apple may collect information from and about the device(s) you use to access the APP, including hardware and software information such as IP address, device ID and type, device-specific and APP settings and properties, APP crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.
f) Firebase
We use the Google Firebase developer platform and related features and services provided by Google LLC and Google Ireland Limited for push notifications, anonymous authentication, and encryption key exchange. Google Firebase is a platform for developers of apps for mobile devices. The Google Firebase developer platform offers a variety of features. A list of these features can be found at: https://firebase.google.com/terms/. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy
Firebase logs are retained for 90 days and include anonymized device identifiers, Firebase tokens, and user engagement data (e.g., message read and delivery status).
Data processing when you use our services
a) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations (Art. 6 para. 1 lit. b GDPR) and/or our overriding legitimate interest in processing your request (Art. 6 para. 1 lit. f GDPR).
b) Profile and account
If you create a user account, you will receive a unique ID from us and you are required to provide a username, nickname, and public ID. You may optionally add a profile photo. This allows us to identify you as a user and gives you the opportunity to manage your account, use our services. Within your profile you are able to delete your account at any time. Upon account deletion, all your data is permanently removed from our systems, including messages, media files, encryption keys, and account information. Your data will be processed on the basis of contractual necessity (Art. 6 para. 1 lit. b GDPR) and your consent (Art. 6 para. 1 lit. a GDPR).
c) When using our services
We process the data of our registered users in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further. The required information is identified as such in the context of the information required for the provision of services.
Of course, in the course of operating the Services, we also facilitate your chats with other users and the content you transmit. However, due to our end-to-end encryption, we cannot access or read the content of your messages.
Our Security Model:
End-to-End Encryption (E2E): All messages (text, voice, images, GIFs) are encrypted on your device before being sent. We use X25519 key exchange to establish a shared secret between you and the recipient, then encrypt each message with AES-256 symmetric encryption. Only you and the intended recipient can read your messages. MemoChat's servers cannot decrypt or read your message content at any time.
Encryption Keys: Your encryption key pair is generated and stored securely on your device. The public key is shared via our key exchange service so other users can send you encrypted messages. Your private key never leaves your device.
Files and Audio Messages: Encrypted on your device before upload using unique per-chat encryption keys. Our servers store only the encrypted data and cannot decrypt these files.
Server-Side Encryption: In addition to E2E encryption, user account data stored on our servers is encrypted at rest using AES-256-CBC with unique salt values.
Data in Transit: All communications between your device and our servers are secured using HTTPS/TLS encryption.
Push Notifications: To protect your privacy, push notification content displays only generic descriptions such as "New message" or "Voice message." The actual message content is never sent through push notification servers and cannot be read by any third party.
Some of the Personal Data you provide may be considered "special" or "sensitive". This includes Personal Data concerning for example your health, racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.
You have choices about the Personal Data you upload and share. You don't have to provide Personal Data; however, Personal Data helps you to get more from our Services. It's your choice whether to include special category data and to make that special category data public. Please do not upload or add data that you would not want to be available.
The legal basis for the processing of your personal and special category data is the establishment and implementation of the user contract for the use of the service as well as your consent. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.
You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing to info@memochat.net.
The legal basis for the data processing is the fulfillment of our contractual obligations (Art. 6 para. 1 lit. b GDPR) and, in individual cases, the fulfillment of our legal obligations (Art. 6 para. 1 lit. c GDPR) as well as your Consent (Art. 6 para. 1 lit. a GDPR).
Duration of data storage
We only store Personal Data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, irrespective of the processing purposes.
Specific retention periods:
Account Data: Retained until you delete your account, at which point all personal data is permanently deleted from our systems
Message Data: Retained based on user settings, with options for timed deletion or longer retention for active accounts. All message data and associated media files are permanently deleted upon account deletion
Log and Usage Data: Retained for up to 12 months to aid performance and troubleshoot issues
Push Notification Tokens: Expire with the session or upon logout
Encryption Keys: Your private encryption key is stored only on your device and is deleted when you log out or delete your account. Public keys stored on our key exchange service are deleted upon account deletion
Obligation to provide Personal Data
You are not obliged to provide us with Personal Data. However, depending on the individual case as described above, the provision of certain Personal Data may be necessary for the provision of the services. If you do not provide us with this Personal Data, we may not be able to provide the requested service.
