SiderMem
Back to Home

Privacy Policy

Effective Date: May 19, 2026

⚠ Important β€” Do Not Store Sensitive Personal Data

SiderMem is designed as a productivity and context-capture tool, not a secure vault. Do not store any of the following in SiderMem:

While we implement industry-standard security measures, no cloud-connected service can guarantee absolute security. You assume full responsibility for the sensitivity of content you choose to capture. SiderMem and its operators are not liable for any damages arising from the storage of highly sensitive or confidential data in this service.

1. Introduction

SiderMem is committed to protecting your privacy. This policy explains how we collect, use, store, and share your data when you use the SiderMem Chrome extension and cloud services. We operate on a "User-Initiated Capture" principle: we do not automatically crawl your data; we only save what you explicitly choose to keep.

2. Data We Collect & How We Collect It

We only collect personal and sensitive user data that is strictly necessary to provide SiderMem's context management features. We operate on a strict "User-Initiated Action" principle: we do not automatically or passively harvest your personal data. Below are the specific categories of data we collect, how they are collected, and their purpose:

  • Account Information (Email Address):
    How we collect it: Provided voluntarily by you when registering or logging in using passwordless Magic Link / One-Time Password (OTP) authentication.
    Purpose: To create your account, manage your subscription plan (Free/Pro/Ultra), verify your identity for data erasure, and sync your data across devices.
  • User Content (Captured Memories):
    How we collect it: Actively saved by you when you click the "Save to SiderMem" injection button in AI chat pages, highlight text and click "Save Selection" in the context menu, or manually type/edit entries inside the side panel interface.
    Purpose: To store code snippets, conversation logs, and custom prompt templates in your personal memory library for your subsequent reference and injection.
  • Source Attribution Metadata (URLs & Page Titles):
    How we collect it: Extracted automatically from the active browser tab via the tabs permission only at the exact moment you trigger a capture action.
    Purpose: To automatically link your saved memories to their original web source so you can easily trace back and reference the full conversation or document.
  • Uploaded Files:
    How we collect it: Voluntarily uploaded or dragged-and-dropped by you into the extension side panel (supports `.txt`, `.md`, `.json`, `.csv`, `.pdf`).
    Purpose: To extract the plain text of your documents and save it as reference context in your memory library.
  • Payment Data:
    How we collect it: Handled entirely by our third-party billing processor, Stripe, when you subscribe to a paid tier.
    Purpose: To securely process payments. SiderMem never collects, stores, or sees your credit card credentials or banking details; Stripe only shares subscription status and customer IDs with us.
  • Technical Connectivity & Security Logs (IP Addresses):
    How we collect it: Standard server network headers when you interact with our secure Supabase backend API and Cloud Sync features.
    Purpose: Used strictly for security auditing, DDoS prevention, and rate-limiting. These logs are automatically rotated and deleted.

We do not collect telemetry, crash reports, behavioral analytics, browsing history outside of explicitly captured items, or any other data. No tracking pixels or fingerprinting is employed.

3. How We Use Your Data

We use the data we collect solely for the following purposes:

  • To provide the service: Your memories are stored and retrieved so you can access them across sessions and devices.
  • To authenticate your account: Your email address is used to send passwordless login links (OTP) and to verify your identity for sensitive operations such as data erasure.
  • To process AI features: When you invoke an AI Summary, Restructuring, or Ask feature, the selected memory content is transmitted to our current AI processing provider via our secure backend infrastructure to generate a response. This transmission is strictly limited to content you have selected for that operation, and is never sent directly from your browser to any AI provider.
  • To manage your subscription: Your email and subscription status are shared with Stripe to process payments and enforce plan limits.
  • To send service notifications: We may send transactional emails (e.g., login links, data erasure confirmations, policy change notices) to the email address on your account. We do not send marketing emails without your explicit opt-in.
  • To comply with legal obligations: We may process or retain data as required by applicable law (see Section 7).

We do not use your data for advertising, profiling, or any purpose beyond those listed above.

4. AI Data Processing & Non-Training Commitment

When you use the AI Summary, Restructuring, or Ask features, the selected memory content is transmitted to our backend infrastructure, which forwards it to a third-party AI language model provider for processing. This request is always routed through our secure server β€” your browser never contacts an AI provider directly. We select AI providers based on performance, privacy standards, and contractual data protections. Our current provider is listed in the sub-processor table in Section 6, and we will update that table and notify affected users whenever we switch providers.

We do not use your private memories to train any models, nor do we contract with AI providers that use API-submitted data for model training without explicit user consent.

We contractually require our AI processing providers to: (a) process your data only to fulfill the requested operation, (b) not retain your inputs or outputs beyond the duration of a single API call, and (c) not use your data for their own model training or product improvement.

5. Data Storage & Security

  • Encryption: Data is encrypted during transit (SSL/TLS) and at rest in the cloud.
  • Cloud Infrastructure: All cloud storage and authentication are provided by Supabase (Supabase Inc., incorporated in the United States, headquartered in San Francisco, CA). Supabase stores data in data centers located in the US by default. For details on Supabase's security and compliance posture, see supabase.com/security.
  • Row Level Security (RLS): We use Supabase's Row Level Security policies to ensure that each user's data is strictly isolated; even our administrators cannot access your private memories without explicit technical necessity.
  • Local Control: You can use SiderMem purely as a local tool without enabling Cloud Sync. In that mode, your data never leaves your device.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We do not share your data with advertising networks, third-party analytics companies, or marketing brokers. We share your data only in the following highly limited circumstances to run the application's core infrastructure:

Sub-processors: We share data with the following service providers strictly to operate the service (see full table below):

PartnerCountryPurposeData Shared
Supabase πŸ‡ΊπŸ‡Έ United States Authentication, Database hosting, Cloud Storage Email address, encrypted memory content
Stripe πŸ‡ΊπŸ‡Έ United States Subscription management and Billing Email address, payment details (handled directly by Stripe)
OpenRouter / Upstream AI Providers πŸ‡ΊπŸ‡Έ United States AI model processing β€” routes user request to large language models (such as OpenAI, DeepSeek, or Anthropic models) for summarization, restructuring, and memory querying. Only the specific memory content you explicitly select and submit for AI processing

Legal requirements: We may disclose your data if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of SiderMem, our users, or the public.

Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you via email before your data becomes subject to a different privacy policy.

With your consent: We may share your data in any other circumstances with your explicit prior consent.

7. Chrome Extension Permissions & Data Access

To provide its core productivity features, the SiderMem Chrome Extension requests several browser permissions. We only request permissions that are absolutely essential to the operation of the extension. Below is an exhaustive list of these permissions, why they are required, and the specific data they access:

  • sidePanel
    Why it is required: Enables the SiderMem persistent side panel in your browser.
    Data accessed: None. This is a UI permission to display the application side-by-side with your active tab for a seamless workflow.
  • storage
    Why it is required: Allows SiderMem to save your memory library, user settings, and login credentials locally.
    Data accessed: Saves your custom memory blocks, tags, local database tables (IndexedDB), and Auth tokens securely on your local device.
  • tabs
    Why it is required: Retrieves page metadata when you choose to save a memory.
    Data accessed: Accesses the active page title, URL, and tab index only at the precise moment you initiate a capture, which is used strictly to populate the source URL and title of the saved memory for proper attribution and search filtering.
  • activeTab
    Why it is required: Grants temporary access to the active webpage's text/DOM when a capture action is triggered.
    Data accessed: Extracts user-selected text, code blocks, or conversation fragments that you explicitly choose to save. It does not run in the background or monitor your browsing activity outside of user-initiated clicks.
  • contextMenus
    Why it is required: Adds the "Save Selection to SiderMem" option to your browser's right-click context menu.
    Data accessed: Captures the text selection you have highlighted when you click this context menu option to save it as a new memory entry.
  • downloads
    Why it is required: Allows you to export your data library out of SiderMem.
    Data accessed: Used strictly when you trigger the "Export Data" feature inside the extension settings to package your saved memory entries as a zip file containing Markdown files and download it to your local downloads folder.
  • Host Permissions (ChatGPT, Claude, Gemini, DeepSeek)
    Why it is required: Allows the extension to run custom content scripts on specified AI assistant websites:
    • https://chatgpt.com/*
    • https://claude.ai/*
    • https://gemini.google.com/*
    • https://chat.deepseek.com/*

    Data accessed: Allows low-intrusion injection of "Save to SiderMem" buttons beside conversation bubbles. This lets you capture chatbot threads directly with a single click. No data from these pages is collected or transmitted until you explicitly click the capture button.

We do not use any permission to collect data passively or without your explicit action.

8. Cookies & Tracking

SiderMem's website and Chrome extension do not use cookies, advertising trackers, or third-party analytics to monitor your browsing behavior. No tracking pixels or fingerprinting technologies are employed. The only persistent storage used is Chrome's local IndexedDB and chrome.storage.local strictly for the core functionality of storing your memories on your own device.

9. Data Retention

Active data: Your memories and account data are retained for as long as your account is active or as needed to provide the service.

After deletion: When you delete a memory or request full account/cloud data erasure, the data is marked for removal and permanently purged from our servers within 7 days. During this window the data is inaccessible to you but may exist in database backups. After 7 days it will no longer appear in any backup.

GDPR compliance: If you are located in the European Economic Area (EEA), you may request erasure under Article 17 of the GDPR. We will confirm completion of erasure within the 7-day window and respond to your request within 30 days as required by law.

Inactive accounts: Accounts with no login activity for 24 consecutive months may be subject to data archival or deletion. We will send a notice to your registered email before taking any such action.

10. Your Rights (GDPR/CCPA)

We provide tools for full data autonomy:

  • Right to Access: You may request a copy of all personal data we hold about you by contacting privacy@sidermem.com.
  • Right to Portability: Use the "Export Data" feature in the extension to download your entire memory library in Markdown format at any time.
  • Right to Erasure: You can delete any individual memory at any time within the extension. For full cloud data erasure, use the in-app data clearing feature, which requires an OTP (Email Verification) to confirm the request is authorized and final.
  • Right to Opt-Out of Sale: We do not sell your personal data. There is nothing to opt out of.
  • Right to Non-Discrimination: Exercising any privacy right will not affect the quality or availability of our service to you.
  • California Residents (CCPA): You have the right to know what personal data is collected about you, the right to request deletion, and the right to opt out of the sale of personal information (we do not sell data). To submit a verifiable consumer request, contact privacy@sidermem.com.

11. Age Restriction (COPPA)

SiderMem is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it without delay.

12. Governing Law

This Privacy Policy is governed by the laws of the State of California, United States. California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal data is collected, the right to opt-out of sale (we do not sell your data), and the right to non-discrimination for exercising privacy rights.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you via email at least 14 days before any material changes take effect. The updated policy will be posted on this page with a revised effective date.

14. Contact

For privacy inquiries, data access requests, or erasure requests, please contact: privacy@sidermem.com.

We will respond to all privacy-related inquiries within 30 days.