Rammenta
Legal
Rammenta Privacy Policy
Last updated: June 15, 2026 · Draft for founder review. Resolve every [bracketed] placeholder and the [CONFIRM] items before publishing.
Rammenta ("Rammenta," "we," "us," or "our") is a voice-first memory app for iPhone, Mac, and Apple Watch that records audio, transcribes it, identifies speakers, and helps you search, summarize, and recall your recordings, notes, and connected accounts. This Privacy Policy explains what data we collect, how we use it, who we share it with, how long we keep it, your rights, and how to contact us.
Rammenta runs as a cloud service. This policy covers the Rammenta apps and the Rammenta cloud operated at rammenta.com, and applies whenever you use Rammenta. Your data is stored in private, per-account space that only you can access, and is never used to train AI models.
Contact: privacy@rammenta.com · Data controller: [LEGAL ENTITY NAME], [ADDRESS].
1. Summary · 2. Data we collect · 3. How we use it · 4. Google / Gmail data · 5. Sub-processors · 6. Your rights · 7. Retention & deletion · 8. Security · 9. International transfers · 10. Children · 11. Changes · 12. Contact
1. Summary (the short version)
- Your recordings, transcripts, notes, and connected accounts are stored in private, per-account storage in our cloud (Supabase, hosted on AWS in the United States) so you can search, chat with, and recall across everything you capture.
- We process audio recordings, transcripts, voiceprints (a biometric identifier), notes, and, only if you connect them, Gmail and iMessage content.
- We use third-party processors to transcribe audio and run AI features. None of them are permitted to use your data to train their models, and we do not sell your data or use it for advertising.
- Voiceprints are biometric data and are treated as a special category requiring your explicit consent.
- You can delete your account and all associated data at any time. Note the recovery window in Section 7.
2. Data we collect and process
a. Account data. Email address, authentication identifiers (including Sign in with Apple / Google sign-in if used), and subscription/billing status. Passwords are handled by our authentication provider and are never stored by us in readable form.
b. Audio recordings. Audio you record in the app. Recordings are uploaded to private, per-account storage for transcription and recall.
c. Transcripts. Text transcriptions of your recordings, including speaker labels and timestamps.
d. Voiceprints (biometric data, special category). If you enroll, we create a mathematical voiceprint that lets Rammenta recognize speakers automatically. A voiceprint is a biometric identifier and is treated as a special category of personal data under GDPR Article 9 and similar laws. We create and use voiceprints only with your explicit consent, and only to attribute speech to the right speaker within your own account. You can withdraw consent and delete your voiceprints at any time (Section 6).
e. Notes and highlights. Notes you write, highlights you save, and quote cards you create.
f. Connected Google / Gmail data (only if you connect Gmail). See Section 4.
g. Connected iMessage data (only if you enable it on macOS). If you enable the iMessage integration, the macOS app reads messages from the local Messages database on your Mac (using access you grant) and uploads them to your private, per-account storage so they can be searched and recalled. We only process the conversations you choose to include. We do not access messages on any device you have not granted access to.
h. Usage and diagnostic data. Limited operational data (e.g. feature usage, error logs) used to run and improve the service.
We do not collect data for advertising, and we do not sell personal data.
3. How we use your data
We use your data to:
- Transcribe your recordings and label speakers;
- Generate summaries, action items, highlights, and audio overviews;
- Power AI search and chat across your recordings, notes, and connected accounts;
- Recognize speakers via voiceprints (with your consent);
- Operate your account, provide support, and secure the service;
- Comply with legal obligations.
We use your data only to provide and improve user-facing features that are prominent in the Rammenta app. We do not use it for advertising, we do not sell it, we do not use it to determine creditworthiness, and we do not use it to train AI models.
4. Google / Gmail data: how we access, use, store, and share it
If you choose to connect your Gmail account, Rammenta requests a single, read-only permission:
https://www.googleapis.com/auth/gmail.readonly — read-only access to your Gmail messages and settings.
How we access it. We use Google OAuth. You are redirected to Google to grant access; you can revoke this access at any time from your Google Account settings or from within Rammenta. We never see or store your Google password.
What we access and why. To make your email searchable and usable inside Rammenta's AI recall and audio-overview features, we read the full content of your messages (headers and bodies). This content access is necessary for these features; metadata alone would not enable search or recall across the substance of your email.
How we store it. Connected email is stored in your private, per-account storage in our cloud (Supabase): the original message is archived in a private storage bucket, parsed message data is stored in access-controlled database tables, and message text is split into chunks and converted into vector embeddings so it can be searched. All of this is isolated to your account using row-level security and encrypted at rest. Your Google OAuth tokens are stored encrypted in a dedicated secrets vault and are never exposed to the Rammenta apps or to other users; only our secure server-side functions can use them.
