Privacy Policy

Memento AI Inc. ("Memento AI" or the "Company") establishes
and discloses this Privacy Policy in accordance with Article 30 of
the Personal Information Protection Act of the Republic of Korea.

Memento AI Inc. ("Memento AI" or the "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act of the Republic of Korea.

Note: The "Miller" service was previously known as "M24".
All references to "Miller" in this Privacy Policy refer to the same service formerly named "M24".

Note: The "Miller" service was previously known as "M24".
All references to "Miller" in this Privacy Policy
refer to the same service formerly named "M24".

This Privacy Policy is effective as of April 29, 2026.

This Privacy Policy is effective as of April 29, 2026.

1. Purpose of Processing Personal Information

Memento AI processes personal information solely for the purposes listed below and does not use it for any other purposes.

Category

Purpose

Membership Registration and Management

Identity verification, authentication, confirmation of intent to register, maintenance and management of membership status, prevention of fraudulent use

Service Provision

Voice transcription services, AI-based summarization and search, calendar integration, email integration (Google Gmail), document integration (Google Drive and Google Docs), memo management, personalized AI assistant services

Service Improvement

Service quality enhancement, new feature development, user experience analysis

Customer Support

Customer Support

Responding to inquiries, complaint handling, dispute resolution

Responding to inquiries, complaint handling, dispute resolution

1.

At Miller, security is a foundational requirement of the Service, not an afterthought. Miller is built to be a trusted home for the most personal data you create: the record of your daily thoughts, conversations, and work.

2.

This page explains how we approach security, the controls we have in place today, and where the program is headed as we move toward public launch.

3.

Operating entity. The Service is owned and operated by Memory Labs Inc., a corporation organized under the laws of the Republic of Korea.

2. Categories of Personal Information Collected

2.1 Screen Text Data

Item

Description

On-screen text

Text content extracted from the active screen and supported applications

Application context

Name and type of the active application

Browser context

Page title and URL of the active browser tab

Extraction timestamps

Time information of each text extraction

Additional Notice (Screen Text Data)

·

Optional: Screen text data is collected only if you grant screen access permission.

·

How it works: We extract text only — not screenshots, not video, not images. Visual content on your screen is never captured or transmitted.

·

Purpose: Used to provide context-aware AI features such as proactive summaries, smart suggestions, and automated recaps based on your current work context.

·

Scope: Text is extracted from supported applications only. Password fields and sensitive input areas are automatically excluded.

·

Control: You can revoke screen access permission at any time via in-app or device settings. Disabling will limit context-aware features.

·

Sharing: We do not sell this data. It may be processed by our AI providers (listed in Section 6) solely to deliver the Service.

·

Retention: Retained only as long as necessary for the purposes described in this Privacy Policy, or until you delete your account or data.

2.2 Information Collected at Registration

Item

Collection Method

Required

Email address

OAuth integration (e.g., Google)

Required

Nickname

OAuth integration

Optional

Profile image URL

OAuth integration

Optional

External service unique identifier (UID)

OAuth integration

Required

2.3 Information Collected During Service Use

2.3.1 Voice Transcription Records

Item

Description

Transcribed text

Text converted from voice input

Transcription start/end time

Time information of the recording

Speaker separation data

Information used to identify speakers

Audio files (voice recordings)

Original audio recorded through the Service, which may be uploaded to and stored on the server to enable transcription, summarization, and related features

Important: Original audio files may be transmitted to and stored on our servers in order to provide recording, transcription, and related Service features. We retain audio files only as long as necessary for the purposes described in this Privacy Policy and delete them in accordance with our retention policy, unless longer retention is required by law.

2.3.2 Calendar Information

Item

Description

Calendar name and description

Basic information of linked calendars

Event title

Title of calendar events

Event description

Detailed event description

Event start/end time

Time information

Attendee information

Attendee information

Name, email, participation type

Name, email, participation type

Time zone information

Time zone information

Time zone of the event

Time zone of the event

2.3.3 Memo Information

Item

Description

Memo title

Title created by the user

Memo content

Content written by the user

Created/updated timestamps

Creation and modification history

2.3.4 Chat Records

Item

Description

Conversation content

Conversations between the user and the AI assistant

Conversation timestamp

Time of interaction

2.3.5 Location and Activity Data

Item

Description

GPS coordinates

Latitude and longitude (recorded on location change)

Pedometer data

Step count

Activity start/end time

Activity duration information

Extraction timestamps

Time information of each text extraction

Additional Notice (Location/Activity).

