Memraiq
Privacy Policy
1. Who we are
Memraiq is a private AI knowledge base platform operated by Ri-Tech, a technology company based in Ghana. When you use Memraiq, you are interacting with services operated by Ri-Tech.
For questions about this policy or your personal data, contact us at hello@memraiq.com.
2. What we collect
We collect the following categories of data when you use Memraiq:
Account information
Email address, password (stored as a bcrypt hash — never in plaintext), organisation name, and membership details.
Documents and content
Documents you upload to your workspace. These are stored, chunked, embedded, and indexed so the platform can answer questions from them.
Conversation history
Questions your team asks and the answers the platform generates, stored within your organisation's workspace.
API usage logs
Technical metadata for requests (for example model, provider, token counts, timestamps). Used to operate the service: billing where applicable, abuse prevention, security, reliability, and support — not as a standalone customer analytics or per-query cost dashboard product.
Technical data
IP address and user agent for rate limiting, security monitoring, and debugging. Not used for advertising.
Payment data
Billing and subscription information handled by Paystack. We do not store full card numbers or payment credentials.
3. How we use your data
We use your data to:
- —Operate the platform — indexing documents, serving retrieval queries, and generating answers
- —Enforce plan limits and track token usage for billing
- —Run internal reliability and security monitoring (operator-facing, not a customer health dashboard product)
- —Send transactional emails — magic links, member invitations, password resets, billing notifications
- —Improve the product based on aggregate usage patterns (not individual user profiling)
- —Comply with legal obligations and respond to lawful requests
We do not sell your data, use it for advertising, or train AI models on your documents or conversation history.
4. Third-party services
Running Memraiq requires the following third-party services to process your data. Document content is sent to AI providers (Anthropic, OpenAI) for embedding and generation. By using the platform you acknowledge this processing.
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database and file storage | All app data, document files |
| Qdrant Cloud | Vector storage | Document embeddings (no raw text) |
| Neo4j Aura | Knowledge graph storage | Extracted entities and relationships |
| Anthropic | LLM inference (Claude) | Document content, query context |
| OpenAI | Embeddings and LLM inference | Document content, query context |
| Paystack | Payment processing | Billing and subscription data |
| Resend | Transactional email | Email address, email content |
Anthropic and OpenAI process document content under their own data processing terms. We recommend reviewing their policies if this is relevant to your compliance posture.
5. Data retention
- —Documents and conversations: retained until you delete them or your organisation is deleted
- —API usage logs: retained for 12 months for billing reconciliation and debugging
- —Refresh tokens: expire after 30 days of inactivity
- —Backups: purged within 90 days after account deletion
6. Your rights
Subject to applicable data protection laws, you have the following rights:
- —Access: request a copy of the personal data we hold about you
- —Correction: update your account information in the platform settings
- —Export: download your documents and conversation history from your workspace
- —Deletion: delete individual documents, conversations, or your entire account at any time
- —Objection: object to processing in certain circumstances
To exercise these rights, email hello@memraiq.com. We will respond within 30 days.
7. Security
- —Passwords stored as bcrypt hashes — never in plaintext
- —JWT-based authentication with short-lived access tokens (15 minutes)
- —API keys encrypted with Fernet symmetric encryption at rest
- —All data in transit encrypted over HTTPS/TLS
- —Role-based access control at the organisation level
- —No cross-tenant data access at any layer
8. Cookies
We use a minimal set of cookies required to operate the platform:
access_token
Session (15 min) — Authentication — identifies your session
refresh_token
Persistent (30 days, httpOnly) — Session renewal — used to obtain new access tokens
We do not use advertising cookies, analytics cookies, or third-party tracking scripts.
9. International transfers
Our infrastructure providers (Supabase, Anthropic, OpenAI, Qdrant) may process data outside of Ghana. We rely on these providers' standard contractual and security measures for data transfers. Enterprise customers may request specific region configuration for Supabase and Qdrant deployments.
10. Policy changes
We may update this policy from time to time. Material changes will be communicated through the platform (in-app notification) and by updating the effective date on this page. Continued use of the platform after a change constitutes acceptance of the updated policy.
11. Contact
For privacy questions, data requests, or concerns, contact us at hello@memraiq.com. We aim to respond within 5 business days.