| Field | Details |
|---|---|
| Company Name | MEMOIZE AI LLC |
| Legal Form | Limited Liability Company organized under the laws of the State of Indiana, USA |
| Registered Agent | Northwest Registered Agent LLC |
| Principal Address | 5534 Saint Joe Road, Fort Wayne, IN 46835, USA |
| Privacy Contact | privacy@memoizeai.com |
| Legal Contact | legal@memoizeai.com |
| Security Contact | security@memoizeai.com |
| Support Contact | support@memoizeai.com |
| Controller/Processor Role | Controller for Merchant account data; Processor for End User data on behalf of Merchants |
MEMOIZE AI LLC provides a memory-powered AI chat widget for e-commerce merchants. The Services are available to merchants operating on any e-commerce platform or standalone website that supports custom JavaScript, including Shopify, WordPress/WooCommerce, BigCommerce, Wix, Squarespace, Next.js/React, and custom HTML websites. Merchants subscribe through memoizeai.com. This Privacy Policy governs all data processing activities.
This Privacy Policy currently governs data processing for United States consumers only. MEMOIZE AI LLC operates exclusively in and targets the United States market. International data protection provisions will be added prior to any expansion of services outside the United States.
This Privacy Policy applies to:
MEMOIZE AI LLC operates as a Processor with respect to End User personal data, processing it on behalf of Merchants (who are the Controllers). This Privacy Policy describes how MEMOIZE AI LLC processes personal data in its capacity as both a Processor (for End User data) and a Controller (for Merchant account data).
With respect to personal information of California consumers processed through the Services, MEMOIZE AI LLC acts as a “Service Provider” as defined under Cal. Civ. Code § 1798.140(ag). MEMOIZE AI LLC does not sell or share End User personal information, does not retain, use, or disclose such information for any purpose other than performing the Services as specified in the Terms and Conditions, and does not combine such information with personal information received from or on behalf of another person or collected from MEMOIZE AI LLC’s own interactions with consumers, except as permitted under the CCPA/CPRA.
MEMOIZE AI LLC processes Consumer Health Data (as defined in the Terms and Conditions) under the Washington My Health My Data Act (RCW 19.373), the California Consumer Privacy Act as amended by the CPRA, the FTC Health Breach Notification Rule (16 CFR Part 318), and all other applicable U.S. state consumer health data and privacy laws. The Services are designed for e-commerce merchants and do not process data regulated under HIPAA. MEMOIZE AI LLC is not a Business Associate under HIPAA and does not execute Business Associate Agreements.
MEMOIZE AI LLC processes personal data for the following purposes:
Tier 1 (Wellness): General wellness topics (sleep, energy, stress, focus, relaxation). The AI provides product information using structure/function language. Messages and memories are stored normally.
Tier 2 (Soft Redirect): Health conditions commonly associated with supplement use (anxiety, insomnia). The AI provides a brief healthcare provider recommendation followed by product information using structure/function language. Memories are stored as abstracted wellness interests (e.g., “interested in sleep support”).
Tier 3 (Crisis): Indicators of mental health crisis (depression, suicidal ideation, self-harm, severe psychiatric conditions). The AI provides an empathetic response, the 988 Suicide & Crisis Lifeline, and a healthcare provider recommendation. No product recommendations are made. The End User’s message is redacted from the conversation transcript and memory extraction is skipped. The AI’s health redirect response remains in the conversation transcript accessible to the Merchant as Data Controller. MEMOIZE AI LLC provides this tier as a safety feature, not a clinical service.
Tier 4 (Clinical Disease): Named clinical diseases (diabetes, cancer, heart disease). The AI redirects to a healthcare provider and may provide general product information using structure/function language only. The End User’s message is redacted and memory extraction is skipped. The AI’s health redirect response remains in the conversation transcript accessible to the Merchant as Data Controller.
Medication Interaction Blocking (All Plans): Independent of the four health response tiers above, the AI chat widget blocks all medication interaction queries across all plans. When an End User asks about how a supplement interacts with a specific medication, the AI declines to provide medication-specific guidance and redirects the End User to a healthcare provider or pharmacist. This restriction is mandatory and cannot be disabled by the Merchant. Medication names mentioned by End Users are not stored in the memory system.
Health tier classification is performed by automated keyword matching and AI response analysis. It may produce false positives or false negatives. This system is a safety feature operated by MEMOIZE AI LLC and does not constitute clinical assessment.
We do NOT use End User memory data to:
The Services may not be used to:
MEMOIZE AI LLC collects and processes only the minimum personal data reasonably necessary and proportionate to provide the specific Services requested by the Merchant and End User, in accordance with Maryland Online Data Privacy Act § 14-4607 and Oregon Consumer Privacy Act ORS 646A.574 (requiring that personal data collected be “adequate, relevant, and reasonably necessary” for disclosed purposes), and equivalent state data minimization requirements. We periodically review our data collection practices to ensure ongoing compliance with applicable strictly necessary and data minimization standards.
MEMOIZE AI LLC will conduct Data Protection Assessments for processing activities involving sensitive data, including consumer health data, as required by applicable state laws including but not limited to: California CPRA § 1798.185(a)(15), Virginia Code § 59.1-580, Colorado Privacy Act Rules, Connecticut Data Privacy Act § 42-520, Indiana Code § 24-15, and Maryland Online Data Privacy Act § 14-4614. These assessments evaluate the benefits of processing against the potential risks to consumer rights, identify safeguards to mitigate identified risks, and are made available to the applicable state Attorney General upon request as required by law.
MEMOIZE AI LLC will assist Merchants in conducting Data Protection Assessments where the Services involve processing that is likely to result in a high risk to the rights and freedoms of consumers. We will provide information necessary to complete such assessments upon reasonable request.
We share personal data only with the following authorized sub-processors, under contractual data protection obligations:
| Sub-Processor | Role | Purpose | Location |
|---|---|---|---|
| Google LLC (Vertex AI / Gemini) | AI Inference | AI response generation using the memory retrieval system | USA |
| Google LLC (Cloud SQL) | Vector Database | Managed PostgreSQL with pgvector for vector storage | USA |
| Google LLC (Cloud Run) | Compute | Serverless compute — API hosting and frontend hosting | USA |
| Zoho Corporation (ZeptoMail) | Email Service | Transactional email routing and delivery | USA |
| Clerk Inc. | Authentication | Merchant login and session management | USA |
| Stripe Inc. | Payment Processor | Billing and subscriptions for memoizeai.com direct subscribers and payment processing | USA |
Google Vertex AI Zero Data Retention: We engage Google Vertex AI exclusively under enterprise “Zero Data Retention” settings. Prompts sent to Gemini and corresponding responses are not logged, stored, or used by Google for any purpose, including model training, beyond the immediate API request processing window. Google’s Data Processing Addendum contractually prohibits Google from using Customer Data for any purpose other than providing the inference service.
ZeptoMail Data Handling: ZeptoMail processes email addresses and message content solely for the purpose of routing transactional email communications. ZeptoMail does not process, store, or have access to consumer health data, End User memory data, or chat interaction data. Email content processed through ZeptoMail is limited to transactional communications including support correspondence, billing notifications, compliance-related notices, and Contact Form Mode submissions (shopper inquiries routed to the Merchant’s customer support team). Email volume is metered per Subscription Plan as set forth in the Terms and Conditions.
Stripe Payment Processing: Stripe processes payment information for all Merchant subscription billing (monthly and annual). Stripe is PCI-DSS Level 1 certified. MEMOIZE AI LLC does not store full payment card numbers.
Product Catalog Integration: When a Merchant initiates a catalog sync from the Dashboard, MEMOIZE AI LLC crawls the Merchant’s website URL to discover and extract product information using publicly available structured data (JSON-LD product schema). Extracted data includes product name, description, price, availability, and image URL. This data is embedded as vector representations using Google Vertex AI and stored in MEMOIZE AI LLC’s database to power product recommendations within the chat widget. Merchants may re-sync at any time to update the catalog. MEMOIZE AI LLC does not access Merchant e-commerce platform admin panels or APIs unless a specific platform integration is enabled and authorized by the Merchant.
MEMOIZE AI LLC maintains a current list of authorized sub-processors in the Terms and Conditions (Section 5.2). We provide reasonable advance notice before engaging any new sub-processor or materially changing the role of an existing sub-processor, by email to the Merchant’s primary contact and by updating the sub-processor list. Merchants may object to a new sub-processor by providing written notice to legal@memoizeai.com within a reasonable period following notification, specifying reasonable data protection grounds for the objection. If MEMOIZE AI LLC cannot reasonably accommodate the objection, either party may terminate the affected Services upon reasonable written notice, and the Merchant will receive a pro-rated refund of any prepaid, unused fees.
