What happens when I reach my album limit?

You can unlock more albums by upgrading to a paid plan. Your existing albums remain accessible.

Guest Pass lets everyone you invite get full access to view and add photos without any limits or upgrade prompts. It's included with paid plans.

Can guests upload without an account?

Yes! Guests can view instantly without an account. To add photos, they just need to create a free account in seconds.

Do you use my photos for AI training?

Never. We never use your photos for AI training. Your memories stay yours.

Privacy Policy

Last updated: February 27, 2026

Introduction

Adam Duchemann, operating as Memrly ("we," "our," "us"), provides a private photo and video sharing mobile application ("Memrly" or the "Service"). We believe your memories belong to you and the people you share them with. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding your data.

By creating a Memrly account, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Data We Collect

1.1 Account Information

When you create an account, we collect:

Your name and profile picture
Email address (used for authentication and account communications)
Authentication credentials via Google Sign-In or Apple Sign-In

All users must create an account to access Memrly. There is no anonymous or guest access.

1.2 Photos and Videos

When you upload content to albums, we store:

Your photos and videos in their original or processed quality
Thumbnails generated from your media
Captions you add to your content
Media metadata (dimensions, file size, duration for videos)

1.3 Activity Data

To provide the Service, we collect:

Likes and comments on photos and videos
Album membership and invitation records
Notification preferences you configure

1.4 Device Information

For push notification delivery, we store:

Your device push notification token
Device platform (iOS or Android)

1.5 Payment Information

Subscription and purchase payments are processed entirely by Apple (App Store), Google (Play Store), and RevenueCat (our subscription management provider). We do not collect, store, or have access to your credit card numbers, bank account details, or other payment instruments. We receive only:

Subscription tier and status (active, expired, cancelled)
Purchase receipts for entitlement verification
Transaction identifiers for support purposes

1.6 Anonymized Usage Analytics

We collect aggregated, anonymized usage data from our own servers to improve the Service. This includes metrics such as feature usage patterns, upload rates, and retention trends. This data is:

Processed entirely on our own infrastructure (Supabase)
Not linked to any personally identifiable information
Not shared with any third party
Not collected through any third-party analytics SDK

We do not use cookies, behavioral tracking SDKs, or any third-party analytics tools in the Memrly app or website.

2. How We Use Your Data

We use your personal data exclusively for the following purposes:

Providing the Service: storing and delivering your photos and videos to authorized album members
Account management: authentication, account recovery, and subscription management
Communications: sending push notifications about album activity (configurable in settings), payment reminders, and important service updates
Content moderation: detecting and removing prohibited content to maintain platform safety (see Section 3)
Service improvement: analyzing anonymized, aggregated usage patterns to improve app features and performance
Legal compliance: responding to legal requests and enforcing our Terms of Service

We never use your photos to train AI or machine learning models
We never sell your data to third parties
We never show you ads
We never engage in profiling or behavioral targeting

3. Content Moderation and AI Scanning

To maintain a safe platform and comply with legal obligations, uploaded photos and videos may be automatically scanned using artificial intelligence and machine learning technologies. This scanning is designed to detect prohibited content, including but not limited to:

Child sexual abuse material (CSAM)
Graphic violence
Other content that violates our Acceptable Use Policy

Content flagged by automated systems is reviewed by a human moderator before any action is taken against your account. If prohibited content is confirmed, we may remove the content, suspend or terminate your account, and report the matter to relevant authorities, including the National Center for Missing & Exploited Children (NCMEC) and law enforcement, as required by law.

4. Permissions We Request

Permission	Purpose
Camera	To take photos and videos directly in the app
Photo Library	To upload existing photos and save images to your device
Microphone	To record audio when capturing videos
Contacts	To help you invite friends to albums. We do not store or upload your contacts to our servers.
Notifications	To alert you about new photos, comments, and album activity. Fully customizable in settings.

All permissions are optional. The app functions without granting any permission, though some features require specific permissions to operate.

5. Third-Party Services

We use the following third-party services to operate Memrly. Each service processes only the minimum data required for its function:

Service	Purpose	Data Shared	Location
Supabase	Database and authentication	Account data, album data, activity records	European Union
Cloudflare R2	Media file storage	Photos, videos, thumbnails	Global (distributed CDN)
Google Sign-In	Authentication	Email, name, profile picture	United States
Apple Sign-In	Authentication	Email, name	United States
RevenueCat	Subscription management	Anonymous user ID, purchase receipts	United States
Expo	Push notification delivery	Device push token, platform	United States

We do not share your photos, videos, or personal data with any of these services beyond what is strictly necessary for their function. We do not sell, rent, or trade your personal data to any third party.

