Privacy Policy

This Privacy Policy explains how Mnestica (“Mnestica,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use Mnestica — the AI-powered memory and spaced-repetition service available at https://mnestica.ai (the “Service”). It applies to visitors, registered users, and paying subscribers.

We built Mnestica to be a durable memory system for things you actually want to remember. That means we do collect and process the content you give us, and we want to be specific about what happens to it, where it goes, and what control you have.

Plain-language summary: We use Clerk to sign you in, Stripe to bill you, and hosted OpenAI or Anthropic provider paths to generate cards when you ask for generation. We store your notes, cards, and study history in our database so spaced repetition works. We don’t sell your data. Self-serve export today is generated-card TSV or CSV only, and broader export or deletion requests go through support.

Before you paste source material: Do not paste material you are not comfortable processing through that hosted AI workflow. There is no local-only, offline, or no-provider generation mode today.

The data controller responsible for your personal information is Mnestica, operating under the trade name Mnestica.

Mnestica is the public launch name for the product. If you run into an older Memoria reference in archived material, it refers to the same project under its pre-launch internal name.

For any question about this Policy or our handling of your data, you can reach us at support@mnestica.ai.

We collect the following categories of information:

1. Account information

When you create an account, our authentication provider (Clerk) collects your email address and, depending on the sign-in method you choose, a password, a third-party OAuth identifier (for example a Google account ID), and basic profile data (name and avatar). We receive a Clerk user ID that we store as your unique account identifier.

2. Content you create and submit

Mnestica is a content-first product. We store the material you deliberately add to the Service, including:

• Text you paste or otherwise submit to generate flashcards from (your “source text”).
• The AI-generated flashcards that result, their edits, and their spaced-repetition state (due date, interval, ease factor, review history).
• Notes, reading items, and knowledge-graph links you create, along with their revisions.
• Your study session records and per-card review ratings.
• Suggestions our “Memory Coach” generates about your cards and whether you applied or dismissed them.

3. Billing information

If you subscribe to Mnestica Pro, Stripe collects and processes your payment details directly on its own infrastructure. We never see or store your full payment card number, CVC, or bank credentials. From Stripe we receive and store a Stripe customer ID, a subscription ID, the subscription status and billing period, credit ledger records, and Stripe webhook records needed to reconcile subscriptions, invoices, credit grants, and credit reversals tied to your account.

4. Technical and usage information

When you use the Service we automatically collect information needed to run and protect it: IP address, user-agent string, request timestamps, a server-generated request ID used for tracing, application error and performance logs, and events such as “study session started” or “generation job completed” that we use to operate the product and measure reliability.

We use the information described above to:

• Provide and operate the core Service — authenticating you, showing your decks and notes, scheduling reviews via spaced repetition, and persisting your progress across sessions and devices.
• Run the AI flashcard-generation pipeline, which requires forwarding your source text to third-party AI providers (see “AI Processing of Your Content” below).
• Process payments, manage subscriptions, reconcile credits, and deliver billing receipts and transactional notices.
• Monitor for abuse, security issues, and fraud, and to enforce our Terms of Service.
• Improve reliability and product quality — for example, investigating an error in a specific job to fix a bug. We use aggregated and de-identified metrics for capacity planning and product analysis.
• Communicate with you about account activity, billing, product updates that materially affect your use of the Service, and replies to support requests you send us.
• Comply with our legal obligations and respond to lawful requests.

We do not sell personal information. We do not use your content or study activity to train our own models. When we rely on third-party AI providers for requested generation, their API or commercial data policies apply as described below.

Mnestica is a hosted web app. When you request generation, the text you submit goes through Mnestica's hosted AI workflow and may be processed by OpenAI or Anthropic. This hosted provider step is essential to the product we ship today.

We send the text you submit plus the prompt instructions needed to generate cards. We do not intentionally send your email address, payment details, or full study history in the provider prompt, though we do keep the selected provider path, model metadata, job records, and output in our own systems so generation, deletion, and refund flows are auditable.

