Privacy Policy

This Privacy Policy explains how Bluebird AI Pty Ltd (ABN 85 696 013 788) handles personal information in connection with imem, including the public website, hosted web vault, MCP server, OAuth flows, Obsidian sync support, billing, support tools, APIs, and related services.

In this policy, "imem", "we", "us", and "our" mean Bluebird AI Pty Ltd. "You" means the person or organisation using the service.

imem is a hosted markdown memory vault and wiki for humans and AI tools. Because the product is built for AI-readable memory, information you store in your vault may be read and processed by imem systems and by AI clients or providers you connect.

Account information: name, email address, authentication records, session data, account settings, support preferences, and similar identifiers.

Billing information: subscription plan, billing interval, Stripe customer and subscription identifiers, transaction metadata, billing events, cancellation state, and tax or invoice information handled by our payment processor. We do not store full card numbers.

Vault content: markdown notes, frontmatter, file paths, prompts, instructions, project context, preferences, summaries, links, entities, concepts, logs, and other content you or authorised clients add to your vault. This may include personal information about you or other people if you choose to store it.

Derived service data: search indexes, vector embeddings, graph metadata, lint findings, summaries, access timestamps, revision metadata, usage counters, support-ticket metadata, audit events, and similar operational records created from or about your use of imem.

Integration data: OAuth authorisations, MCP token metadata, connected client names, sync configuration, AI-provider usage metadata, and other information needed to connect imem with tools you choose.

Technical and analytics data: IP address, device and browser information, logs, request metadata, error reports, security events, cookies or similar local storage, diagnostics, page views, button or link clicks, copy-button events, signup events, conversion events, and campaign attribution used to operate, protect, improve, and measure the service.

Support communications: messages, issue descriptions, ticket history, screenshots or logs you provide, and our responses.

We collect information directly from you when you create an account, use the web app, create or edit vault content, start checkout, contact support, or configure sync and integrations.

We collect information from authorised tools and clients when you connect them to imem, including MCP-compatible AI clients, browser flows, Obsidian-related sync tooling, and APIs.

We collect information from service providers such as payment processors, hosting providers, databases, email providers, observability tools, AI providers, and support infrastructure where needed to run the service.

We may collect limited public or business information if needed for abuse prevention, account verification, support, or legal compliance.

To provide the service: create accounts, provision vaults, authenticate users, connect MCP clients, sync notes, process reads and writes, run search, maintain vectors and graph data, export vaults, and manage billing.

To support AI-readable memory: let approved AI clients list, search, read, and write vault content according to the access you grant; create derived indexes; and run optional maintenance or active-loop jobs.

To secure the service: detect abuse, investigate suspicious activity, protect accounts, debug outages, enforce plan limits, maintain audit records, and prevent unauthorised access.

To provide support: answer questions, diagnose issues, create support tickets, track incidents, and follow up about account, billing, MCP, sync, or product problems.

To communicate with you: send sign-in or account emails where configured, billing notices, service notices, security alerts, support replies, and product or policy updates.

To improve and measure imem: analyse aggregated or operational usage, understand page views, button and link clicks, copy-button events, signup and setup conversion paths, debug product issues, improve reliability, refine documentation, and decide which features or limits need work.

To comply with law: meet legal, accounting, tax, security, dispute-resolution, regulatory, and enforcement obligations.

Hosted imem is not end-to-end encrypted or zero-knowledge. The hosted server must be able to read vault content so MCP tools, search, vector indexing, graph features, sync reconciliation, support diagnostics, and active-loop maintenance can work.

When you connect an AI client, that client may access your vault according to the permissions and capabilities you grant. You are responsible for choosing which tools to connect and for revoking access you no longer want.

If you use imem-managed AI features, relevant prompts, retrieved vault snippets, metadata, and outputs may be sent to AI infrastructure or model providers as needed to complete the request.

AI systems may produce inaccurate or unexpected results. You should review important AI-generated content before relying on it, especially if it concerns legal, financial, health, employment, safety, or other high-impact matters.