6. Data Storage and International Transfers

Your data is stored in the following locations:

Database (account information, album data, activity records): Supabase servers in the European Union
Media files (photos, videos, thumbnails): Cloudflare R2 distributed storage network (global)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, transfers of personal data to third-party services outside the EEA are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards as required by applicable law.

7. Data Security

We protect your data with:

Encrypted connections (HTTPS/TLS) for all data in transit
Encryption at rest for stored data
Row-level security policies ensuring you can only access data you are authorized to see
Secure token storage on your device (iOS Keychain / Android Keystore)
Private albums accessible only to invited members
Regular security assessments of our infrastructure

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

8.1 Active Accounts

Your data is retained for as long as your account is active and you maintain a valid subscription (if applicable).

8.2 Payment Failure or Subscription Cancellation

If your subscription payment fails or you cancel your subscription, the following timeline applies:

Period	Access Level	What Happens
Days 1–30	Full access	Grace period. Payment reminder emails sent. You can upload, create albums, and use all features normally.
Days 31–90	Read-only	You can view and download your content but cannot upload new content or create new albums. Existing album guests can still view shared content.
Day 91+	Archived	Content is moved to cold storage and is not accessible until you reactivate your subscription. Reactivation restores access within 24 hours.
6 Months	Warning	We send a final warning email: "Your content will be deleted in 30 days." You may request a data export during this period.
7 Months	Deleted	All content is permanently deleted. Account is deactivated. No data is retained.

8.3 Voluntary Account Deletion

If you choose to delete your account:

Your account is deactivated immediately
You have a 30-day recovery window during which you can contact support@memrly.com to restore your account
After 30 days, all your data (account information, photos, videos, album data, activity records) is permanently and irreversibly deleted from our systems and third-party services

8.4 Albums on Account Deletion

When you delete your account, all albums you own are also deleted. Album members receive a 30-day notice to download any content they contributed before deletion occurs.

8.5 Voluntary Tier Downgrade

If you downgrade to a lower subscription tier:

All existing content is preserved at its original quality (e.g., 4K photos remain 4K)
You cannot upload new content that exceeds your new tier's limits
The first limit reached (storage capacity or item count) takes precedence

9. Your Rights

9.1 All Users

Regardless of your location, you can:

Access your data — view all your photos, comments, and profile information in the app
Delete your content — remove any photo, comment, or album you own at any time
Delete your account — permanently remove your account and all associated data (see Section 8.3)
Control notifications — customize or disable all notification types in settings
Revoke permissions — disable camera, contacts, or other permissions in your device settings at any time

9.2 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):

Right of access — request a copy of all personal data we hold about you
Right to rectification — request correction of inaccurate personal data
Right to erasure ("right to be forgotten") — request deletion of your personal data
Right to data portability — receive your data in a structured, commonly used, machine-readable format
Right to restrict processing — request that we limit how we use your data
Right to object — object to processing of your data for specific purposes
Right to withdraw consent — withdraw consent at any time where processing is based on consent
Right to lodge a complaint — file a complaint with your local data protection supervisory authority

To exercise any of these rights, contact us at support@memrly.com. We will respond within 30 days.

Legal basis for processing: We process your data based on (a) performance of our contract with you (providing the Service), (b) your consent (where required), and (c) our legitimate interests (platform safety, fraud prevention, service improvement), balanced against your rights and freedoms.

9.3 California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

Right to know — request disclosure of the categories and specific pieces of personal information we collect
Right to delete — request deletion of your personal information
Right to opt-out of sale — we do not sell your personal information to third parties. As we do not sell data, there is no need to opt out.
Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at support@memrly.com. We will verify your identity and respond within 45 days.

10. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users and relevant authorities in accordance with applicable law in each jurisdiction.

For GDPR users: we will notify the relevant supervisory authority within 72 hours and affected users without undue delay when required. For US users: we will notify affected residents in accordance with applicable state data breach notification laws.

11. Children's Privacy

Memrly is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you are under 16 and located in the European Union, you must have your parent or guardian's consent to use the Service.

If you believe a child under 13 has created an account or provided us with personal information, please contact us at support@memrly.com. We will promptly delete the account and all associated data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you through the app or by email at least 30 days before the changes take effect
Provide a summary of what has changed

Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.

13. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise any of your rights, contact us at:

Email: support@memrly.com

For GDPR-related inquiries, you may also contact your local data protection supervisory authority (e.g., CNIL in France, CNPD in Portugal).

This Privacy Policy is governed by the laws of Portugal. For users in the European Union, the provisions of the GDPR apply. For users in California, the provisions of the CCPA apply. For users in other jurisdictions, applicable local data protection laws apply in addition to this policy.