OpenAI and Anthropic say API or commercial inputs and outputs are not used to train their public models by default, but provider abuse, safety, legal, and operational retention policies still apply. That is not the same as zero retention, and provider logs or retained records may exist for a limited period under those policies.

AI-generated output can be incorrect or incomplete. We store the output so you can review, edit, or delete it, and we record the model and prompt version used so that generation is auditable and easier to investigate if something goes wrong.

We rely on the following subprocessors to run Mnestica. Each receives only the minimum data needed for its function.

Clerk

Authentication and account management. Receives sign-in credentials, email, and profile data.

Stripe

Payment processing, subscription management, and customer billing portal. Receives name, email, billing address, and payment details you enter at checkout.

OpenAI

AI flashcard generation when Mnestica routes a generation job to an OpenAI model. Receives the source text you submit for a generation job and returns generated cards.

Anthropic

AI flashcard generation when Mnestica routes a generation job to an Anthropic (Claude) model. Receives the source text you submit for a generation job and returns generated cards.

Supabase

PostgreSQL database hosting. Stores your account data, decks, cards, notes, reading items, and related application records.

Vercel

Web application hosting and request-level logging for our Next.js application.

Managed Redis provider

Rate-limiting, request de-duplication, and the AI job queue. Stores short-lived request metadata (hours to days).

We may also share information when required by law, to protect the rights and safety of our users or the public, or as part of a corporate transaction (merger, acquisition, or asset sale) — in which case we will give reasonable notice before your information becomes subject to a different privacy policy.

We use cookies and equivalent storage to keep you signed in, remember your display preferences (such as dark mode), and protect against cross-site request forgery. Clerk and Stripe set their own cookies strictly necessary to authenticate you and to complete a checkout.

We do not use third-party advertising cookies. We do not deploy cross-site tracking pixels.

We keep your account data and the content you create for as long as your account is active, so the Service can continue to schedule your reviews and show your history. Some content can be deleted directly in-product where that feature is available; for account-level export or deletion requests, contact us at the email below.

When we verify and complete an account deletion request, we delete or de-identify personal information from production systems within 30 days unless we need to retain it for billing, tax, security, fraud prevention, dispute handling, or other legal reasons. Operational backups are overwritten on their normal cycle. Billing records, invoices, and Stripe audit records may be retained as required for accounting, compliance, and dispute resolution.

We take reasonable technical and organizational measures to protect your information. All traffic to the Service is encrypted in transit with TLS. Data is encrypted at rest at the database layer. Server-to-server calls between our Next.js application and our AI service are authenticated with a shared secret and HMAC-signed payloads. Access to production systems is restricted to personnel who need it for their role.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at support@mnestica.ai.

We and our subprocessors may process information in the United States and other countries where our providers operate. Those countries may have privacy laws that differ from the laws where you live. We use reputable infrastructure, authentication, payment, and AI providers and rely on their applicable data-processing terms and security controls.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct information that is inaccurate or incomplete.
• Delete your personal information and your account.
• Request export of the data we can currently provide in a machine-readable format.
• Object to or restrict certain processing, and withdraw consent where we relied on consent.
• Lodge a complaint with your local data-protection authority.

Today, Self-serve export is deck-scoped TSV or CSV for AI-generated cards only. It is not full account export or a complete source-material export. For broader export, corrected export files, or account deletion, email support@mnestica.ai from the address on your account.

To make a privacy request, email us at support@mnestica.ai. We will respond within the time required by applicable law, and will not discriminate against you for exercising any right.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under that age. If you believe a child has provided us with personal information, contact us and we will delete it.

We may update this Policy from time to time. If we make material changes, we will notify you by email or through an in-product notice before the changes take effect. The “Last updated” date at the top of this page always reflects the current version.

Questions or requests about this Policy can be directed to support@mnestica.ai.