Do not store sensitive, regulated, confidential, or third-party personal information in imem unless you have assessed the risk, have authority to process it, and are comfortable with the hosted AI-readable service model.

To service providers that help us operate and measure imem, including hosting, database, storage, payment, email, AI, analytics, advertising measurement, observability, support, security, and infrastructure providers.

To AI clients, MCP clients, sync clients, integrations, or provider accounts that you authorise or configure.

To payment processors and financial institutions for checkout, subscription management, fraud prevention, invoices, refunds, and disputes.

To professional advisers, insurers, auditors, or legal representatives where needed for business, compliance, or dispute purposes.

To authorities, courts, regulators, or other parties where we reasonably believe disclosure is required by law, necessary to protect rights or safety, or needed to investigate abuse or security incidents.

As part of a business transfer, merger, financing, acquisition, restructure, or sale of assets, subject to reasonable confidentiality and continuity protections.

We do not sell your vault content. We do not use your private vault content, copied text, passwords, tokens, card details, or private note content for third-party advertising.

imem is operated as an online service using cloud infrastructure and third-party providers. Your information may be stored or processed outside Australia, including in the United States, the European Union, and other locations where our providers or their sub-processors operate.

Where practical, we use reputable providers, contractual protections, access controls, and security measures to reduce the risk of unauthorised access, misuse, or disclosure.

We use cookies, local storage, and similar technologies where needed for sign-in, session management, security, routing, preferences, analytics, advertising measurement, and core product functionality.

We use analytics, observability, and advertising measurement tools, including Google Analytics, Google Ads, Vercel Analytics, and similar services where configured, to understand reliability, performance, product usage, signup paths, setup completion, campaign attribution, and conversion measurement.

Our product analytics are designed to track events such as page views, button or link clicks, copy-button success, signup starts, trial starts, MCP connection milestones, and first-use milestones. We do not intentionally send vault content, copied text, passwords, tokens, card details, private note content, or full copied prompts into analytics events.

You can control cookies through your browser, but blocking required cookies or local storage may stop sign-in, OAuth, billing, or the web vault from working correctly.

We use security measures such as HTTPS in production, provider-managed encryption at rest, hashed auth and sync tokens, scoped OAuth access, plan and rate limits, access controls, and application-level encryption for stored provider API keys where supported.

No online service is completely secure. You are responsible for protecting your account, email inbox, devices, API keys, OAuth grants, sync credentials, and MCP tokens.

If you believe your account, vault, token, or sync credentials have been compromised, contact us promptly.

We keep personal information for as long as needed to provide the service, operate accounts and billing, maintain security, resolve disputes, comply with legal obligations, and support backups and audit trails.

You can export your markdown vault. You may request account or vault deletion, subject to identity verification, legal obligations, billing records, security records, backup retention, and operational constraints.

Deleted content may remain in backups, logs, derived indexes, audit records, or disaster-recovery systems for a limited period before being overwritten or purged according to operational cycles.

You can access and edit much of your account and vault information directly in imem. You can also export vault content where export tools are available.

You may ask us to provide access to, correct, or delete personal information we hold about you. We may need to verify your identity and may refuse or limit a request where permitted or required by law.

If your vault contains personal information about other people, you are responsible for handling access, correction, consent, and deletion obligations that apply to your own use of that information.

If you have a privacy concern or complaint, contact hello@imem.ai with your account email and a clear description of the issue.

We will review privacy complaints and aim to respond within a reasonable time. We may ask for more information, take steps to investigate, and explain the outcome or next steps.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner or another privacy regulator that applies to your location.

imem is not designed for children. You must be at least 18 years old, or the age required to enter a binding contract in your jurisdiction, to use the service.

If you believe a child has provided personal information to imem without appropriate authority, contact us so we can assess and respond.

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as updating this page, sending an email, or showing an in-product notice.

The latest version applies from the date shown above. Your continued use of imem after changes take effect means you acknowledge the updated policy.

For privacy, support, billing, or account questions, contact hello@imem.ai. Include your account email and enough detail for us to identify the issue.