Last updated: April 30, 2026
HyperMemory ("we," "us," or "our") operates the hypermemory.io website, the HyperMemory application at app.hypermemory.io, the HyperMemory MCP server, CLI, and REST API (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
When you create an account, we collect information provided by your OAuth identity provider (GitHub, Google, or email/password via Supabase). This typically includes your name, email address, and profile avatar. We do not receive or store third-party passwords.
The core purpose of HyperMemory is to store memory data on behalf of your AI agents. This includes nodes, edges, hyperedges, and any associated descriptions, metadata, and files you upload through our Service. This is your data.
We automatically collect certain information when you interact with the Service, including query counts, API call metadata (timestamps, response codes), and general usage patterns. This data is used for billing, rate limiting, and service improvement.
Our servers automatically record information such as your IP address, browser type, referring/exit pages, and timestamps. This data is retained for security monitoring and debugging purposes.
All data is stored and processed in European Union data centres. Our infrastructure providers are selected for their compliance with EU data protection standards.
All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent.
Access to production systems is restricted to authorised personnel only. API access to your memory graphs requires authenticated credentials (OAuth tokens or API keys). API keys are SHA-256 hashed before storage — we cannot see your raw keys after creation.
Your memory data is retained for as long as your account is active. If you delete a memory graph, nodes, or your account, the associated data is permanently removed from our systems. Backups containing deleted data are purged within 30 days.
Usage logs and billing records are retained for the period required by applicable law (typically up to 7 years for financial records).
We use the following third-party services to operate HyperMemory:
Each provider processes data only as necessary to deliver their specific service and is bound by their own privacy policies and data processing terms.
HyperMemory is fully GDPR compliant. If you are a resident of the European Economic Area (EEA), you have the following rights:
Data Processing Agreements (DPAs) are available for all paid plans upon request.
To exercise any of these rights, contact us at privacy@hypermemory.io.
Our marketing site (hypermemory.io) uses cookies for analytics. The HyperMemory application (app.hypermemory.io) uses session cookies strictly necessary for authentication. We do not use advertising cookies or cross-site tracking.
Our Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or our data practices, contact us at: