Privacy Policy for MemoLib

Last updated: January 13, 2026

1. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

2. Overview – What does MemoLib do?

MemoLib is an application that transforms various content sources into audio playlists for learning by listening.

Users can upload files (PDFs, photos, audio files), link YouTube videos, and MemoLib automatically converts this content into high-quality audio playlists optimized for auditory learning.

The goal of MemoLib is to make learning accessible anytime, anywhere – whether commuting, exercising, or relaxing.

3. Data We Process

3.1 Account and Authentication Data

To use MemoLib, users must create an account. Authentication is handled via Supabase, which provides:

• Email authentication
• Social login options (e.g., Google, Apple)

During this process, the following personal data may be processed:

• Email address
• Public profile information (if provided by social login providers)
• A unique user ID

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

3.2 User-Uploaded Content

When using MemoLib, you can upload various types of content:

• PDF documents
• Photos and images
• Audio files
• YouTube video links

This content is processed to extract text, transcribe audio, and generate audio playlists. All uploaded files are stored securely in Supabase Storage.

Legal basis: Art. 6(1)(b) GDPR

3.3 Generated Audio Playlists

MemoLib creates audio playlists based on your uploaded content. These playlists are stored in your account and can be accessed, modified, or deleted at any time.

3.4 Technical and Usage Data

To ensure security, stability, and proper functioning of the app, we may process technical data such as:

• IP address (shortened or anonymized where possible)
• Device and browser information
• Access timestamps
• Error and log data

Legal basis: Art. 6(1)(f) GDPR
(Legitimate interest in maintaining security and functionality)

4. AI-Based Processing

MemoLib uses artificial intelligence and text-to-speech technology to:

• Extract text from documents and images (OCR)
• Transcribe audio and video content
• Generate natural-sounding audio playlists
• Optimize content for auditory learning

There is no automated decision-making with legal or similarly significant effects within the meaning of Art. 22 GDPR.

5. Hosting and Third-Party Services

5.1 Supabase (Authentication, Database & Storage)

All application data is hosted and processed using Supabase:

• Authentication: User login and account management
• Database: PostgreSQL database hosted in Frankfurt, Germany
• Storage: Secure file storage for uploaded content

Supabase processes data solely on our behalf and in accordance with applicable data protection laws. A corresponding data processing agreement (DPA) is in place.

5.2 YouTube Integration

When you link YouTube videos, MemoLib accesses publicly available video content through YouTube's API. We do not store YouTube videos themselves, only references (URLs) and extracted transcripts.

6. Data Location

Your data is stored in the European Union (Frankfurt, Germany) through Supabase's infrastructure. This ensures compliance with EU data protection standards.

7. Data Sharing

Personal data is not shared with third parties, except where:

• it is necessary to provide the service (e.g., Supabase hosting)
• we are legally required to do so
• you have given explicit consent

No data is sold or shared for advertising purposes.

8. Data Retention

We store personal data only for as long as:

• your user account exists, or
• it is necessary to fulfill contractual obligations, or
• legal retention requirements apply

You can delete your uploaded files and playlists at any time. After account deletion, all associated data is deleted within a reasonable period.

9. Your Rights

Under the GDPR, you have the right to:

• Access your personal data (Art. 15 GDPR)
• Rectify inaccurate data (Art. 16 GDPR)
• Request deletion of your data (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)

You can exercise your rights at any time by contacting:

📧 LeonardoGranetto@gmail.com

10. Withdrawal of Consent

If data processing is based on your consent, you may withdraw that consent at any time with effect for the future.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legal requirements, functionality, or technology. The latest version will always be available within the app and/or on the website.

12. Contact

If you have any questions regarding data protection, please contact: