Last updated: 23 May 2026

Who we are

Memrease is operated by Kinesis Consultants Ltd, a company registered in England and Wales. We are registered with the Information Commissioner’s Office under reference ZC116604. Our registered address is #406 Peppercorn Court, 18 Blair Street, London E14 0NY. All privacy enquiries should be directed to privacy@memrease.com.

The two kinds of people who use Memrease

Curators are the family members, friends, and carers who create an account, upload memories, and manage the experience. Curators interact with Memrease actively and provide information about themselves and about the recipient.

Recipientsare the people at the heart of the product — typically an elderly relative — who receive a daily prompt and have a gentle guided conversation about their own memories. Recipients often have limited capacity to manage their own data, and in some cases may be living with dementia or other conditions that affect their ability to give informed consent. We have designed Memrease with this in mind throughout, and we treat recipient data with an additional layer of care.

Where a recipient has the capacity to consent to participating in Memrease, responsibility for obtaining that consent sits with the curator. By creating a recipient profile, the curator confirms that they have the appropriate authority to do so — whether because the recipient has given their consent directly, or because the curator holds a relevant power of attorney or acts in a caring capacity. We are not in a position to verify this, and we rely on curators to act in good faith.

What information we collect

From curators

We collect your email address when you sign up, and we use it for authentication — we send you a magic link rather than asking you to set a password. If you choose to set a password as well, we store a cryptographic hash of it; the password itself is never stored. We collect the name you provide for your account, and we record the activity you take within the product: memories you upload, recipients you create, families you join, and preferences you set.

We collect the content you upload to Memrease: story text, photographs, audio recordings, and video clips. This content may contain personal information about the recipient, about you, and about other family members. We process this content using artificial intelligence in order to extract conversation threads, generate daily prompts, and personalise the recipient’s experience. This processing is described in more detail below.

If you subscribe to a paid tier, we collect billing information via Stripe. We do not store your card details ourselves — Stripe handles payment processing and holds card data under their own privacy policy and PCI DSS compliance. We retain records of your subscription status, transaction history, and billing preferences.

Photographs and other people

Photographs uploaded to Memrease frequently depict other family members, friends, and people who are not direct users of the service. Under UK GDPR, a photograph of a living person is personal data about that person.

By uploading a photograph, you confirm that you have the right to share it within your family for the purposes of this service, and that the people depicted either consent to their image being used in this way or that you have an appropriate basis for sharing it (for example, as a family photograph shared in a private family context). You should not upload photographs of people who have asked not to be included.

Uploaded photographs are processed by our media sanitisation pipeline (which strips metadata and re-encodes the image for security) and by OpenAI’s content moderation service for safeguarding screening. This means that photographs of third parties are transmitted to OpenAI in the United States as part of our moderation checks. OpenAI operates a zero-retention policy for moderation requests. Story text accompanying photographs is processed by Anthropic for thread extraction and prompt generation. Photographs themselves are transmitted to Anthropic only when the family has enabled photo descriptions for prompts — an opt-in setting controlled by the family’s Prime Keeper and currently available only on the Heritage tier. When the setting is off, or when the family is on a lower tier where the setting is not available, photographs are never transmitted to Anthropic for prompt analysis.

Photo descriptions for prompts (Heritage tier)

When a family on the Heritage tier turns on photo descriptions for prompts, Memrease asks Anthropic’s vision-capable model to describe what’s in the photographs you upload. The description is used in two ways: to help the curator draft the story that goes with the photograph, and to draft short conversation prompts that the curator reviews, edits, or declines before any prompt reaches the recipient.

What we send.When this setting is on and a photograph has cleared our safety screening, we transmit: the photograph itself (with the photograph’s hidden metadata removed per the sanitisation step above); the date and place of the memory, ifthe curator has confirmed those values (either by typing them in or by accepting the suggestion drawn from the photograph’s hidden metadata before that metadata was stripped); and the memory’s title, if you have set one. If the curator has not confirmed a date or place, we either omit it or send it with a clear note to Anthropic that the value comes from the photograph’s file metadata and may not be accurate — scanned photographs of older originals routinely carry the scan date, not the date the photograph was taken.

