Privacy Policy

Effective date: May 3, 2026

This Privacy Policy explains how MemoriPress ("MemoriPress," "we," "us," or "our") collects, uses, and shares personal information when you visit memoripress.com (the "Site") or use our photo book service (together, the "Service"). It applies to visitors, registered users, and customers in the United States.

If you have questions, email privacy@memoripress.com or support@memoripress.com.

1. Scope

This policy covers the personal information we handle through the Service. It does not cover the practices of third parties we link to or integrate with — including our payment processor, print fulfillment partner, transactional email provider, object storage provider, and hosting provider — each of which has its own privacy policy. Where relevant, we name these providers and link to their policies in Section 4.

2. Personal Information We Collect

Information you give us

• Account information. Your name, display name, username, email address, and password. Passwords are hashed using bcrypt and we never store the plaintext password.
• User content. The photos you upload, including any embedded EXIF metadata (which can include camera details and, if your camera was set to record it, capture date and GPS coordinates). We also store the book layouts, captions, and text you create using the Service.
• Order information. When you place an order, we collect the shipping address you enter and we keep a record of your order history (items, quantities, prices, and status).
• Communications. If you email us at our support address, we keep that correspondence so we can answer you and follow up.

Information collected automatically

• Server logs. Our hosting provider records standard request data, including the IP address making each request and the browser User-Agent string. We use these logs for security, fraud prevention, and debugging.
• Session cookie. When you log in, we set a single session cookie so the site can recognize you across pages. See Section 5 for details.

Information we do not collect

• Payment card numbers. Card numbers are entered directly into Stripe's hosted checkout. We never see, transmit, or store full card numbers, CVCs, or expiration dates. Stripe returns to us only a transaction ID, the last four digits of the card, the card brand, and the billing ZIP, which we keep with the order record.
• Analytics or advertising data. We do not run third-party analytics, advertising pixels, or behavioral tracking.

3. How We Use Personal Information

We use the personal information we collect to:

• Provide the Service. Authenticate you, store your photos and layouts, assemble book layouts, and generate the print-ready PDF that gets sent to the printer.
• Process payments through Stripe.
• Fulfill and ship your order. Your shipping address and order details are sent to RPI Print, our print and fulfillment partner, so they can print your book and ship it to you.
• Communicate with you by transactional email (sent through Resend): account confirmation, password reset, order confirmations, shipping notifications, and replies to your support requests.
• Maintain security and prevent abuse. Detect and respond to fraud, abuse, account takeover attempts, and violations of our Terms of Service.
• Comply with legal obligations and respond to lawful requests.
• Improve the Service by reviewing aggregated, non-identifying usage patterns. We do not currently run third-party analytics or advertising trackers.

We do not use your photos or book content to train machine-learning models, and we do not sell or rent your personal information to anyone.

4. How We Disclose Personal Information

We share personal information only with the service providers we need to run the business, and only with what they need to do their job. Each of the following processes data on our behalf under their own terms:

• Stripe — payment processing. Stripe receives the information you submit to its checkout (card details, billing address) and we receive a transaction record from Stripe. See Stripe's Privacy Policy.
• RPI Print — printing and shipping. We send RPI the contents of your book (PDF), your shipping address, and order metadata so they can print and deliver it. See rpiprint.com and their privacy policy.
• Resend — transactional email delivery. Resend processes the emails we send you (recipient address and message content). See Resend's Privacy Policy.
• Tigris — object storage. Your uploaded photos and generated PDFs are stored in encrypted object storage operated by Tigris. See Tigris's Privacy Policy.
• Fly.io — application hosting. Our application servers and request logs run on Fly.io. See Fly.io's Privacy Policy.

We may also disclose personal information:

• To comply with the law, for example to respond to a subpoena, court order, or other valid legal process, or to cooperate with law enforcement when we are required to.
• To protect our rights, property, or safety, or those of our users or the public, including to detect or prevent fraud or abuse.
• In connection with a business transfer, such as a merger, acquisition, financing, or sale of assets. If that happens, we will require the recipient to honor this Privacy Policy and we will notify you before your information becomes subject to a different policy.

5. Cookies and Tracking

We use exactly one cookie: a strictly-necessary session cookie that keeps you logged in. It is set with the HttpOnly, Secure, and SameSite=Lax flags. We do not use it for analytics, advertising, profiling, or anything other than authenticating your session.