MEMOIZE AI LLC maintains a separate, standalone Consumer Health Data Privacy Policy as required by the Washington My Health My Data Act (RCW 19.373). That document governs all processing of consumer health data and is accessible at:
memoizeai.com/consumer-health-data-privacy-policy
A direct, prominent link to the Consumer Health Data Privacy Policy is maintained on the MEMOIZE AI LLC homepage and on every page where consumer health data may be collected, as required by RCW 19.373.
Conversation Data Export: Merchants may export conversation transcripts and memory data in CSV format via the Dashboard. Exported data reflects any redactions applied under Section 3.4 — End User messages involving crisis-level health queries or clinical disease disclosures appear as “[Health-related question — redacted per privacy policy]” in the export. The AI’s corresponding response in these conversations is not redacted and appears in full in the export; Merchants should treat AI response content in health-flagged conversations as potentially health-adjacent data subject to applicable privacy obligations. General wellness questions (e.g., questions about sleep, energy, or stress) are NOT redacted in exports. Once downloaded, the exported file leaves MEMOIZE AI LLC’s controlled environment. Merchants are solely responsible for securing exported data in compliance with applicable privacy laws, including the Washington MHMD Act, CCPA/CPRA, and all applicable state consumer health data laws. MEMOIZE AI LLC is not responsible for the security of data after export.
| Data Category | Retention Period |
|---|---|
| Merchant account data | Duration of account + 3 years post-termination (tax/legal purposes) |
| End User chat messages — Starter/Growth | 365 days from last End User interaction with the chat widget |
| End User chat messages — Scale/Enterprise | 365 days from last End User interaction with the chat widget |
| Vector embeddings (memory data) — Starter/Growth | 365 days from the shopper’s last interaction with the chat widget; after 365 days of inactivity, memory profiles are flagged for deletion and permanently purged within 30 days |
| Vector embeddings (memory data) — Scale/Enterprise | 365 days from the shopper’s last interaction with the chat widget; permanently deleted from active systems within thirty (30) calendar days of account termination |
| Contact Form Mode submissions | Processed by ZeptoMail for immediate email delivery; not retained by MEMOIZE AI LLC beyond ZeptoMail’s standard transactional email retention (90 days) |
| API request logs | 90 days |
| Billing records | 7 years (tax compliance) |
| Support emails (ZeptoMail) | 90 days after resolution |
| Backup systems | Overwritten/deleted within 90 days following active system deletion |
Upon account termination, Merchants may request a formal Certificate of Destruction confirming that all Merchant Data and End User data have been securely erased from all active and backup systems. Requests must be submitted in writing within thirty (30) days of termination to privacy@memoizeai.com.
The following rights are available to residents of states with active comprehensive privacy laws. The specific rights, timelines, and exemptions vary by state; see the state-specific sections below for additional detail. In general, you have the right to: know what personal information we collect and how it is used; access, correct, and delete your personal data; obtain a portable copy of your data; and opt out of the sale or sharing of personal information.
MEMOIZE AI LLC does not sell personal information.
MEMOIZE AI LLC does not share personal information for cross-context behavioral advertising.
End Users (Shoppers): Because MEMOIZE AI LLC processes your data as a Processor on behalf of the Merchant, please direct privacy requests to the Merchant first using the contact information on their website. If the Merchant is unresponsive after fourteen (14) days, or if the Merchant’s account has been terminated, you may contact MEMOIZE AI LLC directly at privacy@memoizeai.com.
Merchants: To exercise your rights or to relay an End User request, contact privacy@memoizeai.com.
You have the right to know, access, delete, correct, and opt out of the sale or sharing of personal information. You have the right to limit the use and disclosure of sensitive personal information. To exercise this right, contact privacy@memoizeai.com as required by Cal. Civ. Code § 1798.120.
MEMOIZE AI LLC does not sell or share End User personal information for cross-context behavioral advertising. We will verify your request and respond within forty-five (45) days, with one permitted forty-five (45) day extension upon notice. When exercising the right to data portability, your personal data will be provided in CSV format (or another readily usable, machine-readable format upon request).
You have the right to access, correct, delete, and obtain a copy of your personal data, and to opt out of profiling that produces legal or similarly significant effects. Requests may be submitted to privacy@memoizeai.com.
