Privacy Policy

Effective Date: November 10, 2025

This privacy policy applies to the Memorize - Memory Training mobile application (hereinafter referred to as "the Application") developed by Guillaume Kervran (hereinafter referred to as "the Developer" or "we") as a freemium service. This application is provided "AS IS".

Where to find this policy

In the app: Profile > Settings > Privacy Policy
Online: Link to the page
On stores: Link in the app description (Google Play / Apple App Store)

1. Information We Collect

1.1 Information You Provide

When you create an account on Memorize, we collect the following information:

Email address (required for authentication)
First and last name (optional)
Display name/username (for your public profile)
User preferences (app settings)

1.2 Information Collected Automatically

1.2.1 Performance and Training Data

Memorize is a competitive speed memory training application. We automatically collect:

Scores and performances: your results for each training session
Memorization speed: time required to memorize information sequences
Rankings and statistics: your position in rankings by discipline
Best scores: your personal records per game mode

⚠️ Important: This performance data is used to create public leaderboards and may be visible to other app users (see section 1.6).

1.2.2 Usage Data

Game sessions: dates, times, and duration of use
Rounds completed: history of your training sessions

1.2.3 Subscription Data

Premium status: active subscriber or free user
Subscription history: start dates, renewal, cancellation
Subscription type: monthly or annual

1.3 Technical Identifiers

To ensure the proper functioning of the Application and manage your subscriptions, we collect only strictly necessary technical identifiers:

IDFV (Identifier for Vendors on iOS): Used for technical account management and purchase restoration.
Android ID (on Android): Used to identify your installation in order to secure access to your premium content.
Installation ID: Internal technical identifier for data synchronization.

These identifiers allow us to link your purchases to your account, prevent fraud, and ensure the security of your data. We do not collect advertising identifiers (IDFA).

1.4 Permissions Requested by the Application

To function properly, Memorize requests the following permissions on your device:

Required permissions:

Stockage: to save your game data in offline mode
Internet: to sync your scores and connect to your account

Permissions we NEVER request:

❌ Location / GPS
❌ Camera
❌ Microphone
❌ Contacts
❌ Photos / Gallery
❌ SMS / Phone calls

1.5 Location

The Application does not collect precise geolocation data.

1.6 Public Data Visible to Other Users

⚠️ Public data: Some of your information is public and visible to other Memorize users.

Always publicly visible:

Your display name/username
Your best scores by discipline
Your position in general and discipline rankings
Your performance statistics (records)

Visible to friends only: Your recent progress, training sessions, score improvement notifications.

Not publicly visible: Your email address, first/last name (if different from username), detailed error statistics, payment history.

2. How We Use Your Information

We use the collected information to:

Provide the service: create and manage your account, save your progress
Personalize your experience: adapt training content to your level
Create leaderboards: generate public rankings based on performances
Subscription management: process your payments and manage your premium status
Improve the Application: analyze usage to optimize features
Ensure security: detect and prevent fraud, abuse, and violations of our terms of service
Communication: send you important information about your account and the Application
Technical support: resolve your issues and answer your questions
Marketing (with your consent): inform you of new features, promotional offers, and content

We never sell your personal data to third parties.

3. Sharing Your Information with Third Parties

We only share your information with the following service providers, which are necessary for the operation of the Application:

3.1 Infrastructure Services

Supabase (hosting and authentication)

Data stored in France (region eu-west-3, Paris, via AWS)
Shared data: email, login credentials, profile data, training statistics
Supabase Privacy Policy

3.2 Payment Services

RevenueCat (subscription management)

Location: United States
Shared data: email, anonymized User ID, subscription status
RevenueCat Privacy Policy

Payment Platforms

Google Play Store (Android) and Apple App Store (iOS) process payments directly
We never receive your payment information (credit card, banking details)
These platforms apply their own privacy policies

3.3 Communication Services (future)

We plan to use emailing services for transactional and marketing communications (with your consent). You will be informed and can unsubscribe at any time.

3.4 Legal Disclosure

We may disclose your information if required by law, legal proceedings, government requests, or to protect our rights and safety.

4. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

Right of Access: Request a copy of all personal data we hold about you.
Right of Rectification: Correct your personal information directly in the App settings.
Right to Erasure: Request deletion of your account (see below).
Right to Data Portability: Receive your data in JSON or CSV format.
Right to Object and Restriction.

Right to Erasure ("right to be forgotten")

How to delete your account:

In the Application: From the homepage of the application, while being connected > Profile > Manage my profile > Delete my account
By email: Contact us at guillaumekervran@gmail.com

When you delete your account, we delete all your personal data, scores, history, and credentials.

⚠️ Warning: Deletion is irreversible and effective within 30 days maximum. During this period, your account is deactivated but can still be restored upon request.

⚠️ Important regarding active subscriptions: Deleting your account does NOT automatically cancel your subscription. You must cancel it separately through your App Store or Google Play Store settings, otherwise you will continue to be charged.

