Memreader

Privacy Policy

Last updated: May 31, 2026

We built Memreader as a tool for serious readers, and we treat the data you store in it with the seriousness it deserves. This policy explains what we collect, why we collect it, who else sees it, and what control you have. If anything is unclear, email us at support@memreader.com.

1. Who we are

Memreader (“we”, “us”, “our”) is the operator of the Service available at memreader.com. We act as the data controller for the personal data you provide to us.

2. What we collect

We collect only what the Service genuinely needs:

  • Account data — your email address and a hashed password (we never store your raw password).
  • Content you create — the books you upload (EPUB, PDF, DOCX), the highlights you make, the flashcards generated from them, and any notes or chapter edits you save.
  • Reading state — your last read position, review schedules, and flashcard performance data (used by the spaced-repetition algorithm).
  • Billing data — if you purchase Memreader, Paddle (our payment processor) handles your card details directly. We never see your full card number. We receive only your subscription status, a transaction ID, and the email address you used at checkout.
  • Basic usage logs — standard server logs (IP address, browser type, request paths, timestamps) retained for up to 30 days for security and debugging.

3. What we do NOT collect

We do not use third-party advertising trackers, behavioral profilers, or marketing pixels on the application pages. We do not sell your data to anyone, ever.

4. How we use it

  • To run the Service — store and display your books and highlights, schedule reviews, generate Anki exports.
  • To authenticate you and keep your account secure.
  • To process your purchase and provide receipts (via Paddle).
  • To email you about your account: trial expiry, purchase confirmations, password resets, and important service notices.
  • To diagnose bugs and improve reliability.
  • To comply with legal obligations (tax records, lawful requests from authorities).

5. Who else sees your data

We use a small set of trusted service providers to operate Memreader. Each one only receives the data they strictly need:
  • Supabase (database, file storage, authentication) — stores your account, books, highlights, and flashcards. Hosted in the EU.
  • Vercel (hosting) — serves the Memreader website and application.
  • Paddle (payments) — acts as the merchant of record for your purchase, handles tax, fraud-screening, and card processing.

Each of these processors has their own privacy and security commitments, which we have evaluated. We do not share your data with anyone outside this list, except where required by law.

6. Cookies

We use a small number of strictly-necessary cookies to keep you signed in and to remember your dark-mode preference. We do not set analytics or advertising cookies on the application. Paddle's checkout sets its own cookies during the payment flow — those are governed by Paddle's privacy policy.

7. Data security

Your data is encrypted in transit (HTTPS everywhere) and at rest in our database and file storage. Access to production systems is restricted to a small number of authorized personnel and protected with strong authentication. We monitor for intrusions and apply security updates promptly.

8. Data retention

We retain your account data and content for as long as your account exists. If you close your account, we delete your books, highlights, and flashcards within 30 days. We may retain anonymized aggregates and billing records (as required by tax law) for longer.

9. Your rights

Depending on where you live, you may have rights to: access the data we hold about you; correct or update it; delete it (subject to limited exceptions like tax records); export it in a portable format; or object to certain processing. To exercise any of these rights, email support@memreader.com. We respond within 30 days.

10. International transfers

Memreader is operated from India, with infrastructure in the EU and North America. If you use the Service from outside these regions, your data will be transferred to and stored in those regions. We rely on standard contractual clauses and our processors' certifications to protect your data in transit.

11. Children

Memreader is not directed at children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy as the Service evolves. We will update the “Last updated” date at the top and, for material changes, email registered users. Your continued use of the Service after a change constitutes acceptance.

13. Contact

Privacy questions or requests? Email support@memreader.com.