As a processor of Indiana residents’ personal data on behalf of Merchants, MEMOIZE AI LLC processes such data only on documented Merchant instructions, implements appropriate technical and organizational security measures, assists Merchants in fulfilling consumer rights requests within the timeframes required by Indiana Code § 24-15, deletes or returns all personal data upon termination, and cooperates with audits conducted by Merchants or qualified third parties.
You have the right to access, correct, delete, obtain a copy of, and opt out of processing of your personal data for targeted advertising, sale, or profiling that produces legal or similarly significant effects. We will respond within forty-five (45) days, with one permitted forty-five (45) day extension upon notice. If your request is denied, you may appeal by contacting privacy@memoizeai.com, and if the appeal is denied, you may contact the Virginia Attorney General at www.oag.state.va.us/consumer-protection/index.php/file-a-complaint.
Reproductive and Sexual Health Data: In accordance with Virginia SB 361, MEMOIZE AI LLC and its Merchants must obtain separate, specific consent before processing reproductive or sexual health information — including pregnancy status — beyond the general sensitive data consent. This consent must be distinct from any other consent obtained during onboarding or use of the Services.
Rights related to Consumer Health Data are governed by our standalone Consumer Health Data Privacy Policy at memoizeai.com/consumer-health-data-privacy-policy.
Effective April 1, 2026, Maryland residents have the right to access, correct, delete, and obtain a portable copy of their personal data. Maryland imposes a “strictly necessary” standard for the processing of sensitive data, including consumer health data: MEMOIZE AI LLC may collect, process, or share sensitive data of Maryland residents only when it is strictly necessary to provide or maintain the specific Services requested by the consumer (Md. Code, Com. Law § 14-4607). Consent does not override this requirement.
MEMOIZE AI LLC has prepared a strict necessity analysis mapping each category of consumer health data (allergies, dietary preferences, supplement regimen, and adverse reactions) to the specific product feature it enables — personalized product recommendations that account for health constraints, contraindications, and individual wellness goals. This analysis is available to the Maryland Attorney General upon request.
Maryland residents may exercise their rights by contacting privacy@memoizeai.com. If a request is denied, you may appeal, and if the appeal is denied, you may contact the Maryland Attorney General Consumer Protection Division at www.marylandattorneygeneral.gov/Pages/CPD/.
You have the right to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of targeted advertising, sale of personal data, and profiling that produces legal or similarly significant effects. We will respond within forty-five (45) days. If your request is denied, you may appeal to privacy@memoizeai.com, and if the appeal is denied, you may contact the Colorado Attorney General at coag.gov/file-complaint.
You have the right to access, correct, delete, obtain a portable copy of, and opt out of the processing of your personal data for targeted advertising, sale, or profiling. We will respond within forty-five (45) days. If your request is denied, you may appeal to privacy@memoizeai.com, and if the appeal is denied, you may contact the Connecticut Attorney General at portal.ct.gov/ag/services/file-a-complaint.
In accordance with Connecticut SB 1295 (effective July 1, 2026), MEMOIZE AI LLC discloses that End User personal data processed through the Services is NOT used for training, development, fine-tuning, or improvement of any AI or machine learning models. Data is used solely for real-time inference to generate personalized responses within the chat widget.
The following states have active comprehensive privacy laws that provide their residents with rights to access, correct, delete, and obtain portable copies of personal data, and to opt out of targeted advertising, sale, and profiling: Texas, Oregon, Montana, Utah, Iowa, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Minnesota, Rhode Island, and Kentucky.
To exercise rights under any state privacy law, contact privacy@memoizeai.com. We will respond within the timeframe required by your state’s law (generally 30–45 days, with permitted extensions as applicable). If your request is denied, you may appeal by contacting privacy@memoizeai.com with the subject line “Privacy Rights Appeal.” If the appeal is denied, we will provide you with a mechanism to contact your state’s Attorney General, as required by applicable law.
Minnesota Residents — Additional Profiling Rights: Under the Minnesota Consumer Data Privacy Act, you have the right to question the result of profiling, obtain an explanation of how the profiling was conducted, be informed of the specific personal data inputs used, challenge inaccurate data inputs, and require reevaluation of profiling outcomes if the profiling was based on incorrect data.
New Jersey Residents — Expedited Opt-Out Processing: Under the New Jersey Data Privacy Act, opt-out requests from New Jersey residents will be processed within fifteen (15) days of receipt, rather than the standard 30-45 day timeframe.
