Privacy Policy
Effective Date: April 21, 2026
⚠ Important β Do Not Store Sensitive Personal Data
SiderMem is designed as a productivity and context-capture tool, not a secure vault. Do not store any of the following in SiderMem:
- Passwords, PINs, or security codes of any kind
- Bank account numbers, credit/debit card numbers, or financial credentials
- Government-issued ID numbers (Social Security Number, passport, driver's license)
- Private keys, seed phrases, or cryptocurrency wallet credentials
- Medical records or health insurance information
- Any information that, if disclosed, could cause direct financial or personal harm
While we implement industry-standard security measures, no cloud-connected service can guarantee absolute security. You assume full responsibility for the sensitivity of content you choose to capture. SiderMem and its operators are not liable for any damages arising from the storage of highly sensitive or confidential data in this service.
1. Introduction
SiderMem is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your data when you use the SiderMem Chrome extension and cloud services. We operate on a "User-Initiated Capture" principle: we do not automatically crawl your data; we only save what you explicitly choose to keep.
2. Data We Collect
Account Information: We use passwordless authentication. We only store your email address to manage your account and subscription via Supabase Auth.
User Content (Memories): When you click the capture button, we save conversation fragments, code snippets, or text selections. This data is stored locally in your browser's IndexedDB and, if synced, in our secure Supabase cloud database.
Payment Data: All financial transactions are handled by Stripe. SiderMem never sees or stores your full credit card details.
3. AI Data Processing & Non-Training Commitment
When you use the AI Summary or Restructuring features, the selected memory content is transmitted to our AI processing infrastructure via secure API calls.
Crucially: We do not use your private memories to train our models, nor do we allow our sub-processors to use your data for their model training without your explicit consent.
4. Data Security & Storage
- Encryption: Data is encrypted during transit (SSL/TLS) and at rest in the cloud.
- Cloud Infrastructure: All cloud storage and authentication are provided by Supabase (Supabase Inc., a company incorporated in the United States and headquartered in San Francisco, CA). Supabase stores data in data centers located in the US by default. For details on Supabase's own security and compliance posture, see supabase.com/security.
- Row Level Security (RLS): We use Supabase's Row Level Security policies to ensure that each user's data is strictly isolated; even our administrators cannot access your private memories without explicit technical necessity.
- Local Control: You can choose to use SiderMem purely as a local tool without enabling Cloud Sync. In that mode, your data never leaves your device.
5. Sub-processors
We use the following industry-leading services to provide SiderMem:
| Partner | Country | Purpose |
|---|---|---|
| Supabase | πΊπΈ United States | Authentication, Database hosting, and Cloud Storage |
| Stripe | πΊπΈ United States | Subscription management and Billing |
5b. Cookies & Tracking
SiderMem's website and Chrome extension do not use cookies, advertising trackers, or third-party analytics to monitor your browsing behavior. No tracking pixels or fingerprinting technologies are employed. The only persistent storage used is Chrome's local IndexedDB and chrome.storage.local strictly for the core functionality of storing your memories on your own device.
5c. Data Retention
Active data: Your memories and account data are retained for as long as your account is active or as needed to provide the service.
After deletion: When you delete a memory or request full account/cloud data erasure, the data is marked for removal and permanently purged from our servers within 7 days. During this window the data is inaccessible to you but may exist in database backups. After 7 days it will no longer appear in any backup.
GDPR compliance: If you are located in the European Economic Area (EEA), you may request erasure under Article 17 of the GDPR. We will confirm completion of erasure within the 7-day window and respond to your request within 30 days as required by law.
Inactive accounts: Accounts with no login activity for 24 consecutive months may be subject to data archival or deletion. We will send a notice to your registered email before taking any such action.
6. Your Rights (GDPR/CCPA)
We provide tools for full data autonomy:
- Right to Portability: Use the "Export Data" feature to download your entire library in Markdown format.
- Right to Erasure: You can delete any memory at any time. For full cloud data clearing, we require an OTP (Email Verification) to ensure the request is authorized and final.
7. Age Restriction (COPPA)
SiderMem is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it without delay.
8. Governing Law
This Privacy Policy is governed by the laws of the State of California, United States. California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal data is collected, the right to opt-out of sale (we do not sell your data), and the right to non-discrimination for exercising privacy rights.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you via email at least 14 days before any material changes take effect. The updated policy will be posted on this page with a revised effective date.
10. Contact
For privacy inquiries or data requests, please contact: privacy@sidermem.com.