What we do not send.We do not send the precise geographic coordinates from the photograph — only the human-readable place name (such as a town or a venue), and only if you have confirmed it. We do not send the names of the family members in the photograph, the names of recipients who will see the resulting prompts, or any other data beyond the items above. Faces are never identified.

What Anthropic does with it.Anthropic produces a short description and a small number of prompt drafts. Photographs sent for this purpose are not retained for Anthropic’s model training under our Data Processing Addendum (linked in the sub-processor table below). The transfer is governed by Standard Contractual Clauses with the UK addendum, as for the other content we send to Anthropic.

Curator review of prompts.Memrease never serves a photo-derived conversation prompt to a recipient without the curator’s confirmation. The curator sees each prompt draft, may edit the wording, and may decline it. Declined prompt drafts are never sent to recipients and are not retained beyond an internal audit log.

Turning it off. You can turn this setting off at any time. The setting lives in your account settings (under Smart features) and in your family’s settings (under Photo descriptions for prompts). When it is off, photographs are not transmitted to Anthropic for this purpose. Memrease remains fully functional without this feature — conversation prompts on lower tiers are drawn entirely from the text you and your family write.

Photographs of children:you must not upload photographs of children under 18 without the consent of their parent or legal guardian. We take particular care with images involving minors and may remove such content if we become aware that appropriate consent has not been obtained. When the photo descriptions for prompts setting is on, photographs of minors are transmitted to Anthropic on the same basis as any other photograph in that family’s library — Anthropic produces descriptions and prompt drafts but is never asked to identify faces, and curators review and confirm every prompt before it reaches a recipient.

Reading hidden information from your photos

When you upload a photo, the photo file itself often contains hidden information — the time the camera saved it, and (if your phone or camera is set up that way) the GPS coordinates of where it was taken. Memrease reads those two specific things, in memory, before we strip the photo of all hidden information. We use them to suggest a date and a place name in the memory you’re creating, so you don’t have to type those in yourself. You can always edit or remove the suggestion before saving.

To turn the coordinates from your photo into a place name (like “Bath, June 2023” or “Shakespeare’s Globe”), we use Mapbox. We send the coordinates only — never your name, your family’s name, the photo itself, or anything else that could identify you. Mapbox processes the coordinates to provide their geocoding service. Their data-handling policy is at mapbox.com/legal/privacy.

The photo file we store on your behalf is fully stripped — anyone who later sees that photo can’t pull the date or the GPS out of it. If you’d rather Memrease didn’t read the metadata at all, you can switch this off any time in your account settings.

Documents, handwritten notes, and links

Memrease can accept document uploads (such as PDFs), photographs of handwritten notes (cards, letters, journal pages), and — in future releases — links to external pages, attached to a memory. Where this content contains text, we extract that text at the point of upload so that we can apply the same safeguarding checks to written content as we do to other kinds of memory.

For PDFs and similar documents, we extract the text layer using software running on our own servers. The extracted text is then transmitted to OpenAI’s content moderation service to check for harmful or inappropriate content, in the same way as the conversation and image moderation described elsewhere in this policy. Documents that pass this check are made available to the recipient alongside the memory; documents that fail are held for review.

For photographs of handwritten notes, we may use optical character recognition (OCR) to convert the handwriting into machine-readable text. OCR is performed by a specialist sub-processor; the specific vendor will be named in the sub-processor section of this policy before that processing begins, and may be based in the United States. The extracted text is then transmitted to OpenAI’s content moderation service for the same safeguarding check. Where OCR cannot reliably read the handwriting, the asset is held for human review rather than being passed through automatically.

For links (when this feature becomes available), we will fetch the page content from our own servers, extract the visible text, and send that text to OpenAI’s content moderation service for screening. We will not follow links to private or internal addresses, we will cap the size and duration of each fetch, and we will strip executable code before storing anything.