Do Not Sell
We do not sell data to third parties.
Authorizations and Access
We may request permission to store your APP data including your Internet Connection and Network, Camera, Audio, Video, Photos and Gallery of your device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our APP may not function as intended.
Push messages
When you use the app, you will receive so-called push messages from us, even if you are not currently using the App. These are messages that we send you as part of the performance of the contract. Due to our end-to-end encryption, push message content only displays generic notifications (e.g., "New message") and does not reveal the actual content of your messages. You can adjust or stop receiving push messages at any time via the device settings of your device.
Transfer of Personal Data
We will not disclose or otherwise distribute your Personal Data to third parties unless this:
Is necessary for the performance of our services,
You have consented to the disclosure, or
The disclosure of data is permitted by relevant legal provisions.
However, we are entitled to outsource the processing of your Personal Data in whole or in part to external service providers acting as processors within the framework of Estonian law and GDPR. External service providers support us, for example, in the technical operation and support of the platform, data management, the provision and performance of services, marketing, as well as the implementation and fulfillment of reporting obligations.
Our main third-party partners include:
Firebase (Google LLC) for push notifications, anonymous authentication, and encryption key exchange
Amazon Web Services (AWS) for secure server hosting and encrypted file storage
Pusher (MessageBird B.V.) for real-time message delivery
Giphy (Meta Platforms, Inc.) for GIF search and sharing within chats
These providers may process data outside the EU. We implement appropriate safeguards, including Standard Contractual Clauses (SCCs), to ensure GDPR compliance.
The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with Estonian law and the GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organizational measures, and additional controls by us.
We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfill our legitimate interests.
Automated decision-making
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place at MemoChat.
Your data subject rights
Every data subject has:
The right to information according to Art. 15 GDPR,
The right to rectification according to Art. 16 GDPR,
The right to deletion according to Art. 17 GDPR,
The right to restriction of processing pursuant to Art. 18 GDPR, and
The right to data portability under Art. 20 GDPR.
Further, you can revoke consent, in principle with effect for the future.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). We would, however, appreciate the chance to deal with your concerns before you approach a data protection supervisory authority.
Finally, you also have a right to object according to Art. 21 GDPR. This applies, on grounds relating to data processing on the basis of my legitimate interest and also to profiling.
If you object, we will no longer process your Personal Data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
Security
State-of-the-art internet technologies are used to ensure the security of your data. We employ robust measures to protect your data:
End-to-End Encryption: All message content (text, voice, images, GIFs) is encrypted on your device using X25519 key exchange and AES-256 symmetric encryption before being transmitted. Only the intended recipient can decrypt and read the content. MemoChat's servers never have access to the decryption keys for your messages.
Server-Side Encryption: User account data (phone numbers, usernames) is encrypted at rest on our servers using AES-256-CBC with unique salt values per record.
Files and Media: Encrypted on your device before upload using unique per-chat encryption keys. Our servers store only the encrypted data and cannot decrypt these files.
Data in Transit: HTTPS/TLS encryption for all communications between your device and our servers.
Key Management: Encryption keys are generated and stored securely on your device. Private keys never leave your device. Public keys are exchanged through a secure, authenticated channel.
For secure storage of your data, the systems are protected by firewalls that prevent unauthorized access from outside. In addition, technical and organizational security measures are used to protect the Personal Data you have provided against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
Updating your information
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or by contacting us using info@memochat.net.
Withdraw your consent
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all purposes by submitting your request to us using info@memochat.net.
Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
Changes and updates
We kindly ask you to regularly inform yourself about the content of our Privacy Policy. We will amend our Privacy Policy as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us using info@memochat.net.
MemoChat Terms and Conditions
Last updated: 15/5-2026
Welcome to MemoChat. These Terms and Conditions ("Terms") govern your use of the MemoChat website at www.memochat.net and the MemoChat mobile application for iOS and Android (collectively the "Platform"). By creating an account or using the Platform, you agree to these Terms.