How we share it. We do not sell your Google user data and do not use it for advertising. We share message content only with the sub-processors listed in Section 5 strictly to provide Rammenta's features (for example, sending text to our AI provider to answer your questions about your own email), and only to the extent necessary. We do not allow humans to read your Google user data except where you have given affirmative agreement to view specific data, where necessary for security, where required by law, or where the data is aggregated for internal operations.
Limited Use. Rammenta's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Deleting Google data. You can disconnect Gmail at any time, which stops further syncing. Disconnecting and/or deleting your account removes the imported email data from your account per Section 7.
5. Sub-processors and AI providers
We use the following service providers to operate Rammenta. Each is contractually restricted to processing your data only to provide services to us, and none is permitted to use your data to train its own models.
[CONFIRM] Verify the "no training" / DPA terms with each provider below before publishing. This is the one assertion in this policy that must be contractually true, not just intended; it is also the linchpin of Google's Limited Use review.| Provider | Purpose | Data processed |
|---|---|---|
| Supabase (database, storage, auth, secrets vault; hosted on AWS, US) | Cloud storage and infrastructure | All cloud-synced data: recordings, transcripts, voiceprints, notes, email, iMessage |
| AssemblyAI | Speech-to-text transcription, speaker analysis, and AI gateway for chat/recall | Audio recordings, resulting transcripts, and text (incl. connected-account text) sent for AI features |
| Anthropic (Claude) | AI summaries, chat, and grounded recall over your content | Transcripts, notes, and connected-account text relevant to your request |
| ElevenLabs | Audio-overview voice generation | Text used to generate audio overviews |
We update this list as our providers change. We require each sub-processor to provide appropriate security and confidentiality protections and to not train on your data.
6. Your rights and choices
Depending on your location (including under GDPR and the CCPA/CPRA), you may have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Delete your data, including the right to erasure (Section 7);
- Export / portability of your data;
- Withdraw consent, including consent to biometric voiceprint processing, at any time;
- Object to or restrict certain processing;
- Lodge a complaint with a supervisory authority.
To exercise any right, email privacy@rammenta.com or use the in-app account controls. You can delete your voiceprints specifically at any time from the app, and you can disconnect Gmail or iMessage at any time.
We do not sell your personal data and do not "share" it for cross-context behavioral advertising as defined under the CCPA/CPRA.
7. Data retention and deletion
Ordinary deletes (recovery window). When you delete a recording, it first moves to a "Recently Deleted" state for a short period, and then enters a protected recovery state. Deleted content may be recoverable for up to six (6) months before it is permanently and irreversibly removed by our automated cleanup process. This recovery window exists to protect you against accidental loss.
Voiceprint retention. Voiceprints are retained while your account is active and while you keep speaker recognition enabled. Deleting a recording does not by itself delete a previously enrolled voiceprint. You can delete your voiceprints at any time from the app, and they are deleted when you delete your account.
Full account erasure. You can request deletion of your account and all associated data, including recordings, transcripts, voiceprints, notes, and any connected Gmail or iMessage data, by emailing privacy@rammenta.com or using "Delete my account" in the app. On an erasure request we permanently delete your data, including voiceprints and any data still inside the recovery window, except where we are required by law to retain limited records.
Legal retention. We may retain minimal data as required to comply with legal obligations, resolve disputes, and enforce agreements.
8. Security
We protect your data with:
- Encryption in transit (TLS/HTTPS) between the apps, our cloud, and all providers;
- Encryption at rest for the database and file storage;
- A dedicated secrets vault for OAuth tokens and credentials, accessible only to secure server-side functions, never to the apps or to other users;
- Row-Level Security (RLS): every record is scoped to its owner so one user can never access another user's data;
- Private, per-account storage for audio, email, and attachments;
- Device Keychain storage for your session and any local integration credentials.
No method of transmission or storage is 100% secure, and we do not claim end-to-end encryption. We do not have access to your data beyond what is necessary to operate the service and is described in this policy. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.
[CONFIRM] Point-in-Time Recovery (PITR) backup status: do not add any specific backup/recovery claim here until verified in the Supabase dashboard.9. International data transfers
Rammenta's cloud is hosted in the United States. If you access Rammenta from outside the United States, your data will be transferred to and processed in the United States and other countries where our sub-processors operate, under appropriate safeguards (such as Standard Contractual Clauses where required).
10. Children
Rammenta is not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their personal data.
11. Changes to this policy
If we change how we use your data, including Google user data, we will notify you and, where required, ask for your renewed consent before applying the change. Material changes will be posted here with an updated "Last updated" date.
12. Contact
Rammenta, [LEGAL ENTITY NAME]
Email: privacy@rammenta.com
[Mailing address]
[Data Protection Officer / EU-UK representative, if applicable]