Oregon Residents — Specific Third-Party List Right: Under the Oregon Consumer Privacy Act, you have the right to obtain a list of specific third parties (not just categories) to whom your personal data has been disclosed, and the right to request deletion of derived data.
Rhode Island Residents: Rhode Island provides no opportunity to cure violations before enforcement. MEMOIZE AI LLC maintains proactive compliance with Rhode Island Data Transparency and Privacy Protection Act requirements.
MEMOIZE AI LLC does not sell or share personal information as defined under the California Consumer Privacy Act (CCPA/CPRA). Because we do not engage in the sale or sharing of personal information, the Global Privacy Control (GPC) signal does not trigger additional opt-out processing. If our data practices change in the future, we will update this policy and implement GPC signal recognition accordingly.
If MEMOIZE AI LLC receives a data subject request directly from an End User, we will promptly forward the request to the applicable Merchant (as Controller) and will not respond directly unless legally required to do so. MEMOIZE AI LLC shall respond to Merchant data subject request instructions within ten (10) business days of receipt. We process verified deletion instructions from Merchants within thirty (30) days, including purging the requesting End User’s vector embeddings, memory profiles, and chat logs.
When you request deletion of your personal information, we execute a targeted deletion of the associated vector embeddings from our active database. This process ensures the AI system cannot retrieve or “remember” the deleted content in future interactions. While we delete the retrieval data (vectors), this does not constitute “exact machine unlearning” of the underlying AI model weights, as we do not train models on your data. Your specific personal data is removed from the AI’s accessible context window and cannot influence future responses.
In limited circumstances, deletion of specific data may be delayed if a sub-processor is subject to a legal preservation order or litigation hold. MEMOIZE AI LLC will notify the affected Merchant promptly if such a restriction applies and will complete deletion as soon as the legal obligation is lifted. Backup systems will be purged within ninety (90) days following active system deletion. All sub-processors listed in Section 5 will receive and honor deletion requests.
MEMOIZE AI LLC hereby covenants that Merchant Data, End User Memory Data, and any data derived from or aggregated from such data, shall NEVER be used to develop, train, fine-tune, improve, or benchmark any artificial intelligence or machine learning model, including but not limited to Google Gemini or any successor model. Customer data is processed by our AI system solely for the purpose of generating real-time personalized responses within the chat widget for the specific customer and Merchant interaction in which it originates.
All AI inference processing is performed by Google Vertex AI under a data processing agreement that contractually prohibits Google from using Customer Data for any purpose other than providing the inference service.
This covenant applies to all sub-processors engaged by MEMOIZE AI LLC, extends to derived and aggregated data forms, and survives termination of this Privacy Policy and the underlying Terms and Conditions.
As a B2B service, MEMOIZE AI LLC contracts only with business entities (Merchants). We do not knowingly target, market to, or contract with children. However, because our Services process End User data on behalf of Merchants, and because some e-commerce stores may serve consumers of all ages, we require Merchants to warrant in the Terms and Conditions that they will not use the Services to process personal data of children under the age of 13 without verified parental consent as required by the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.
MEMOIZE AI LLC does NOT:
Where MEMOIZE AI LLC becomes aware that a Merchant has caused the Services to process personal data of a child under 13 without proper parental consent, MEMOIZE AI LLC will promptly delete such data and notify the Merchant of the violation. Parents or legal guardians seeking to review, correct, or request deletion of their child’s personal information should contact the Merchant directly, as the Merchant is the Controller for COPPA purposes.
Certain states impose additional protections for minors aged 13-17 that go beyond COPPA’s requirements for children under 13. In particular: Delaware prohibits targeted advertising to consumers under age 18 without consent; Colorado and Montana require data protection assessments for online services directed to minors and prohibit processing minors’ data for targeted advertising, sale, or profiling without consent; and Virginia requires social media platform operators to use commercially reasonable methods to determine if a user is a minor and to limit data processing accordingly. Merchants are responsible for implementing age-appropriate consent mechanisms and processing restrictions where required by applicable state law for consumers aged 13-17.
The MEMOIZE AI LLC Services use AI to generate personalized product recommendations and contextual responses for Shoppers. These recommendations are based on memory data including product interaction data (such as Add to Cart and View Product clicks), browsing preferences, and interaction context. This constitutes automated processing of personal data to build a consumer profile.