In each case, the extracted text may contain personal information about other people — for example, the name of someone a letter is addressed to, or the contents of a journal entry referring to a third party. The same expectations that apply to photographs of third parties apply to extracted text. By uploading this content, you confirm that you have the right to share it within your family for the purposes of this service.

Extracted text is stored alongside the original media and is included in any data export or deletion request you make. OpenAI operates a zero-retention policy for moderation requests; the OCR sub-processor’s retention terms will be detailed here once the vendor is confirmed.

From recipients

Recipients access Memrease via a unique link and a PIN. We record the conversations they have within the product — the messages exchanged during their daily sessions. These conversation logs are private to the recipient: curators cannot read the content of what a recipient said. Curators receive engagement signals (for example, that a recipient spent time with a particular memory, or that they responded at length) but not transcripts.

We also record which memories a recipient has seen, which they have favourited, and general engagement patterns. This data is used to personalise future prompts and to provide curators with a meaningful sense of how the recipient is experiencing the product.

Technical data we collect automatically

We collect standard server logs, including IP addresses, device type, browser version, and timestamps. We use Vercel Analytics to understand how the product is being used in aggregate. We do not use advertising trackers or share this data with third parties for marketing purposes.

Why we process your information

We process personal data under the following lawful bases under UK GDPR:

Contract performance: processing your account information, delivering the daily prompt service, handling authentication, and managing your subscription.

Legitimate interests: improving the product, detecting and preventing abuse, ensuring the security of the service, and generating aggregated and anonymised analytics. We have assessed that these legitimate interests are not overridden by your rights in each case.

Legal obligation: retaining financial records for the period required by UK law (currently seven years).

Consent:where we send optional communications such as weekly digest emails or notifications about your recipient’s engagement, we rely on your explicit opt-in. You can withdraw this consent at any time from your notification settings.

Special-category data: health information

Family memories routinely contain health-related information — a parent’s cancer diagnosis, a child’s ADHD, a grandparent’s stroke, surgical history, bereavement, mental health context, and other disclosures that arise naturally when families describe each other’s lives. Under UK GDPR, this constitutes special-category data (Article 9) regardless of whether it is shared in a clinical setting.

We process this data on the basis of explicit consent (Article 9(2)(a)), which curators provide when they accept our terms of service and which recipients acknowledge when they first access Memrease. We do not use health-related content for any purpose other than delivering and improving the memory experience.

Health-related information contained in memories is processed by our AI sub-processors (Anthropic and OpenAI, both based in the United States) as part of the normal operation of the service. This means that special-category health data is included in the international transfers described below. We rely on Standard Contractual Clauses for these transfers and have assessed that the additional protections required for special-category data are met.

Memrease is not a clinical service, a medical device, or a health record system. HIPAA does not apply — we are a UK company operating under UK GDPR. We do not make clinical decisions based on the content of memories, and we do not share health-related content with insurers, employers, or any party other than the sub-processors listed in this policy.

How we use artificial intelligence

Memrease uses AI to extract conversation threads from the memories you upload, to generate personalised daily prompts, and to power the guided conversation your recipient has each morning. This AI processing is central to how the product works — without it, the experience would not be possible.

The AI we use is provided by Anthropic, whose models process the content you upload in order to generate responses. This means that content you upload to Memrease — including personal details, family stories, photographs, and any health-related information contained within them — is transmitted to Anthropic’s systems for processing. Anthropic is based in the United States, and this constitutes a restricted international transfer of personal data (including special-category data) under UK GDPR.

Our safeguarding screening (described below) uses OpenAI’scontent moderation service, which is also based in the United States. Recipient messages — which may contain health disclosures — are transmitted to OpenAI for classification. OpenAI operates a zero-retention policy for moderation requests: content is not stored or used for model training.

In addition to recipient messages and uploaded photographs, we send to OpenAI’s moderation service any text we extract from documents, handwritten notes, and (in future) link previews. This is described in more detail in the “Documents, handwritten notes, and links” section above. It extends the existing transfer to OpenAI; it does not introduce a new sub-processor for moderation purposes. If we add a separate OCR sub-processor for handwritten content, we will list them below before that processing begins.

We rely on Standard Contractual Clauses (SCCs)as the legal mechanism for both transfers. These are standard contractual terms approved by the UK’s Information Commissioner’s Office that require the receiving party to protect the data to a standard equivalent to UK law. We have assessed that these transfers are necessary and proportionate to the service we provide, including for the special-category health data that may be included.

We describe our AI-powered features by what they do, not by how they do them. We do not make claims about the capabilities of the underlying AI technology beyond what we can substantiate. We apply safeguarding checks to content before it is processed and before it is returned to recipients, to protect against harmful or inappropriate outputs.

The AI does not make automated decisions with legal or similarly significant effects. All AI outputs are conversational prompts — they do not determine access, entitlements, or assessments.

Safeguarding screening

To help protect vulnerable adults, we automatically screen messages sent by recipients during conversations for patterns that may indicate safety concerns — such as self-harm, violence, abuse, or criminal activity. This screening is performed using a content-moderation service provided by OpenAI and our own pattern-matching rules.

If a message is flagged, it is reviewed by a member of the Memrease safeguarding team. After review, we may take no further action (most flagged messages are not genuine concerns), alert the family curator who invited the recipient so they can check in on their family member, or in rare cases involving imminent risk, contact relevant authorities in line with our safeguarding duty.

What we mean by “reviewed by the safeguarding team.” Our safeguarding team is a small number of Memrease staff who have signed confidentiality and safeguarding undertakings. When an item is flagged, or a memory is escalated for review, the reviewer can see the information needed to make a decision: the specific message, photograph, or extracted text that was flagged; the memory it is part of (including the title, the curator’s story text, any associated photographs, and the most recent conversation transcript if the flag arose there); and the curator and family associated with it. They cannot see data belonging to other families.

After review, the team may take no further action, ask the curator to edit the memory and resubmit, redact or remove it, contact the curator with guidance, or — in rare cases involving imminent risk — contact relevant authorities. These decisions are recorded in an internal audit log.

We do not use content reviewed under this process for any other purpose. It is not used to train models, to generate marketing material, or to share with any third party beyond the sub-processors already listed in this policy.

We retain safeguarding review records for seven years, in line with clinical record-keeping guidance, and handle them under strict access controls.

Lawful basis: legitimate interests (safeguarding of vulnerable adults), supported by explicit consent obtained at sign-up.

Who we share your information with

We do not sell your personal data. We do not allow advertisers to target you through Memrease. We share data only with the service providers listed below, who process it on our behalf under contractual data processing agreements:

Supabase — database, file storage, and backend infrastructure. Data is stored in the European Economic Area (EEA).
Anthropic — AI processing (story text analysis, prompt generation, and — for Heritage-tier families with the photo-descriptions setting turned on — photograph description and prompt drafting). Based in the United States; transfer governed by Standard Contractual Clauses with the UK addendum, executed under Anthropic’s Data Processing Addendum. Photographs and message content are not retained for model training under our DPA.
OpenAI — content moderation for safeguarding screening of recipient messages, uploaded photographs, and text extracted from documents, handwritten notes, and link previews. Zero-retention policy: content is not stored or used for training.
Mapbox — reverse-geocoding of photo coordinates to place names. We send only the latitude and longitude extracted from your photo’s hidden metadata — never your name, your family’s name, or the photograph itself. Mapbox has committed not to attempt to re-identify de-identified location data. Based in the United States; transfer governed by Standard Contractual Clauses.
Resend — email delivery (magic links, notifications, digest emails).
Stripe — payment processing and subscription management.
Vercel — hosting and deployment infrastructure.
Cloudflare — bot screening (Turnstile) on our sign-in and demo pages, to tell human visitors from automated ones. It sees only the technical signals of the challenge interaction — such as your IP address and browser information — never your memories or anything else from your family’s account. Based in the United States; transfer governed by Standard Contractual Clauses.

