Privacy Policy
This Privacy Policy describes how YHLab ("we", "us", "our") collects, uses, and shares information when you use the Mnemosyne application and related services (the "Service"). We are the data controller for personal information processed in connection with the Service.
1. Information we collect
1.1 Information you provide
- Account information β your email address, display name, and authentication identifiers when you sign in (e.g., via Google).
- Study content β cards, folders, documents, source materials, and other content you create or upload.
- Communications β your messages to Mnemosyne's AI character, support requests, and feedback.
- Payment information β handled directly by our payment processors. We do not store full card numbers.
1.2 Information collected automatically
- Usage data β review history, study session timestamps, feature interactions, and aggregated learning statistics, used to power spaced-repetition scheduling and study analytics.
- Device and log data β device type, operating system, app version, IP address, crash reports, and basic diagnostic logs.
- Cookies and similar technologies β strictly necessary cookies for session management on the web. We do not use advertising cookies. You can refuse or delete cookies through your browser settings (typically under Settings β Privacy). Note that refusing strictly necessary cookies may prevent you from staying signed in.
2. How we use information
- To provide, maintain, and improve the Service;
- To generate spaced-repetition schedules and study analytics tailored to you;
- To power AI features you opt into (card generation, conversational assistance, long-term memory journal);
- To process subscriptions and prevent fraud;
- To respond to your support requests;
- To send service-related communications (account, billing, security);
- To comply with legal obligations.
We do not sell your personal information. We do not use your study content to train foundational AI models.
3. Legal bases (EEA / UK users)
For users in the European Economic Area or the United Kingdom, we rely on the following legal bases under GDPR / UK GDPR:
- Contract β to provide the Service you signed up for;
- Legitimate interests β to secure, debug, and improve the Service in ways you would reasonably expect;
- Consent β where required, for example for optional AI features;
- Legal obligation β for tax, accounting, and other regulatory requirements.
4. Third-party processors
We share information with the following providers strictly to operate the Service. Each is bound by data-processing terms.
| Provider | Purpose | Data shared |
|---|---|---|
| Google Firebase | Authentication, hosting, push notifications, crash reporting | Account identifiers, device data, crash logs |
| Google Gemini | AI card generation, conversational AI | Prompts you submit and source material you select for AI processing |
| RevenueCat | Subscription state management | Account identifier, subscription status |
| Paddle.com Market Limited | Web payment processing (Merchant of Record) | Name, email, billing address, payment details (handled by Paddle directly) |
| Apple App Store / Google Play | Mobile payment processing | Handled directly by the respective store |
| Cloud infrastructure providers | Server hosting, database, file storage | All data necessary to operate the Service |
5. International transfers
Our processors operate in jurisdictions including the United States, the European Union, and elsewhere. Where personal information is transferred outside your country of residence, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
6. Data retention
We retain different categories of data for the periods set out below. When you delete your account, your User Content is removed from our active systems immediately β there is no recovery window. Limited categories of data are retained beyond account deletion only where we are legally required to do so (for example, payment records under Korean tax and e-commerce law) or where the data is fully anonymized and no longer identifies you.
| Data category | Retention period | Reason |
|---|---|---|
| Account information (email, display name, auth identifiers) | Deleted immediately on account deletion | Service operation |
| Study content (cards, folders, sources, conversations) | Deleted immediately on account deletion | Service operation |
| Payment and transaction records | 5 years after the transaction | Korean Act on Consumer Protection in Electronic Commerce, Art. 6 |
| Review logs and study analytics | Deleted immediately on account deletion | Spaced-repetition scheduling |
| Access logs (IP address, user agent, request paths) | 3 months | Korean Communications Privacy Protection Act |
| Anonymized aggregate data | Indefinitely | Service improvement and statistics |
7. Your rights
Depending on your jurisdiction (including under GDPR, UK GDPR, CCPA, and similar laws), you may have the right to:
- Access the personal information we hold about you;
- Correct inaccurate information;
- Delete your information (subject to legal retention requirements);
- Port your data to another service;
- Object to or restrict certain processing;
- Withdraw consent at any time where processing is based on consent;
- Lodge a complaint with your local data protection authority.
You can exercise most of these rights directly from in-app settings (account deletion, data export). For other requests, contact yhlab.team@gmail.com.
8. Children
The Service is not directed to children under 14 (or under 16 in the EEA / UK). We do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us and we will delete it.
9. Security
We use industry-standard technical and organizational measures to protect your information, including encryption in transit, access controls, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
10. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified through the Service or by email. The "Last updated" date at the top of this page reflects the most recent revision.
11. Personal Information Protection Officer (κ°μΈμ 보 보νΈμ± μμ)
In compliance with the Personal Information Protection Act of the Republic of Korea (Article 31), we have designated the following Personal Information Protection Officer:
- Name: Kim Yuhwa (κΉμ ν)
- Position: Representative (λν), YHLab
- Email: yhlab.team@gmail.com
The Protection Officer is responsible for handling personal-information-related inquiries, complaints, and damage remedies. Korean users may also lodge complaints with the Personal Information Protection Commission (privacy.go.kr) or report violations to the Korea Internet & Security Agency (privacy.kisa.or.kr / 118).
12. Contact
For privacy questions or to exercise your rights, contact us at yhlab.team@gmail.com, or by mail at YHLab, 20, Heungdeok 1-ro, Giheung-gu, Yongin-si, Gyeonggi-do, Republic of Korea.