The MEMOIZE AI LLC chat widget clearly and conspicuously discloses to all End Users that they are interacting with an artificial intelligence system prior to or at the commencement of the interaction. This disclosure is mandatory, enabled by default, and cannot be disabled by the Merchant. The widget footer displays a disclaimer stating that AI-generated responses are not medical advice, that statements have not been evaluated by the FDA, that products are not intended to diagnose, treat, cure, or prevent any disease, and recommending consultation with a healthcare professional, along with links to MEMOIZE AI LLC’s Privacy Policy and applicable Consumer Health Data Privacy Policy.
The Services are designed for e-commerce product recommendations and are not intended for automated decisions regarding credit, employment, housing, healthcare eligibility, or insurance. However, depending on a Merchant’s specific use case and deployment, certain aspects of the Services may constitute “profiling” or “automated decision-making technology” under applicable law. Merchants are responsible for assessing whether their use of the Services triggers additional ADMT obligations under California ADMT regulations, the Colorado AI Act, or other applicable state law.
Under California’s Automated Decision-Making Technology (ADMT) regulations (effective January 1, 2026), California residents have the right to:
Merchants are responsible for providing this Pre-Use Notice to their California-based Shoppers before enabling MEMOIZE AI LLC memory features.
In addition to California’s ADMT regulations, MEMOIZE AI LLC monitors and maintains compliance with the evolving landscape of U.S. state AI and consumer privacy legislation. As of the effective date of this Privacy Policy, the following twenty (20) states have active comprehensive privacy laws: California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, Delaware, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, Rhode Island, Kentucky, and Washington.
Merchants using the Services must comply with all applicable state AI regulations in the jurisdictions where they operate or serve consumers. Notable state-specific requirements include:
This list is not exhaustive. MEMOIZE AI LLC will update this Privacy Policy as additional state AI and privacy regulations take effect. Merchants are independently responsible for assessing and complying with AI-related regulations applicable to their specific use cases and jurisdictions.
When the chat widget operates in Contact Form Mode (due to exhausted AI message allocation), End Users are clearly informed that they are sending a message to the Merchant’s human customer support team and that they are not interacting with the AI system. Data collected in Contact Form Mode (name, email address, message content) is processed solely for the purpose of routing the inquiry to the Merchant and is not used for AI memory creation, profiling, or personalization.
Shoppers may opt out of AI profiling by contacting the Merchant through which they interact with MEMOIZE AI LLC-powered features. MEMOIZE AI LLC will delete associated memory data upon receiving a valid opt-out instruction from the Merchant.
MEMOIZE AI LLC’s memory widget is designed as a functional e-commerce personalization tool. If a Merchant deploys the widget in a manner that causes End Users to form personal or emotional attachments to the AI (anthropomorphic or relationship-simulating use cases), California SB 243 (effective January 1, 2026) may apply. Where applicable, Merchants are responsible for:
As part of MEMOIZE AI LLC’s commitment to AI transparency, we publish the following system transparency information:
| Field | Details |
|---|---|
| Provider | MEMOIZE AI LLC, 5534 Saint Joe Road, Fort Wayne, IN 46835, USA |
| System Name | MEMOIZE AI LLC Memory-as-a-Service |
| Underlying Models | Google Gemini 2.5 Flash (via Google Vertex AI API); embeddings generated by Google text-embedding-004 |
| Architecture | Retrieval-Augmented Generation (RAG) — the AI model retrieves contextually relevant memory data from vector databases to enhance response relevance |
| Capabilities | Personalized e-commerce product recommendations; contextual customer support responses; long-term shopper preference memory and recall |
| Limitations | The system may hallucinate or generate inaccurate information. Outputs should be verified before being relied upon for health, medical, or financial decisions. Not suitable for high-risk categorization. |
| Training Data | MEMOIZE AI LLC does not train the AI model. Customer and End User data is used solely for context retrieval (RAG) and never used to develop, train, or fine-tune any model. See Section 9 (AI Data Processing Covenant). |
| Human Oversight | AI-generated outputs are recommendations only and are not reviewed by a human before delivery to End Users. Merchants and End Users retain full decision-making authority. Merchants may configure system prompts and product catalogs to shape AI behavior within their stores. |
| AI Governance | MEMOIZE AI LLC maintains an AI governance program including bias testing, output monitoring, and periodic model evaluation to ensure the Services operate within documented parameters. |
MEMOIZE AI LLC is committed to AI transparency and will publish an AI System Card as part of its ongoing governance program.