We may disclose personal data if required to do so by law, by a court order, or by a regulatory authority. We would notify you of any such request unless legally prohibited from doing so.

How long we keep your information

Account and memory data: retained for as long as your account is active. If you request deletion of your account or family, we begin a 30-day grace period during which everything is recoverable. After 30 days, personal data is permanently deleted. Anonymised aggregate statistics may be retained for product improvement purposes.

Conversation logs:retained for the lifetime of the recipient’s account. If the family account is deleted, conversation logs are deleted with it.

Billing records: we are required by UK law to retain financial transaction records for seven years. These records are minimal (transaction ID, amount, date, subscription tier) and do not include payment card data, which is held by Stripe.

Authentication logs: retained for 90 days for security purposes, then deleted.

Safeguarding records: retained for seven years in line with clinical record-keeping guidance.

Enforcement records: where we have terminated an account because a user has breached our terms of service, we retain a minimal enforcement record for seven years. This contains a cryptographic hash of the user’s email address, the Stripe customer and payment-method identifiers associated with the account, and a short note of the reason for termination. We use this record to prevent the same person from creating another account or subscribing again, and to process any appeal. It does not contain the content of memories or conversations. Our lawful basis is our legitimate interest in preventing harm to vulnerable adults (Article 6(1)(f) UK GDPR), supported by Article 9(2)(g) where the safeguarding of vulnerable adults constitutes a substantial public interest. You can contest a decision by emailing hello@memrease.com.

If a recipient passes away, we pause all data processing timers and give the family time to export or delete the library at their own pace.

Cookies and similar technologies

Memrease sets only cookies that are strictly necessary to deliver the product. We have deliberately chosen not to add analytics, advertising, behavioural, or third-party tracking cookies, and we do not use Google Analytics, Meta Pixel, TikTok Pixel, Hotjar, or any equivalent platform. Because of this, we do not display a cookie consent banner: there are no non-essential cookies for you to accept or reject.

Our commitment.If we ever add cookies that would require consent under the UK Privacy and Electronic Communications Regulations (PECR) — for example, analytics or marketing cookies — we will add a proper consent mechanism and update this policy before doing so. You will not encounter a non-essential cookie you weren’t asked about.

What we set

Across memrease.com (the marketing site) and app.memrease.com (the product itself), Memrease sets the following:

Supabase authentication cookies— first-party, set on app.memrease.com only, required to keep you signed in. Cookie names typically begin with sb-. Duration matches your session and refresh tokens (rolling, up to a few weeks). Strictly necessary; the product cannot function without these.
Preference settings— first-party. Most are stored in local storage rather than as cookies (theme, font size, display options). These are functional and never used for tracking. UK PECR treats local storage equivalently to cookies for transparency purposes, which is why we mention it here.

Third-party cookies

Stripe— when you use a paid feature and are redirected to Stripe to complete checkout, Stripe sets cookies on its own domain (checkout.stripe.com) for fraud prevention and session continuity. These are governed by Stripe’s cookie policy. We do not embed Stripe’s scripts on memrease.com, so Stripe sets no cookies on our own domains.

What we deliberately don’t use

Vercel Analytics— we use Vercel’s cookieless analytics for traffic measurement. It uses anonymous, edge-aggregated data only; it sets no cookies on your browser and identifies no individual user.
Google Analytics, Meta Pixel, TikTok Pixel— none of these have ever been deployed on Memrease, and none are planned.
Behavioural retargeting or marketing cookies— none.

You can clear Memrease’s authentication cookies at any time by signing out of the product. Your browser’s privacy settings will also let you block or delete cookies; doing so may stop parts of the product working.

Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted data storage and transmission (TLS), row-level security on our database so that each family’s data is accessible only to authorised members of that family, HMAC-authenticated recipient links, and biometric authentication options for recipients where their device supports it.

