Last updated: 29 June 2026
memrelay is a hosted service that gives your company's AI tools access to your company's own knowledge, under your control. This policy explains what personal data we handle, why, and the rights you have over it.
memrelay is a hosted service that connects your company's knowledge to your AI tools. In this policy, "memrelay", "we" and "us" mean the team that operates the service. For any privacy question, contact us at [email protected].
There are two different relationships, and our role differs in each:
Your name, work email, company name and team size, and the identity returned by your sign-in provider (Google or Microsoft via our authentication broker). We do not store your password - sign-in is handled by your provider.
The documents, notes and files a customer chooses to bring into their workspace. This content belongs to the customer. We process it only to provide the service (search, read, governed write-through-PR), as a processor.
Logs needed to run and secure the service: requests, timestamps, IP address, browser type, and which features were used. We use these for security, debugging, abuse prevention and basic product analytics.
memrelay makes no AI model calls of its own on the ingest, search or write path. The intelligence comes from your own AI client (Claude, ChatGPT and others) connecting to your knowledge over MCP. We do not send your content to any model provider for training, and we do not use your content to train any model. Your knowledge stays plain, readable and exportable - never a black box.
We do not sell your data. We rely on a small set of vetted providers to run the service, for example:
Each subprocessor is bound to protect data and to use it only to provide its service to us.
memrelay is hosted in the European Union. If any processing happens outside the EU, we rely on appropriate safeguards (such as EU Standard Contractual Clauses).
We keep account data for as long as you have an account, and logs for a limited period needed for security and operations. Knowledge content is retained for the customer under their workspace; we never hard-delete - changes and removals are versioned in git, and content is exportable at any time. On account or contract termination we delete or return data per the agreement and applicable law.
Access is scoped per person, per team and per company, so people and their AI only see what they are allowed to. Nothing enters the knowledge base without approval (write goes through a reviewable pull request), and actions are auditable. We use encryption in transit and apply least-privilege access on our side.
Under the GDPR you can ask to access, correct, delete, restrict or object to processing of your personal data, and to receive it in a portable format. To exercise any of these, email [email protected]. If memrelay holds the data as a processor for your employer, we will direct the request to them as the controller. You also have the right to complain to your local data protection authority.
The marketing site uses only essential local storage (for example to remember your language choice). The application uses a session cookie to keep you signed in. We do not use advertising or cross-site tracking cookies.
memrelay is a tool for businesses and is not intended for children. We do not knowingly collect data from anyone under 16.
If we make a material change, we will update the date above and, where appropriate, notify you. Continuing to use memrelay after a change means you accept the updated policy.
Questions about privacy or this policy: [email protected].