Membase
HomeBlogDiscord
Try for Free

Privacy Policy

Effective Date: February 21, 2026

Introduction

This Privacy Policy applies to all users of the Membase website (https://membase.so), applications, and related services (collectively, "Membase," "App," or "Services"), offered by Aristo Technologies, Inc. ("we," "us," or "our"). This policy describes how we collect, process, store, and protect your personal information.

By accessing or using any part of our Services, you acknowledge you have been informed of and consent to our practices with regard to your personal information and data.

Our Core Principles

  • You own your data. You control what is stored, how it is used, and when it is deleted.
  • No selling. We never sell your personal data to third parties.
  • No AI training. Your data is never used to train or fine-tune generalized AI or machine learning models.
  • Minimal collection. We only collect what is necessary to provide and improve the Services.

Information We Collect

Account Information

When you create a Membase account, we collect:

  • Name and email address
  • Profile picture URL
  • Authentication credentials (managed via OAuth providers)

Google User Data

If you choose to connect your Google account, we may access the following data depending on the permissions you grant:

Basic Profile Information (via Google OAuth)

  • Your name, email address, and profile picture URL.
  • We use this information solely to identify you, create your account, and provide a personalized experience.

Google Calendar Data

With your explicit consent, we access your Google Calendar data in read-only mode, including:

  • Event titles, descriptions, and notes
  • Event dates, times, and durations
  • Event locations
  • Attendee information (names and email addresses)
  • Calendar metadata (calendar names and time zones)

Calendar data is synchronized as part of your personal memory bank, allowing Membase's AI to understand your schedule context and provide relevant, personalized assistance. We access this data in read-only mode and do not modify your Google Calendar.

Gmail Data

With your explicit consent, we may access your Gmail data, including:

  • Email subjects and message content
  • Sender and recipient information
  • Email metadata (timestamps, labels)

Email data is synchronized as part of your personal memory bank, enabling Membase's AI to reference relevant communications and provide contextual assistance.

Memory & Content Data

You may upload or connect various forms of personal data to your memory bank, such as text, notes, and documents. This data is processed to generate AI memory representations (embeddings, summaries, and contextual references) that power the Membase experience.

Technical & Analytics Data

We collect technical data necessary for service operation:

  • Device type, browser type, and operating system
  • IP address and approximate geographic location
  • Pages visited, features used, and interaction patterns
  • Error logs and performance metrics

We use PostHog for product analytics to understand how our Services are used and to improve the user experience. PostHog collects de-identified usage data and does not track you across other websites. We do not use cookies for advertising, retargeting, or cross-site tracking.

How We Use Your Information

We use the information we collect to:

  • Provide the Services: Sync, organize, and retrieve your stored memories using AI.
  • Personalize your experience: Generate contextual AI responses based on your memory bank.
  • Authenticate and secure: Verify your identity and protect your account.
  • Communicate: Send service-related notifications and provide customer support.
  • Improve: Analyze usage patterns to enhance features and fix issues.
  • Comply: Meet legal and regulatory obligations.

We do not use your information for advertising, profiling for third parties, or training generalized AI models. We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.

Third-Party AI Processing

Membase uses OpenAI to process your data and provide AI-powered memory features. When you use AI features, relevant portions of your memory data are sent to OpenAI's API for processing.

Important safeguards:

  • Data sent to OpenAI is used solely to generate responses for your requests and is not used to train or improve OpenAI's models (per OpenAI's API data usage policy).
  • We send only the minimum data necessary to fulfill each specific request.
  • We do not store AI-generated responses beyond what is needed to provide the Services to you.

Google API Services User Data Policy

Membase's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We explicitly declare that:

  • We do not sell Google user data to third parties.
  • We do not use Google user data for serving ads, including retargeting, personalized, or interest-based advertising.
  • We do not use Google user data to develop, replace, or train generalized AI and/or machine learning models.
  • We only use Google user data to provide or improve user-facing features that are prominent in the Membase interface.
  • We limit data transfers to only:
    • When necessary to provide or improve user-facing features, with user consent;
    • For security purposes (e.g., investigating abuse);
    • To comply with applicable laws or regulations; or
    • As part of a merger, acquisition, or sale of assets, with prior user consent.
  • We do not allow humans to read Google user data, unless:
    • You have given affirmative consent to view specific data;
    • It is necessary for security purposes (e.g., investigating a bug or abuse);
    • It is necessary to comply with applicable law; or
    • The data is aggregated and anonymized for internal operations.