·

Optional: Location and activity data are collected only if you grant permission.

·

Purpose: Used to support context-aware features (e.g., organizing your day, improving summaries, and providing personalized assistant features) and to improve service quality.

·

Control: You can disable location/activity permissions at any time in your device settings or in-app settings. Disabling may limit related features.

·

Sharing: We do not sell this data. We may process it using our processors listed in this Privacy Policy solely to provide the Service.

·

Retention: Stored only for as long as necessary for the purposes described in this Privacy Policy or until you delete your account/data, unless longer retention is required by law.

·

Sharing: We do not sell this data. It may be processed by our AI providers (listed in Section 6) solely to deliver the Service.

·

Retention: Retained only as long as necessary for the purposes described in this Privacy Policy, or until you delete your account or data.

2.3.6 Contact Information

Item

Description

Contact name

Name retrieved from the device’s contact list (for STT accuracy improvement)

Additional Notice (Contacts — Names Only).

·

Optional: Contact names are collected only with your explicit consent and permission.

·

Scope: We collect names only for accuracy support. We do not collect phone numbers, email addresses, or other contact details.

·

Purpose: Used solely to improve transcription accuracy (e.g., recognizing names).

·

Control: You may revoke this permission at any time. If revoked, contact-name based accuracy support may be disabled.

·

Sharing/Retention: Not sold or used for advertising. Processed only for Service delivery and retained only as necessary during service use or until deletion, unless required by law.

2.3.7 Email Information (Google Gmail)

Item

Description

Email metadata

Sender, recipient(s), subject, timestamps, thread/label identifiers

Email body

Plain-text body extracted from messages

Attachment metadata

Filename and MIME type only (file contents are not downloaded)

Additional Notice (Email Information).

·

Opt-in only — applies to users who enable Gmail integration: Email information is collected only from users who choose to enable this integration by explicitly connecting their Google account via the in-app “Connect Gmail” flow and granting the gmail.readonly scope. This section does not apply to users who sign up for Miller without enabling the Gmail integration.

·

Read-only access: Miller only reads your messages. Miller never sends, modifies, deletes, archives, or marks emails as read on your behalf.

·

How it works: After you connect Gmail, Miller periodically retrieves your recent messages in the background to enable AI-assisted features such as organizing meeting-related communications, surfacing relevant emails in personalized summaries, and answering your questions about past communications when you ask the AI assistant in chat.

·

Purpose: Used to organize meeting-related and work-related emails, surface them in personalized summaries, and enable AI-assisted recall and search across your communications.

·

Scope of access: Miller reads messages only as needed to provide the features above. Spam and explicitly excluded categories may be omitted depending on Google API behavior. Attachment file contents are not downloaded.

·

Control: You may disconnect Gmail at any time via in-app Settings → Integrations, or by revoking access at https://myaccount.google.com/permissions.

·

Sharing: Email content is not sold and not used for advertising. It may be processed by AI providers listed in Section 6 solely to deliver Service features.

·

Retention: Retained on Miller servers only while the Gmail integration is active. Deleted upon disconnection or account deletion.

Retention: Retained on Miller servers only while the Gmail integration is active. Deleted upon disconnection or account deletion.

2.3.8 Document Information (Google Drive and Google Docs)

Item

Description

File metadata

File name, MIME type, last modified time, owner, file ID

Document body

Plain-text or markdown content of Google Docs files read in response to user requests

Additional Notice (Document Information).

·

Opt-in only — applies to users who enable Google Drive integration: Document information is collected only from users who choose to enable this integration by explicitly connecting their Google account via the in-app “Connect Google Drive” flow and granting the drive.readonly and documents.readonly scopes. This section does not apply to users who sign up for Miller without enabling the Google Drive integration.

·

Read-only access: Miller only reads your files and documents. Miller never modifies, deletes, moves, shares, renames, or creates files in your Drive.

·

How it works (user-initiated, on-demand only): Miller reads files from Google Drive and Google Docs only when triggered by your explicit request to the AI assistant in Miller’s chat interface. When you send a message to the AI assistant that involves your documents — for example, asking the assistant to find a document, summarize a recent file, or reference content from your work — Miller retrieves and reads files from your Drive that the assistant determines are relevant to that specific request, at the moment of the request. Miller does not use a Google file picker. File selection is performed automatically by the AI assistant based on the conversational context of your chat message. This means Miller may list files in your Drive and read those it determines relevant to fulfilling your stated request. Miller does not pre-fetch, bulk-index, crawl, or background-synchronize your Drive files. If you do not interact with the AI assistant about your documents, Miller will not access your Drive after the initial connection.