We are a small team at an early stage of development, and we want to be honest about what that means: we do not have the security infrastructure of a large enterprise, and we continue to improve our practices as the product matures. If you discover a security vulnerability, please contact us at privacy@memrease.combefore disclosing it publicly — we will respond promptly.

Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

Access — you can request a copy of the personal data we hold about you.
Rectification — you can ask us to correct inaccurate or incomplete data.
Erasure — you can ask us to delete your personal data. We will action this within 30 days, subject to any legal obligations to retain certain records.
Restriction — you can ask us to restrict how we process your data in certain circumstances.
Portability — you can request an export of your data in a structured, machine-readable format.
Objection — you can object to processing based on legitimate interests.
Withdrawal of consent — where we rely on consent for a particular form of processing (such as digest emails), you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at privacy@memrease.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office at ico.org.uk.

You can also request deletion directly within the app under Settings → Data & Privacy → Delete my account.

A note on vulnerable recipients

Many of the people at the heart of Memrease are elderly, and some are living with dementia or other conditions that affect memory, cognition, and the ability to make decisions. We designed Memrease specifically for this context, and we want to be transparent about how it shapes our approach to privacy.

We have tried to build a product that is calming, simple, and that never places demands on a recipient that they cannot meet. We do not surface complex privacy notices to recipients — that responsibility rests with the curator, who knows the recipient and their circumstances. We limit what curators can see about a recipient’s private responses. We apply a circadian awareness layer that modifies the experience at night to protect confused recipients from distressing interactions.

We are not a clinical service, and Memrease is not a medical device. But we are aware that the people using this product may be in a vulnerable position, and we take that seriously in every design and data decision we make.

Tag consent

When someone in your family includes you in a memory, we send you a notification asking if you’re happy to be tagged. You have 24 hoursto approve, decline, or untag yourself. If you don’t reply within that window, the tag stays — this is a deliberate choice not to make tags vanish silently because of holidays or a missed notification. You can always untag yourself later, and you can always withdraw your consent to be tagged at all from your settings.

Children using Memrease

Memrease accounts and AI conversation features are only available to people aged 13 or older. We never address AI conversations directly to anyone under 13. A grandchild may appear in a family memory (“the day Sarah was born”); they don’t get an account or receive AI-conversation prompts until they’re old enough and, where required under UK GDPR Article 8, parental consent is in place. If you’re an adult adding a memory that names a child in another family, please make sure that family is comfortable with the mention.

When a family member dies

When a family member dies, their memories don’t disappear. Their stories belong to the family they were part of, and the family retains the right to keep, share, or delete those memories. The right to be forgotten under UK GDPR is a right of the living person; on death, control of the records passes to the family. If you’re an executor or family member dealing with a Memrease account belonging to someone who has died, contact us at privacy@memrease.comand we’ll help you through the options.

Memrease is not a medical or cognitive-assessment tool

Memrease is not a medical device and is not intended to diagnose, monitor, prevent, predict, or treat any medical condition, including but not limited to dementia, mild cognitive impairment, or other cognitive conditions.

Internal product signals that Memrease uses to adjust the tone, length, and cadence of its generated content are operational measures of how our product is working for a given user. They are not clinical assessments, and they are not made available to users, family members, care staff, clinicians, or any other party for use in health-related decisions.

Any decisions about a family member’s health, cognitive state, or care should be made in consultation with qualified medical professionals, not on the basis of any signal or output from Memrease.

Changes to this policy

We will update this policy as the product develops. When we make significant changes, we will notify curators by email and display a notice in the product. The date at the top of this document reflects when it was last updated.

Minor changes — corrections, clarifications, updated processor contact details — will be made without specific notification, but the updated date will always reflect any revision.

Contact us

For any questions about this policy, to exercise your rights, or to report a concern: privacy@memrease.com. For general enquiries: hello@memrease.com.

Kinesis Consultants Ltd · ICO registration ZC116604 · Registered in England and Wales · #406 Peppercorn Court, 18 Blair Street, London E14 0NY

Privacy policy