We do not use third-party analytics cookies, advertising pixels, social-media trackers, or any other non-essential tracking technology. Because we set no non-strictly-necessary cookies, we do not display a cookie consent banner.

If your browser sends a Do Not Track or Global Privacy Control signal, there is nothing for us to opt you out of — we are not selling or sharing your data for advertising in the first place.

6. Data Retention

• Active account data. While your account is active, we keep your account information, photos, layouts, and order history so you can continue to use the Service.
• Backups. We keep a rolling 7 days of system backups. Deleted data is purged from backups within that window.
• After a deletion request. Once you ask us to delete your account, we delete the account, photos, layouts, and personal information from our active systems, and from backups, within 30 days.
• Order and payment records. We may retain a minimal record of completed orders (order ID, date, amount, last four digits of the card, transaction ID) for as long as needed for tax, accounting, refund, and chargeback purposes.
• Service-provider retention. Stripe, RPI Print, Resend, Tigris, and Fly.io retain data they have processed according to their own policies, which we link to in Section 4.

7. Data Security

We use industry-standard safeguards to protect personal information:

• All traffic between your browser and our servers is encrypted in transit using TLS.
• Photos and PDFs are stored with server-side encryption (AES-256) at rest.
• Passwords are hashed using bcrypt; we never store plaintext passwords and we cannot tell you what your password is.
• Access to production systems is limited and authenticated.

No system can be guaranteed completely secure. If we discover a breach that affects your personal information, we will notify affected users and applicable regulators as required by law.

8. Your Privacy Rights

Regardless of where you live in the United States, you have the following rights with respect to the personal information we hold about you:

• Access. You can review your account information, photos, and order history at any time at /account.
• Correction. You can edit your name, email, password, and uploaded photos at /account.
• Deletion. Email privacy@memoripress.com or support@memoripress.com from your account email address and ask us to delete your account. We process deletion requests within 30 days. Once deletion is complete, we cannot recover your photos, books, or account.
• Marketing opt-out. We currently send only transactional email — account confirmations, password resets, and order updates — that you cannot opt out of while you have an active account. If we ever start sending marketing email, every message will include an unsubscribe link.

We will respond to verifiable requests within the timeframes required by applicable law (and within 30 days as a default).

9. California Privacy Rights

This section applies to California residents and supplements the rest of this Privacy Policy. It is provided to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA").

Categories of personal information we collect

In the past twelve months, we have collected the following CCPA-defined categories of personal information:

• Category A — Identifiers. Name, email address, username, IP address, account ID.
• Category B — Customer records. Shipping address, order history, the last four digits of payment cards (received from Stripe).
• Category F — Internet or other electronic network activity. Server log data such as IP address, browser User-Agent, and request timestamps; the contents of your session cookie.

The sources, purposes, and recipients of this information are described in Sections 2, 3, and 4 above.

Sale and sharing of personal information

We do not sell personal information for money or other valuable consideration, and we do not share personal information for cross-context behavioral advertising. Because we do not "sell" or "share" personal information as those terms are defined under the CCPA, there is nothing to opt out of.

We do not knowingly collect or sell the personal information of California residents under the age of 16.

Your CCPA rights

• Right to know. You can request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
• Right to delete. You can request that we delete the personal information we hold about you, subject to certain exceptions (for example, completing a transaction or complying with a legal obligation).
• Right to correct. You can request that we correct inaccurate personal information we hold about you.
• Right to non-discrimination. We will not deny you service, charge you a different price, or provide you a different level of service because you exercised any of these rights.

To exercise any of these rights, email privacy@memoripress.com from the email address on your account. We will verify your identity by confirming the request from your account email and may ask for additional information if needed. You may designate an authorized agent to make a request on your behalf; we will require written proof of authorization.

Shine the Light

California Civil Code Section 1798.83 ("Shine the Light") permits California residents to ask companies for a list of the personal information they have shared with third parties for those parties' own direct-marketing purposes. We do not share personal information with third parties for their direct-marketing purposes, so this requirement does not apply to us.

10. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we delete it promptly. If you believe a child under 13 has provided us personal information, email privacy@memoripress.com and we will investigate and delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" at the top of this page. If we make material changes, we will notify you by email or by a notice on the Site before the change takes effect. Your continued use of the Service after a change becomes effective is your acceptance of the updated policy.

12. Contact Us

For privacy questions, requests, or complaints:

• Email: privacy@memoripress.com
• General support: support@memoripress.com