·

Purpose: Used to retrieve and reference your existing Google Docs and Drive files in response to your chat requests, enable AI-assisted summarization and search across documents you ask about, and import documents into Miller as structured notes when you request it.

·

Scope of access: Miller lists and reads files the connected Google account has access to, only as needed to fulfill the specific user request being processed. Miller does not enumerate or read files in shared drives beyond what is necessary for the requested feature.

·

Control: You may disconnect Google Drive at any time via in-app Settings → Integrations, or by revoking access at https://myaccount.google.com/permissions. You may also avoid any Drive access entirely by simply not asking the AI assistant questions that involve your documents.

·

Sharing: Document content is not sold and not used for advertising. Document content read in response to your chat request may be processed by AI providers listed in Section 6 solely to generate the assistant’s response to that request.

·

Retention: File metadata and document content read on your behalf are retained on Miller servers only while the Drive integration is active and only to the extent necessary to provide ongoing chat context and the imported-notes feature. All such data is deleted upon disconnection or account deletion.

Retention: File metadata and document content read on your behalf are retained on Miller servers only while the Drive integration is active and only to the extent necessary to provide ongoing chat context and the imported-notes feature. All such data is deleted upon disconnection or account deletion.

2.4 Automatically Collected Information

Item

Description

IP address

Automatically collected upon service access

Device information

Service type (e.g., mobile)

Access logs

Request URL, HTTP method, response time

Additional Notice (Logs and Identifiers).

We use access logs and device information for security, fraud prevention, troubleshooting, performance monitoring, and to provide stable service operation. Where required, we limit collection to what is necessary and retain it for the periods described in Section 3.

3. Retention and Use Period of Personal Information

Category

Category

Item

Item

Retention Period

Retention Period

Member information

Email, nickname, profile image

Until account deletion or 1 year after last access

Voice transcription records

Transcribed text, timestamps

During service use or until account deletion

Calendar information

Events, attendee information

During service use or until account deletion

Memo information

Memo title and content

During service use or until account deletion

Chat records

AI conversation content

During service use or until account deletion

Location data

GPS coordinates

During service use or until account deletion

Access logs

IP address, access records

Until deletion request or 3 months

Voice recordings

Audio files (voice recordings)

During service use or until deletion request/account deletion (or as otherwise required by law)

Google email data

Email metadata, email body

Until Gmail disconnection or account deletion

Google document data

File metadata, document body read in response to user requests

Until Drive disconnection or account deletion

Retention required by law:

·

Records related to contracts or withdrawal of subscription: 5 years (E-commerce Act)

·

Records related to consumer complaints or dispute resolution: 3 years (E-commerce Act)

·

Access logs: 3 months (Communications Privacy Protection Act)

4. Provision of Personal Information to Third Parties

Memento AI does not provide personal information to third parties in principle, except in the following cases:

For clarity, we may share personal information with service providers acting as processors (as listed in Section 6) solely to provide the Service; this is not a "third-party disclosure" for independent purposes.

1.

When the user has given prior consent

2.

When disclosure is required by law or requested by investigative authorities in accordance with lawful procedures

5. Sharing, Transfer, and Disclosure of Google User Data

The Miller Service uses Google OAuth for authentication and accesses Google user data via the Google Calendar API, Gmail API, and Google Drive / Docs APIs.

Scope of application — opt-in integrations: The Gmail integration and the Google Drive / Google Docs integration are optional, opt-in features. The provisions in this Section that relate to email data and document data apply only to users who explicitly choose to enable the corresponding integration by connecting their Google account for that feature. Users who sign up for Miller without enabling Gmail integration are not subject to the Gmail-related provisions; users who do not enable the Drive/Docs integration are not subject to the Drive/Docs-related provisions. Each integration can be enabled or disabled independently at any time via in-app Settings → Integrations.

5.1 Data Collected from Google

Data Type

Items

Purpose

OAuth Scope

Trigger

Authentication data

Email, name, profile image

Registration and identity verification

openid, email, profile

User initiates login

Calendar data

Event title, description, time, attendees

AI assistant service provision

calendar

User connects calendar; periodic sync

Email data

Email metadata, email body, attachment metadata

Email organization, AI-assisted recall and summarization

gmail.readonly

User connects Gmail; periodic background sync

Document data

File metadata, Google Docs body

Retrieval and reference of documents in response to user chat requests

drive.readonly, documents.readonly

User-initiated only: triggered when the user asks the AI assistant in chat about their documents

5.2 Sharing and Transfer of Google User Data

Memento AI does not share, transfer, or disclose Google user data to any third party beyond the purposes and recipients listed below.

