Privacy Policy

Last updated March 6, 2026

Introduction

This Privacy Policy describes how Rememberr Holdings Pte. Ltd. (“Company,” “we,” “us,” “our”) collects, uses, and shares information in connection with your use of our website (https://www.rememberr.ai) and services (collectively, the “Services”).

We are bound by the Singapore Personal Data Protection Act 2012 (PDPA) and, where applicable to users in the European Economic Area or United Kingdom, the EU General Data Protection Regulation (GDPR) and UK GDPR. We respect your privacy and are committed to protecting the personal data you share with us. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

1. What Rememberr does

Rememberr connects to your workplace tools - including Slack, Gmail, Google Calendar, and Google Meet - to detect commitments made in conversation. We identify follow-ups, introductions, deadlines, and promises so nothing falls through the cracks. We then deliver reminders through your preferred channels (Slack DM, email, SMS, or calendar events).

2. Information we collect

Information you provide to us

Account information: name, email address, phone number, and location when you register for the Services.
Payment information: billing address and payment card details, which are processed by our third-party payment processor and not stored on our servers.
Communication preferences: your chosen reminder delivery channels and notification settings.
Contact information submitted through forms on our website, including name, email address, phone number, and location.

Information we access from connected tools

Messages and conversations from Slack (channels and DMs you grant access to).
Email content and metadata from Gmail.
Calendar events and meeting details from Google Calendar.
Meeting transcripts and participant information from Google Meet.

We access all connected tools in read-only mode. We never send, edit, delete, or modify any messages, emails, calendar events, or other content within your connected tools.

Information collected automatically

Device and browser information: IP address, browser type, operating system, device identifiers, and approximate location derived from your IP address.
Usage and behavioural data: pages visited, features used, actions taken, clicks, scroll depth, session duration, and navigation paths within the Services.
Referral information: how you arrived at our website, including referring URLs and marketing campaign identifiers.
Cookies and similar technologies: we use cookies and analytics tools to maintain your session, remember your preferences, and understand how the Services are used.

3. How we process your data

Message content from connected tools is processed through our obligation detection engine, which uses third-party AI providers including Anthropic (Claude) and OpenAI to analyse conversation context and extract commitments. Data sent to these providers is processed under their data processing agreements and is not used to train their models.

After processing, message content is discarded. We do not store conversation text, email bodies, attachments, or metadata beyond what is necessary to describe the detected commitment.

What we store is limited to extracted commitments: who committed, to whom, what was promised, the associated deadline (if any), and the source context (e.g. “Slack #product-standup”).

Legal bases for processing (GDPR users)

Where the GDPR applies, we rely on the following legal bases:

Purpose	Legal Basis
Providing the Services	Performance of a contract (Art. 6(1)(b))
Processing payments	Performance of a contract (Art. 6(1)(b))
Service communications and security alerts	Legitimate interests (Art. 6(1)(f))
Analytics and service improvement	Legitimate interests (Art. 6(1)(f))
Marketing communications	Consent (Art. 6(1)(a))
Legal compliance	Legal obligation (Art. 6(1)(c))

4. How we use your information

We use the information we collect to:

Provide, operate, and maintain the Services, including detecting commitments and delivering reminders.
Process transactions and manage your account.
Communicate with you about the Services, including service updates, security alerts, and support messages.
Improve and develop the Services, including analysing usage patterns and diagnosing technical issues.
Comply with legal obligations, resolve disputes, and enforce our agreements.

5. How we share your information

We do not sell your personal data. We do not share your information with third parties for their marketing purposes. We may share information in the following limited circumstances:

AI providers: We send message content to third-party AI providers (currently Anthropic and OpenAI) for the purpose of obligation detection. This data is processed under their enterprise data processing agreements and is not used for model training.
Service providers: We share information with third-party vendors who perform services on our behalf, such as SMS delivery, email delivery, payment processing, and cloud hosting. These providers are contractually obligated to use your information only to provide the services we request.
Legal requirements: We may disclose information if required to do so by law, or in response to valid requests by public authorities (e.g. a court or government agency).
Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
With your consent: We may share your information for any other purpose with your explicit consent.

6. AI and model training

Rememberr uses third-party language models (including those provided by Anthropic and OpenAI) to understand conversation context and detect commitments. Your messages, conversations, and extracted commitments are never used to train our models or any third-party models. All AI providers we use are contracted under agreements that prohibit the use of your data for model training.

7. Data retention

We retain your account information and extracted commitments for as long as your account is active or as needed to provide the Services. Message content from connected tools is processed in real-time and not retained.

When you delete your account, all stored commitments and account data are permanently deleted within 30 days. Backups containing your data are purged within 90 days.

8. International data transfers

The Services are hosted in the European Union. Some of our service providers (such as cloud hosting and AI model providers) may process data in other countries, including the United States and the European Economic Area.

For Singapore users: Before transferring personal data overseas, we take reasonable steps to ensure that recipients provide a standard of protection comparable to that under the PDPA, in accordance with the PDPA's transfer limitation obligation and the Singapore Standard Contractual Clauses (SSCCs) where appropriate.

For EEA/UK users (GDPR): Where personal data is transferred outside the EEA or UK, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms as required under Chapter V of the GDPR.

9. Data security

We implement appropriate technical and organisational security measures to protect your information, including:

Encryption of data in transit (TLS 1.2+) and at rest.
Role-based access controls limiting employee access to personal data.
Regular security reviews and vulnerability assessments.

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

In the event of a personal data breach, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the PDPA's Mandatory Data Breach Notification obligation (where the breach is notifiable). GDPR users will be notified in accordance with Article 33 and Article 34 of the GDPR.

10. Your rights

Singapore users (PDPA)

Under the PDPA, you have the right to:

Access: Request access to personal data we hold about you.
Correction: Request correction of inaccurate or incomplete personal data.
Withdrawal of consent: Withdraw consent to our collection, use, or disclosure of your personal data at any time (subject to legal or contractual restrictions), with reasonable notice.
Data portability: Request the transfer of data you provided to us, in a commonly used machine-readable format, to another organisation where technically feasible.

EEA and UK users (GDPR)

In addition to the above, if the GDPR applies to you, you also have the right to:

Erasure: Request deletion of your personal data (“right to be forgotten”) where there is no compelling reason for its continued processing.
Restriction: Request that we restrict processing of your personal data in certain circumstances.
Objection: Object to processing based on legitimate interests or for direct marketing purposes.
Automated decision-making: Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise any of these rights, please contact us through the contact form on our website. We will respond to your request within 30 days (PDPA) or one month (GDPR), extendable by a further two months where requests are complex or numerous.

If you are not satisfied with our response:

Singapore users may lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.
EEA users may lodge a complaint with their local supervisory authority.
UK users may contact the Information Commissioner's Office (ICO) at www.ico.org.uk.

11. Cookies

We use essential cookies to maintain your session and remember your preferences. We may also use analytics cookies to understand how the Services are used. You can control cookie settings through your browser preferences. Where required by applicable law, we will obtain your consent before setting non-essential cookies.

12. Children's privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Services. The “Last updated” date at the top of this Privacy Policy indicates when it was last revised. Your continued use of the Services after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through the contact form on our website.

Rememberr Holdings Pte. Ltd., Singapore.

For GDPR purposes, Rememberr Holdings Pte. Ltd. acts as the data controller in respect of personal data collected through the Services.