1. Who we are

YouRemember.life is an independent digital memory platform. Our servers are located in Helsinki, Finland (Hetzner Cloud) within the European Union. As an EU-hosted service, we operate in compliance with the General Data Protection Regulation (GDPR).

Contact for privacy matters: [email protected]

2. What data we collect

Account data: Your email address and a hashed version of your password (bcrypt). We never store your password in plain text.

Profile data: Birthday (optional, set once, used for milestone memories). Last login timestamp.

Memory content: Text you write, photos and audio files you upload, dates and titles you assign, and any circle members you tag.

Session data: A secure session cookie to keep you logged in. It expires when you close your browser or log out.

Security data: Your IP address at last login and a device fingerprint derived from your browser and hardware characteristics. We collect this solely for security purposes — to detect and prevent unauthorised access to your account and to comply with applicable legal obligations. This data is not used for advertising, profiling, or sold to any third party.

Email logs: Records of verification and digest emails sent, to prevent duplicates.

3. What we never collect

• We do not use analytics, tracking pixels, or third-party scripts
• We do not collect IP addresses or device fingerprints beyond what is described in section 2 (security purposes only)
• We do not build advertising profiles
• We do not sell, rent, or share your data with any third party for commercial purposes

4. How we use your data

• To provide and operate your memory account
• To send account verification and password reset emails
• To send weekly digest emails (if you have opted in — you can toggle this off at any time in Account Settings)
• To display "On This Day" memories and birthday-based features within the app

5. Third-party services

Zoho Mail (SMTP): Used exclusively to send transactional emails (verification, digests). Your email address is transmitted to Zoho's servers for delivery. Zoho does not receive your memory content.

Cloudflare R2 (file storage): Photos, audio recordings, and video files you upload are stored in Cloudflare R2, an EU-compatible S3-compatible object store. Files are served through Cloudflare's network. Cloudflare does not receive your account data or memory text.

Stripe (payments): When you subscribe to the Supporter plan, payment is processed by Stripe, Inc. We never store your card number or payment details on our servers. Stripe receives your email address, billing country, and payment details to process the transaction and issue receipts. Stripe's privacy policy is available at stripe.com/privacy.

Google Fonts: Loaded from Google's CDN on page load. This may expose your IP address to Google. No personal account data is shared.

No other third-party services have access to your data.

6. Data retention

Your data is retained for as long as your account exists. When you delete your account, all associated data — memories, uploads, circle members, and logs — is permanently deleted from our database. Uploaded files are removed from disk.

Exported ZIP files stored in our exports directory are not automatically deleted. Contact us to request removal of a specific export.

7. Your rights (GDPR)

As a user, you have the right to:

• Access — request a copy of all data we hold about you
• Portability — export all your memories via Account Settings → Export
• Rectification — correct inaccurate data (change email or password in Account Settings)
• Erasure — delete your account and all data permanently via Account Settings → Delete Account
• Objection — opt out of digest emails at any time in Account Settings

To exercise any right not available in-app, email us at [email protected]. We will respond within 30 days.

8. Security

All connections to YouRemember.life are encrypted via HTTPS (TLS). Passwords are hashed using bcrypt before storage. Sessions use HttpOnly, SameSite=Strict, and Secure cookie flags. All forms are protected with CSRF tokens.

While we take reasonable technical precautions, no system is perfectly secure. We encourage you to use a strong, unique password for your account.

9. Changes to this policy

We may update this policy as the service evolves. Significant changes will be communicated by email. Continued use of the service after changes take effect constitutes acceptance.