How We Share Information

We do not sell, rent, or otherwise commercially distribute personal information. We do not "sell" or "share" personal data for cross-contextual behavioral advertising as defined under applicable US state privacy laws. We share information only in the following circumstances:

  • AI service providers: Data is shared with OpenAI for AI processing as described above, subject to their API data usage policies.
  • Infrastructure providers: We use trusted third-party providers for data storage and processing, bound by confidentiality agreements and appropriate security standards.
  • Analytics: PostHog receives de-identified usage data for product analytics.
  • Legal requirements: When required by valid court order, subpoena, or applicable law.
  • Safety: To protect the rights, property, or safety of Membase, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to users.

In all cases, shared data is minimized and subject to confidentiality obligations.

Data Storage & Security

Where We Store Your Data

Your data is stored on servers located in the United States.

How We Protect Your Data

We implement industry-standard security measures, including:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: All stored data is encrypted at rest using AES-256 encryption provided by our infrastructure partners.
  • Access controls: Strict role-based access controls limit who can access production systems.
  • Regular audits: We conduct periodic security reviews of our infrastructure and practices.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention & Deletion

Retention

  • Account and memory data: Retained for as long as your account is active, or as needed to provide the Services.
  • Technical logs: Retained for up to 90 days for security and debugging purposes, then automatically deleted.
  • Analytics data: Retained in de-identified form.

Deletion

  • Your control: You can delete individual memories or disconnect integrated services at any time through the app.
  • Account deletion: You may request full account deletion by emailing support@aristo.so or through your account settings.
  • Deletion timeline: Upon account deletion, all personal data and associated memory data will be permanently deleted within 30 days, including backups.
  • Google data: When you disconnect your Google account, all synced Google Calendar and Gmail data is queued for deletion following the same 30-day timeline.
  • Irreversibility: Once deleted, your data cannot be recovered.

Connected Services

When you authorize a third-party integration:

  • You grant Membase permission to access specific data from that service.
  • You can revoke access at any time through your Membase account settings or through the third-party service's security settings (e.g., Google Security Settings).
  • Data from connected services is processed in accordance with this Privacy Policy.
  • Each connected service is also governed by its own privacy policy and terms of service.

Currently available integrations include Google Calendar and Gmail. When new integrations are added, this Privacy Policy will be updated accordingly.

International Data Transfers

Membase is operated by Aristo Technologies, Inc., headquartered in the United States. Your information is transferred to and processed on servers located in the United States.

If you access our Services from outside the U.S., your information may be transferred across international borders. We implement appropriate safeguards, including standard contractual clauses where applicable, to ensure your data receives adequate protection in compliance with applicable data protection laws.

Children's Privacy

Membase is intended for individuals aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we learn or have reason to suspect that a user is under the age of 18, we will investigate and, if appropriate, promptly delete the personal data and the account. If you believe that a minor has provided us with personal information, please contact us at support@aristo.so.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request a copy of your data in a portable format.
  • Restriction: Request that we limit how we process your data.
  • Objection: Object to certain types of data processing.
  • Withdraw consent: Withdraw previously granted consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@aristo.so. We will respond to your request within 30 days, or as required by applicable law. If we deny your request, you may appeal by emailing the same address. We will not discriminate against you for exercising any privacy rights available under applicable law.

Legal Compliance

This policy is designed to comply with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice within the Services prior to the changes taking effect. Your continued use of the Services after any change in this Privacy Policy will constitute your acceptance of such change.

The "Effective Date" at the top of this policy indicates when it was last revised.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Aristo Technologies, Inc.

Email: support@aristo.so