Legal

Privacy Policy

Last updated: 23 May 2026

OkMemo treats personal data as audit material, not as growth fuel. Your data stays in the EU, we do not sell it, and you can export or delete it at any time.

1. Who is the controller

OkMemo is operated by Backlog Fejlesztő és Tanácsadó Kft. (short name: "Backlog Fejlesztő Kft."), a Hungarian limited liability company with its registered seat at 2233 Ecser, Szent István utca 41., Hungary (company registration number 13-09-242820, tax number 32900112-2-13). The Operator is the data controller for personal data processed via okmemo.app and its workspace subdomains.

Data protection contact: hello@okmemo.app. We aim to respond to data requests within 7 business days. The Hungarian supervisory authority is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), naih.hu.

2. Data we collect

OkMemo only collects what the product needs to function. We do not run third-party analytics or advertising trackers.

  • Account data: your name, work email, language, timezone, and the workspaces you belong to.
  • Workspace data: workspace name, branding, settings, projects, memos, decisions, sealed Decision Record PDFs, and the SHA-256 hashes used for verification.
  • Stakeholder data: stakeholders you add (name, email, optional role chip) to request approvals from. Stakeholders are not users — they receive single-use magic links and do not sign up.
  • Audit log: an append-only record of every state change inside your workspace (who did what, when, from what IP). This is the product, not telemetry.
  • Billing data: handled by Polar Software Inc. as Merchant of Record. OkMemo only receives a subscription status and an opaque customer ID — never card numbers.

3. Sub-processors

OkMemo runs on a small set of EU-friendly infrastructure providers. We list them here so you can perform your own due diligence:

  • Vercel (United States) — application hosting and edge runtime. Data residency: EU regions for the database; static assets are served globally.
  • Neon (United States, EU region) — Postgres database hosted in the EU (eu-central-1).
  • Clerk (United States) — authentication and magic-link sign-in.
  • Resend (United States) — transactional email delivery (approvals, reminders, receipts).
  • Vercel Blob (United States, EU region) — sealed PDF storage.
  • Polar Software Inc. (United States) — subscription billing as Merchant of Record. Sees your billing address and card; OkMemo does not.
  • Sentry (United States) — error tracking with PII scrubbing enabled.
  • Vercel AI Gateway (provider-agnostic, currently routed to Anthropic) — generates email draft suggestions when you click Regenerate. Inputs are not used to train models.

4. Retention

Sealed Decision Records are retained per your workspace's compliance setting (default: forever) — they are the legal artefact. Audit events are retained per your workspace's compliance setting (default: 7 years). Stakeholder PII is retained for the stakeholder's lifetime in your workspace, or anonymised after archival if you select that policy. When you delete your workspace, all non-sealed data is purged within 30 days; sealed records can be exported on request before deletion.

5. Your rights

Under GDPR you have the right to:

  • Access — request a copy of your personal data we hold.
  • Rectification — correct inaccurate data.
  • Erasure — delete your account and associated personal data, subject to the sealed-record exemption.
  • Portability — receive your data in a machine-readable format (JSON + CSV ZIP).
  • Complaint — lodge a complaint with the Hungarian Data Protection Authority (NAIH) or your local supervisory authority.

To exercise any of these rights, email hello@okmemo.app with the subject line "Data request". You can also export workspace data from Settings → Workspace → Data.

6. Cookies

OkMemo uses strictly necessary cookies only: a session cookie set by Clerk during authentication, and a workspace-switcher preference. No analytics cookies, no advertising cookies, no cross-site tracking.

7. Changes to this policy

Material changes will be announced by email to workspace Owners at least 30 days before they take effect. Editorial changes will be reflected in the "Last updated" date above.