5. Data Retention

Active account data: retained as long as your account is active.
Data after account deletion: deleted within 30 days.
Billing data: retained 10 years (French accounting laws).
Security logs: retained 12 months for fraud detection.

6. Data Security

Encryption: In transit (HTTPS/TLS 1.3) and at rest (AES-256).
Authentication: Secure password management via Supabase Auth (bcrypt).
Infrastructure: Secure hosting (Supabase/AWS).
Breach Notification: We will inform you within 72 hours in case of a breach affecting your data.

7. Age Requirements and Protection of Minors

Our Service is not intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13.
If you are a parent and discover that your child has provided us with personal data, please contact us immediately for deletion.
Users between 13 and 16 years of age in the EU must obtain parental consent before using the Service.

8. International Data Transfers

8.1 Data Localization

Primary Storage
Your personal data is stored on servers located in France (Paris region - eu-west-3) via the Supabase/AWS infrastructure.

Limited Transfers to the United States
Only specific subscription-related data is transferred to the United States:

RevenueCat: email, anonymized user ID, subscription status, subscription history
This data is necessary to manage your subscriptions and process payments via Apple and Google

8.2 Protection Guarantees

These transfers to the United States are governed by the following protection mechanisms:

Standard Contractual Clauses (SCCs)

We use Standard Contractual Clauses approved by the European Commission
These clauses guarantee a level of protection equivalent to the European GDPR

Security Certifications

Our service providers comply with international standards: SOC 2 Type II, ISO 27001
AWS (Supabase infrastructure): ISO 27001, SOC 1/2/3 certifications, GDPR compliance

Data Privacy Framework (DPF)

RevenueCat participates in the EU-US Data Privacy Framework, offering additional guarantees for EU-US transfers
Verify DPF certification

8.3 Data Minimization

We minimize international transfers to the maximum extent possible:

95% of your data remains in France (all your training data, statistics, profile)
Only data strictly necessary for subscriptions is transferred

8.4 Your Rights

You retain all your GDPR rights regarding your data, including data transferred outside the EU:

Right to access, rectification, deletion
Right to object to international transfers (may limit certain features)
Right to lodge a complaint with the competent data protection authority (CNIL)

For any questions, contact us: guillaumekervran@gmail.com

9. Managing Your Subscription

Memorize offers two premium subscription plans:

Monthly subscription.
Annual subscription.

Prices are displayed within the application and on the respective stores (Google Play Store / Apple App Store) in your local currency.

Canceling Your Subscription

Android: Google Play Store > Subscriptions > Memorize > Cancel
iOS: Settings > [Your name] > Subscriptions > Memorize > Cancel

Refund Policy: 14-day EU right of withdrawal (if service unused). Contact us at guillaumekervran@gmail.com.

10. Local Storage and Tracking Technologies

10.1 Storage on Your Device

The Application stores certain data directly on your device to enhance your experience:

Authentication Token: stored securely (Keychain on iOS, Keystore on Android) to maintain your logged-in session
User Preferences: language, theme, training settings
Temporary Cache: recent training results for offline viewing (automatically cleared after 7 days)

This data remains on your device and is only synchronized with our servers when necessary.

10.2 No Advertising Tracking

The Application does not contain any advertising tracking technology:

No web cookies
No cross-app tracking
No behavioral profiling
No third-party advertising

10.3 Management of Local Data

You can clear locally stored data at any time:

Logging out: clears the authentication token
Deleting the Application: permanently clears all local data

11. Communications

With your consent, we may send you informative emails regarding:

New features of Memorize
Tips on memorization techniques
Competitions and community challenges

You can unsubscribe at any time via the link in each email or in the Application settings.

We do not send any third-party advertising.

12. Changes to This Policy

We may update this policy. Significant changes will be notified via the App or email. Continued use constitutes acceptance.

13. Legal Basis for Processing (GDPR)

Data Type	Legal Basis
Account and authentication	Contract performance
Scores and performances	Contract performance
Subscription and payments	Contract performance
Billing data	Legal obligation
Security and fraud	Legitimate interest

14. Contact and Complaints

Guillaume Kervran
Email: guillaumekervran@gmail.com
Country: France

You have the right to file a complaint with the CNIL (https://www.cnil.fr/).

15. Consent

By using the Memorize Application, you consent to the processing of your information as described in this Privacy Policy.

16. Key Points Summary

Global accessibility: Accessible worldwide, US hosting with GDPR safeguards.
Security: Strong encryption, no data selling.
Public data: Username and scores are public.
Subscriptions: Managed via Stores, cancel anytime.
Permissions: Storage and Internet only.

17. Data Safety Compliance Statement

This policy corresponds to declarations made in Google Play Data Safety form and Apple's App Privacy Report. Updates to practices will be reflected here and in stores within 30 days.