The Platform is operated by:
AnimaTech OÜ
Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia
E-Mail: info@memochat.net
1. Eligibility
You must be at least 16 years old to use MemoChat. By using the Platform, you confirm that you meet this age requirement. If you are under 18, you confirm that your parent or legal guardian has reviewed and agreed to these Terms on your behalf.
2. Your Account
You are responsible for maintaining the security of your account. You agree to:
- Provide accurate information when creating your account
- Keep your login credentials secure and not share them with others
- Notify us immediately if you believe your account has been compromised
- Not create more than one account per person
We reserve the right to suspend or terminate accounts that violate these Terms.
3. Acceptable Use
You agree not to use MemoChat to:
- Send spam, unsolicited messages, or bulk messages
- Harass, threaten, intimidate, or abuse other users
- Share content that is illegal, harmful, hateful, or promotes violence
- Share content that exploits or harms minors in any way
- Impersonate another person or entity
- Distribute malware, viruses, or any harmful software
- Attempt to access other users' accounts or data without authorization
- Interfere with or disrupt the Platform's operation
- Use the Platform for any illegal activity
- Reverse-engineer, decompile, or attempt to extract the source code of the Platform
4. Content and Messages
You retain ownership of the content you send through MemoChat. By using the Platform, you grant us a limited license to transmit and temporarily store your content solely for the purpose of delivering it to the intended recipient.
Due to our end-to-end encryption, we cannot access, read, or monitor the content of your messages. You are solely responsible for the content you share.
We may remove content or suspend accounts if we receive reports of violations of these Terms, to the extent technically possible given our encryption model.
5. Privacy and Encryption
Your privacy is fundamental to MemoChat. All messages are protected by end-to-end encryption. For full details on how we handle your data, please refer to our Privacy Policy above.
6. Intellectual Property
The MemoChat name, logo, and all related trademarks, designs, and intellectual property are owned by AnimaTech OÜ. You may not use our branding without prior written permission.
The Platform's software, design, and underlying technology are protected by copyright and intellectual property laws. You are granted a limited, non-exclusive, non-transferable license to use the Platform for personal, non-commercial purposes.
7. Third-Party Services
MemoChat integrates with third-party services including Firebase (Google LLC), Amazon Web Services, Pusher (MessageBird B.V.), and Giphy (Meta Platforms, Inc.). Your use of features powered by these services may also be subject to their respective terms of service.
GIFs provided through Giphy are subject to Giphy's terms of service and acceptable use policies.
8. Availability and Changes
We strive to keep MemoChat available at all times, but we do not guarantee uninterrupted access. We may:
- Perform maintenance that temporarily affects availability
- Update, modify, or discontinue features at any time
- Change these Terms with reasonable notice
If we make significant changes to these Terms, we will notify you through the Platform or by other reasonable means. Continued use of MemoChat after changes take effect constitutes acceptance of the updated Terms.
9. Limitation of Liability
To the maximum extent permitted by law:
- MemoChat is provided "as is" without warranties of any kind
- We are not liable for any indirect, incidental, or consequential damages arising from your use of the Platform
- Our total liability for any claim related to the Platform shall not exceed the amount you paid to us in the 12 months preceding the claim
- We are not responsible for content shared between users, as it is end-to-end encrypted and inaccessible to us
10. Account Deletion
You may delete your account at any time through the app settings. Upon deletion, all your data is permanently removed from our systems, including messages, media files, encryption keys, and account information. This action is irreversible.
11. Governing Law and Disputes
These Terms are governed by the laws of the Republic of Estonia. Any disputes arising from these Terms or your use of the Platform shall be resolved in the courts of Tallinn, Estonia.
Before initiating legal proceedings, we encourage you to contact us at info@memochat.net to resolve any issues amicably.
12. Severability
If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.
13. Contact
For questions about these Terms, contact us at:
AnimaTech OÜ
E-Mail: info@memochat.net
Web: www.memochat.net