Recipient

Country

Purpose

Shared Data

Method

OpenAI

United States

AI-based summarization, analysis, and chat assistant responses

Calendar event data, email content, document content

API call

Anthropic

United States

AI-based summarization, analysis, and chat assistant responses

Calendar event data, email content, document content

API call

Amazon Web Services (AWS)

United States / Korea

Data storage and service hosting

Full Google user data (calendar, email, document)

Cloud storage

5.3 Google User Data Protection Policy

Miller's processing of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use commitments:

1.

Permitted uses only. Google user data (Gmail, Drive, Docs, Calendar) is used solely to provide or improve user-facing features that are prominent in the Miller application — specifically email organization, document retrieval and reference in response to user chat requests, calendar-based recall, and AI-assisted summarization.

2.

No sale. Google user data is never sold or transferred for monetary or other valuable consideration.

3.

No advertising use. Google user data is never used for personalized advertising, ad targeting, retargeting, or building advertising profiles.

4.

No unrelated transfer. Google user data is not transferred to third parties except (a) as necessary to provide or improve user-facing features (processors listed in Section 6 acting under contract), (b) for security purposes (e.g., investigating abuse), or (c) to comply with applicable law.

5.

No AI model training. Google user data is not used to train, fine-tune, or evaluate generalized or third-party AI/ML models. Contracts with all AI processors prohibit such use, and "no training" / "zero-data-retention" options exposed by their APIs are enabled where available.

Additional commitments:

·

No advertising use: Google user data is not used for advertising or marketing.

·

Explicit consent: All access to Google data is based on explicit user consent obtained via the standard Google OAuth consent flow.

5.4 Human Access Policy

Miller personnel and contractors do not read, view, or otherwise access Google user data of individual users, except in the following narrowly defined cases:

1.

With your explicit consent (e.g., when you submit a support request and authorize us to inspect specific data to resolve the issue);

2.

For security purposes, including investigation of abuse, fraud, or security incidents that affect the Service or other users;

3.

To comply with applicable law, regulation, court order, or lawful government request;

4.

For internal operations, and only after the data has been aggregated and de-identified such that it cannot be associated with any individual user.

Routine engineering, product development, and analytics workflows operate on aggregated, de-identified statistics — never on raw Google user data of identifiable users.

5.5 Disclosure Based on Legal Requirements

Google user data may be disclosed only in the following cases:

1.

Court orders or lawful legal procedures

2.

Lawful requests from investigative authorities

3.

Emergency situations necessary to protect life, body, or property

Where legally permitted, users will be notified before or after such disclosure.

5.6 Google Data Deletion and Revocation

·

Users may disconnect their Google integrations (Calendar, Gmail, Drive) at any time via in-app Settings → Integrations.

·

Upon disconnection of Google Calendar, all calendar data stored on Miller servers is immediately and permanently deleted.

·

Upon disconnection of Gmail, all email metadata and email body data stored on Miller servers are immediately and permanently deleted.

·

Upon disconnection of Google Drive, all file metadata and document content read on the user's behalf and stored on Miller servers are immediately and permanently deleted.

·

Upon account deletion, all Google-related data across all integrations is permanently deleted within the timeline described in Section 8.

·

Users may also revoke Miller's access at any time directly via Google Account settings: https://myaccount.google.com/permissions.

6. Outsourcing and Cross-Border Transfer of Personal Information

Processor

Country

Task

Transferred Data

Retention

OpenAI

United States

STT, text summarization, AI responses

Audio files and/or transcribed text, memos, chat data, calendar data, email content, document content

Deleted immediately after processing

Anthropic

United States

Text summarization, AI responses

Transcribed text, memos, chat data, calendar data, email content, document content

Deleted immediately after processing

Google

United States

STT, calendar integration, email integration (Gmail), document integration (Drive/Docs)

Transcribed text, calendar data, email metadata and body, document metadata and body

Until account deletion or disconnection

Fireworks.ai

United States

STT

Transcribed text

Deleted immediately

Assembly.ai

United States

STT

Transcribed text

Deleted immediately

Portkey.ai

United States

AI routing and monitoring

Request metadata

Deleted immediately

AWS

United States / Korea

Cloud infrastructure and storage

All service data

Until account deletion

Google Analytics

United States

Usage analytics

Non-identifiable usage data

Upon request or account deletion

Mixpanel

United States

Usage analytics

Non-identifiable usage data

Upon request or account deletion

Microsoft Clarity

United States

UX analysis

Non-identifiable usage data

Upon request or account deletion

Where the table states “Deleted immediately after processing,” it refers to deletion by the relevant processor after completing the requested processing. Retention on our systems (if any) follows Section 3 (Retention and Use Period).

