Privacy Policy

Memory Lane is built for caregivers in a vulnerable moment. We treat your data the way we'd want our own family's data treated. We collect only what we need to make Memory Lane work for you, we don't sell it, we don't share it with advertisers, and we don't use it to train outside AI models.

You can ask us to show, export, or delete your data at any time by emailing hello@memorylanecare.net. We'll respond within 30 days.

Memory Lane is not a HIPAA-covered entity, and what you enter here is not Protected Health Information (PHI) in the legal sense. HIPAA only applies to healthcare providers, health plans, and the "business associates" they contract with. Memory Lane is a self-service caregiver tool — we are not your loved one's clinic, hospice, or insurance company, and we are not under contract with any of them.

Your data here is protected by this Privacy Policy and the U.S. privacy laws that apply to ordinary consumer services (including CCPA-style rights in some states), but it is not protected by HIPAA. If you want a record that is legally treated as PHI, keep it in your loved one's hospital or clinic patient portal — not in Memory Lane.

Please do not enter your loved one's social security number, full insurance ID, or full credit card number into Memory Lane. We don't need them and we don't want to store them.

• Account info — your name, email, password (stored hashed with bcrypt), the relationship you described at signup, and your "biggest challenge" note.
• Intake answers — relationship, living situation, FAST stage, top concerns, safety priorities, family support level, burnout score, hours per week.
• Caregiving content you create — patient profile (medications, doctors, allergies, etc.), behavior logs (incidents, triggers, what helped), appointment notes, drafted messages, Lane chat history.
• Usage signals — login timestamps, IP, user agent, which sections you visited, when you completed the tour, when you marked items done on your roadmap.
• Feedback — anything you submit through the Feedback page.

• We do not ask for your loved one's social security number, full date of birth (we only ask for year), or insurance ID. If you choose to add those to the patient profile, they stay encrypted at rest in our database — but we recommend you leave them out.
• We do not track you across the web. There are no third-party ad pixels or analytics cookies.

• To personalize Memory Lane. Your intake is what gives Lane (and your roadmap) context. Without it, you'd get generic advice.
• To make Lane remember what worked. Behavior logs with "what helped" notes feed Lane's memory so it can bring back your wins next time.
• To improve the product. We look at aggregated, anonymized usage patterns (e.g., "X% of caregivers in middle stage skip the appointment-prep tool") to decide what to build next. We do not look at individual users' data unless you explicitly write to us and ask us to.
• To keep you safe. Login IPs and user agents help us detect suspicious access.

• You. Always.
• A very small founding team. Only when necessary for operations, debugging, or support — and only on the encrypted database, never copied out to other systems.
• Our infrastructure partners. The data lives on cloud infrastructure (MongoDB Atlas for storage, Emergent / Cloudflare for hosting). They process data on our behalf under their own enterprise security agreements but do not have any independent rights to your content.
• The AI provider (OpenAI, via our Emergent integrations key) sees only the messages you send to Lane plus a short context block built from your intake at the moment of each chat. They are contractually prohibited from training on this data.

We do not share your data with advertisers, data brokers, employers, insurers, or family members. If a court ever issued a lawful subpoena, we would notify you (where legally permitted) before responding.

For as long as your account is active. If you delete your account, we delete everything within 30 days, except where we're required to retain certain records for fraud or legal compliance (e.g., audit logs for security investigations — these never include your caregiving content).

You can, at any time:

• Ask us to show you everything we have about you.
• Ask us to export it in a portable format (JSON or PDF — your choice).
• Ask us to correct anything that is wrong.
• Ask us to delete your account and all associated data.
• Ask us to stop using your data for product improvement (we'll exclude your account from analytics queries).

Email hello@memorylanecare.net. We respond within 30 days. If you're in California, the EU/EEA, or the UK, you have additional statutory rights — we honor them globally even where not required.

Memory Lane is for caregivers age 18+. We don't knowingly collect data from children. If you believe a child has signed up, write us and we'll delete the account.

Passwords are hashed with bcrypt. Data in transit is TLS-encrypted. Data at rest in MongoDB is encrypted at the storage layer. Only a small team has database access, and access is logged.

No system is perfectly secure. If we ever experience a breach affecting your data, we will email you within 72 hours of confirming it, tell you what happened, and explain what we're doing about it.

If we materially change this policy, we'll show a notice in the app and email approved users. Continued use after the change means you accept the updated policy.

hello@memorylanecare.net