mementō Privacy Policy

Last updated: 30 May 2023.

Mementō is a product of IonSpin UG (haftungsbeschränkt), we are a startup dealing in data, identity and security management. This privacy policy will explain how our organization uses the personal data we collect from you when you use our application.


What personal data do we collect and how do we collect it?

We collect the following data when you are using the app:

Email

  • How do we collect it When you register for an IonSpin account you provide us with the email yourself
  • Why do we collect it We need your email as a main point of contact and to ensure that you can reset your account in case you lose your device or access to your account credentials. Performance of a Contract – GDPR 6(b)
  • How long do we store it? As long as you keep your account open with us.

We use RapidMail to send transactional emails (registration email, account reset and similar). RapidMail is headquartered in Germany and doesn’t export your data outside EEA (European Economic Area)

IP address

  • How do we collect it When you connect to our servers we collect your IP address. You connect to our servers through the mementō app which enables it to work as expected. Legitimate interests – GDPR 6(f)
  • Why do we collect it We collect your IP address so we can protect our infrastructure against attacks
  • How long do we store it? We store your IP for one month.

Apart of the mentioned services we use, we don’t share your personal data with other companies.

We never sell your data to anyone.


Other data we collect

The following data is not personally identifiable information, but we want to be transparent and let you know about it.

Device data

To be able to sync data between your devices we store information about them. This data is randomly generated and doesn’t personally identify you. We also don’t use this data for any other purpose than enabling all your devices to sync with our servers.

  • How long do we retain this data? We retain this data as long as you use this device. If you remove the device from your account it is permanently deleted.

Remote storage account data (Google Drive, OneDrive, etc)

When you are using mementō application one of the functionalities is interacting with remote storage accounts like Google Drive or OneDrive. To sync this information between your devices you account information is end-to-end encrypted using symmetric encryption and then stored on our servers. This means that we are unable to access your remote storage account data in any way. Currently only data that we sync is the type of remote storage (Googl Drive or OneDrive), and the email that is connected to that remote storage.

Google data statement

The use of information received from Google Drive APIs will adhere to the Google User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements (https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes).

  • How long do we retain this data? We retain this data as long as you use that particular remote storage account. If you remove the remote storage from your account the data is permanently deleted.

App crash data

In case mementō app crashes, you are offered to share the crash log with us so we can improve the app and fix the problem you experienced. Crash logs contains the app version, android operating system version, phone brand and model if used on a mobile phone and error description (exception stack trace). None of this data contains personally identifiable information.

  • How long do we retain this data? There is no time limit on retaining crash data, we will periodically delete it when we determine that the data is not usefull for fixing bugs any more.

Changes to our privacy policy

Our Company keeps its privacy policy under regular review and places any updates in the application itself and on website https://www.ionspin.com.

How do we store your data? Your data is stored at a secure Hetzner data center located in Nuremberg, Germany. Your data is encrypted during transfer, and additionally your mementō data (which storage accounts you use) is end-to-end encrypted using symmetric encryption.

Although we will do our best to protect the information you provide to us, no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.


What are your data protection rights?

Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access – You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: gdpr@ionspin.com Call us at: +491746017988 Or write to us: IonSpin UG Quirinstr. 18, 50676 Cologne, NRW, Germany


How to contact the appropriate authority

Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.

Email: poststelle@bfdi.bund.de Address: Graurheindorfer Straße 153, 53117 Bonn