MEMOIZE AI LLC uses browser local storage and session storage (not cookies) to store session identifiers for session continuity and to associate returning Shoppers with their memory profiles. Session storage is used for guest visitors (cleared when the browser tab closes); local storage is used for logged-in customers (persistent across sessions). These identifiers do not contain personally identifiable information in human-readable form and are used solely for service delivery purposes.
We do not use tracking pixels, cross-site tracking, or third-party advertising cookies. Merchants are responsible for obtaining any necessary consent from their End Users under applicable law before enabling MEMOIZE AI LLC features on their stores.
MEMOIZE AI LLC implements commercially reasonable technical and organizational measures to protect personal data, including:
In the event of a confirmed personal data breach, MEMOIZE AI LLC will notify affected Merchants without undue delay and in no event later than forty-eight (48) hours after confirmed breach discovery, or such shorter period as required by applicable state law.
Merchant breach notifications shall include, to the extent known:
Under the FTC’s Health Breach Notification Rule (16 CFR Part 318) and applicable state breach notification laws, MEMOIZE AI LLC may qualify as a “vendor of personal health records” or “third party service provider.” In the event of a breach involving consumer health data or personal information, MEMOIZE AI LLC will notify affected individuals within thirty (30) calendar days of breach discovery, or such shorter period as required by applicable state law, via email plus at least one additional electronic method (such as in-app notification or electronic banner). This thirty-day baseline satisfies the requirements of California Civil Code § 1798.82 (as amended by SB 446), Colorado C.R.S. § 6-1-716, and other states requiring notification within thirty (30) days. Individual notifications shall include:
For breaches affecting five hundred (500) or more individuals, MEMOIZE AI LLC will notify the Federal Trade Commission contemporaneously with individual notice, as required by the FTC Health Breach Notification Rule (16 CFR Part 318). For breaches affecting fewer than five hundred (500) individuals, MEMOIZE AI LLC will report to the FTC annually within sixty (60) days of calendar year-end. When five hundred (500) or more residents of any single state are affected, MEMOIZE AI LLC will notify prominent media outlets serving that state within thirty (30) calendar days.
Where applicable state law requires notification to the state Attorney General in connection with a personal data breach, MEMOIZE AI LLC will provide such notification within the timeframe required by that state’s law. Notable state AG notification requirements include:
Where a breach triggers state-specific notification requirements with shorter timelines than those listed above, MEMOIZE AI LLC will comply with the most restrictive applicable timeline. MEMOIZE AI LLC shall cooperate with Merchants and take reasonable commercial steps to assist in the investigation, mitigation, and remediation of each such breach.
We will notify Merchants of material changes to this Privacy Policy via email with reasonable advance notice before the changes take effect. The “Last Updated” date at the top of this document reflects the date of the most recent revision. Continued use of the Services after the effective date of changes constitutes acceptance of the updated Privacy Policy.
| Field | Details |
|---|---|
| Company | MEMOIZE AI LLC |
| Privacy Team Email | privacy@memoizeai.com |
| Legal Email | legal@memoizeai.com |
| Support Email | support@memoizeai.com |
| Mailing Address | c/o Northwest Registered Agent LLC, 5534 Saint Joe Road, Fort Wayne, IN 46835, USA |
We will respond to all verified requests within the timeframe required by applicable state law: forty-five (45) days for California (CCPA/CPRA) with one permitted forty-five (45) day extension; forty-five (45) days for Indiana (CDPA); forty-five (45) days for Virginia (VCDPA) with one permitted forty-five (45) day extension; forty-five (45) days for Kentucky; and the applicable statutory period for all other states. Where multiple state laws apply, MEMOIZE AI LLC will respond within the shortest applicable deadline.
This Privacy Policy is governed by and construed in accordance with the laws of the State of Indiana, without regard to its conflict of law provisions. Any dispute arising out of or related to this Privacy Policy shall be resolved in accordance with the dispute resolution provisions set forth in the Terms and Conditions.
End User Disputes: End Users who are not parties to the Terms and Conditions may submit privacy-related complaints to privacy@memoizeai.com. MEMOIZE AI LLC will respond within thirty (30) days. If the complaint is not resolved to the End User’s satisfaction, the End User may contact their state’s Attorney General or applicable regulatory authority.