7. AI Model Training and Data Usage Policy

7.1 Prohibition of Third-Party AI Model Training

Memento AI does not allow third-party AI providers to use personal data for AI model training.

·

Data Processing Agreements (DPAs) are executed with all AI providers.

·

Data is processed solely for service delivery and deleted immediately afterward.

·

Training exclusion options provided by AI APIs are enabled.

7.2 Use of Anonymized Data

Fully anonymized data may be used for service improvement purposes only.

Purpose

Method

Example

Performance analysis

Removal of identifiers

Average transcription accuracy

Feature improvement

Aggregated data only

Most-used features

Error analysis

Context removal

Common error patterns

7.2 Use of Anonymized Data

All data used for service improvement is fully anonymized and processed only in aggregated statistical form.

8. Destruction of Personal Information

8.1 Procedure

Personal information is destroyed without delay once the retention period expires or the processing purpose is fulfilled.

8.2 Method

·

Electronic files: Permanent deletion using non-recoverable methods

·

Printed materials: Shredding or incineration

8.3 Timeline

Destruction is carried out without delay (within 5 days unless justified).

9. Rights of Data Subjects

Users (including legal guardians) may exercise the following rights:

·

Right to access personal information

·

Right to rectification

·

Right to deletion

·

Right to restriction of processing

·

Right to withdraw consent

Requests may be submitted via:

·

Email: contact@trymiller.com

·

In-app settings

Responses are provided within 10 days, subject to legal limitations.

10. Security Measures

Memento AI implements the following safeguards:

·

Secure storage and tamper-proof access logs

·

Network security measures such as firewalls and VPCs

11. Use of Automatic Data Collection Tools

We use analytics tools (e.g., Google Analytics, Mixpanel, Microsoft Clarity) to understand usage patterns, improve features, and enhance user experience. These tools may collect usage events and device/app information.

·

Choice/Consent: Where required by applicable law (including in certain jurisdictions), we will obtain your consent before enabling non-essential analytics.

·

Opt-out: You can opt out of analytics via in-app settings or device settings. Opting out may limit our ability to improve the Service, but core features will remain available.

12. Chief Privacy Officer

Item

Details

Name

Jisan Kim

Title

CEO / Chief Privacy Officer

Email

contact@trymiller.com

13. Remedies for Privacy Infringement

Users may contact the following organizations for dispute resolution:

·

Korea Internet & Security Agency (KISA): 118

·

Personal Information Dispute Mediation Committee: 1833-6972

·

Supreme Prosecutors' Office Cyber Bureau: 1301

·

National Police Agency Cyber Bureau: 182

14. Children's Privacy

The Miller Service is not intended for children under the age of 14 and does not knowingly collect their personal information. Any such data discovered will be promptly deleted.

15. Changes to This Privacy Policy

Changes will be announced at least 7 days in advance. Material changes will be announced at least 30 days in advance, and renewed consent may be requested.

16. Addendum

·

Original Announcement Date: November 24, 2025

·

Original Effective Date: December 1, 2025

·

Amendment Announcement Date: April 29, 2026

·

Amendment Effective Date: April 29, 2026

Change History

Effective Date

Summary

2025-12-01

Initial release (under the previous service name “M24”)

2026-04-29

Renamed the service from “M24” to “Miller” (operator and legal entity unchanged). Updated contact email domain to trymiller.com. Added provisions for Google Gmail integration (Sections 1, 2.3.7, 3, 5, 6) and Google Drive / Google Docs integration (Sections 1, 2.3.8, 3, 5, 6). Clarified that Gmail and Drive/Docs integrations are opt-in and apply only to users who choose to enable them. Clarified that Drive/Docs access is user-initiated and triggered only by user requests to the AI assistant in Miller’s chat interface. Added explicit Limited Use Policy commitments (Section 5.3) and Human Access Policy (Section 5.4) in compliance with the Google API Services User Data Policy.