Privacy Policy

1. Data Residency & Sovereignty

Your journal data is stored on AWS infrastructure in Canada (ca-central-1). Production AI processing is configured for a Canadian Vertex AI region. Launch is blocked if that regional configuration cannot be verified.

2. Data Minimization

We believe in collecting the absolute minimum required to be useful. We do not collect:

• Exact dates of birth (we only store month and year)
• Full names (first names or nicknames only)
• Home addresses

3. Identity Protection

We never ask for or store your phone number, email, or password. Calmemo runs inside Telegram, and your journal is keyed only to your Telegram chat ID — a pseudonymous identifier — so there is no separate account or contact information for us to hold.

4. Telegram as the Messaging Platform

Messages you intentionally send to the Calmemo bot travel through Telegram and are delivered to Calmemo for processing. Telegram bot conversations are cloud chats, not end-to-end encrypted Secret Chats. Telegram processes information under its own privacy policy; Calmemo is an independent third-party bot, not a Telegram service.

5. How We Use AI

We use Google Vertex AI to turn your messages into structured, parent-reported logs and summaries. Calmemo does not use your journal for advertising or model training. Google processes content as our service provider under its Vertex AI data-governance terms.

6. Public Beta Boundary

The public beta is for adult caregivers in Canada. It is not intended for children to operate directly, healthcare providers, clinics, employers, emergencies, diagnosis, or treatment decisions.

7. Retention and Deletion

Journal events are retained for up to one year unless you delete them sooner. When you confirm /deletedata, Calmemo permanently erases your profile, children, caregiver memberships, health events, appointments, medications, and related records — this cannot be undone. The one exception: if you have or had a paid subscription, we retain limited billing records (such as Stripe customer and invoice identifiers and payment amounts — never any health information) for up to 6 years to meet tax and audit obligations, after which they are automatically deleted. Encrypted disaster-recovery copies may retain deleted records for up to 35 days before automatic expiry and are used only for service recovery.

8. Contact

Questions or privacy requests can be sent to hello@calmemo.com.