Legal

Privacy Policy

Last Updated: January 1, 2026

1. Introduction

ITjure F.Z.E ("Company", "we", "us", or "our"), a company registered in the Ajman Free Zone, United Arab Emirates, operates the MEMOPAI service ("Service") — an AI-powered reminder assistant that runs on WhatsApp. This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, and the rights you have over your data.

We are committed to handling your data lawfully and transparently in accordance with applicable data-protection laws, including:

UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
The EU General Data Protection Regulation (GDPR), where applicable to users in the European Economic Area or the United Kingdom

2. Data Controller

For the purposes of data-protection law, the data controller responsible for your personal data is:

ITjure F.Z.E
B.C. 1302456, Ajman Free Zone C1 Building
Ajman Free Zone, United Arab Emirates
Email: info@itjure.com

3. Information We Collect

3.1 Identifiers

WhatsApp phone number — the primary identifier of your MEMOPAI account, provided by Meta when you message us
WhatsApp display name (where available)
Detected language preference (HR / BS / SR / EN)
Detected time zone — inferred from your messages or the country code of your phone number

3.2 Message Content (Reminder Data)

To create and deliver reminders, we process the content of every message you send to MEMOPAI:

Text messages — stored as the reminder body and the source of intent parsing
Voice messages — temporarily downloaded from WhatsApp, transcribed via a speech-to-text model, and then the audio file is deleted from our servers. Only the resulting text transcript is retained as part of the reminder.
Parsed reminder records — the scheduled time, recurrence pattern, language, and the cleaned reminder text we will deliver back to you

Important: don't put highly sensitive data in reminders Because reminder content is stored and retransmitted via WhatsApp, do not include passwords, full payment-card details, government identifiers, health diagnoses, or other sensitive data you would not want stored on third-party servers. Use abstract labels (e.g. "Call doctor at 3pm") instead.

3.3 Payment Information (paid plans only)

If you upgrade to a paid plan, payment is processed by Stripe, Inc. We do not store your full card number on our servers. From Stripe we receive and store only:

Subscription status, plan, and billing cycle
Stripe customer ID and subscription ID
Last four digits of the card and card brand (for receipt display)
Billing email and country (where you provide them)
Invoice records required by tax law

3.4 Operational Logs

We automatically collect technical logs needed to operate the Service securely and to debug issues:

Timestamps of inbound and outbound messages
WhatsApp webhook event IDs and delivery status
Cron / scheduled-job execution traces
Error logs (including phone number hashes) for diagnostics

3.5 Website Visitors

If you visit our marketing website, our hosting provider may log standard request information (IP address, user-agent, referrer, request path) for security and abuse-prevention purposes. We do not use third-party advertising trackers on the website.

4. How We Use Your Data

We process your data for the following purposes:

Provide the Service — parse messages, schedule reminders, and deliver them back to you on WhatsApp
Operate the WhatsApp Business integration — receive webhooks from Meta, dispatch utility-template messages, and handle status callbacks
Process payments and manage subscriptions via Stripe
Communicate with you — send confirmation messages, plan-change notifications, important service announcements, and respond to support requests
Maintain security and prevent abuse — detect spam, rate-limit, and investigate violations of our Terms of Service
Improve the Service — analyse aggregated, de-identified usage metrics (e.g., success rate of intent parsing) to fix bugs and add features. We do not train AI models on your message content (see Section 6).
Comply with legal obligations — including tax, anti-fraud, and lawful requests from authorities

5. Legal Bases (GDPR)

If you are in the EEA or UK, we rely on the following GDPR Article 6 legal bases:

Contract (Art. 6(1)(b)) — processing necessary to provide the Service you have requested (parsing your messages, scheduling and delivering reminders, billing)
Legal obligation (Art. 6(1)(c)) — keeping invoice records, responding to lawful authority requests
Legitimate interests (Art. 6(1)(f)) — securing the Service, preventing abuse, and improving the product. We balance these interests against your privacy rights.
Consent (Art. 6(1)(a)) — for any optional processing where we explicitly ask (e.g., marketing announcements). You may withdraw consent at any time.

6. Third Parties & Sub-Processors

To deliver the Service we share the minimum necessary data with the following sub-processors:

Sub-processor	Purpose	Data shared	Location
Meta Platforms, Inc. (WhatsApp Business Platform)	Message transport & delivery	Your WhatsApp number, message content, delivery receipts	USA / Ireland
OpenAI, L.L.C.	Natural-language parsing & voice transcription	Your message text or voice transcript (no phone number)	USA
Supabase, Inc.	Database, scheduled jobs (pg_cron), and edge function hosting	All account, reminder, and log data	USA / EU
Stripe, Inc.	Payment processing (paid plans only)	Billing details you provide to Stripe; we receive subscription metadata	USA / Ireland
Vercel, Inc.	Marketing website hosting	Standard web-server request logs (no reminder data)	USA / global edge

OpenAI processes API requests under their API data-usage policies, which state that data submitted to the API is not used to train their models. We do not enable any feature that opts into model training on your data.

We do not sell your personal data, and we do not share it with advertisers.

7. International Data Transfers

Because our sub-processors are based outside the UAE and the EU, your data is transferred internationally. For transfers from the EEA or UK, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
The vendor's own approved transfer mechanism (e.g., Data Privacy Framework certification for US recipients, where applicable)
Contractual data-processing addenda with each sub-processor

8. Data Retention

We retain personal data only for as long as it is needed for the purposes set out above:

Active account data (reminders, preferences, message log) — retained while your account is active
After deletion request — purged from primary databases within 30 days; backups expire within a further 90 days
Past reminders — deleted automatically 90 days after the reminder fired, unless you have an active recurring reminder referencing them
Voice-message audio files — deleted immediately after transcription completes (within seconds)
Operational and security logs — retained up to 90 days
Billing records and invoices — retained for 7 years where required by tax law

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Access — request a copy of the data we hold about you
Rectification — request correction of inaccurate or incomplete data
Erasure ("right to be forgotten") — request deletion of your data
Restriction — request that we limit how we process your data in certain situations
Portability — receive your data in a machine-readable format (JSON)
Objection — object to processing based on our legitimate interests
Withdraw consent — withdraw any consent you have given, at any time, without affecting prior lawful processing

To exercise any of these rights, email info@itjure.com from the email associated with your account, or message MEMOPAI from your registered WhatsApp number. We will respond within 30 days.

You also have the right to lodge a complaint with your local data-protection authority (for EU users, this is the supervisory authority in your country of residence).

10. Security

We apply appropriate technical and organisational measures to protect your data, including:

TLS / HTTPS for all data in transit
Encryption at rest for the production database
Row-level security policies enforced in the database
Restricted access to production systems (least-privilege, MFA required)
Cron secrets, API keys, and credentials stored in encrypted secret managers
Webhook signature verification on inbound WhatsApp events
Regular dependency and security review

However, no method of internet transmission or electronic storage is 100% secure. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities in accordance with applicable law.

11. Children's Privacy

MEMOPAI is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with data, please contact info@itjure.com and we will delete it.

12. Cookies

The MEMOPAI WhatsApp service does not use cookies (it operates through WhatsApp). Our marketing website uses only strictly necessary first-party storage (e.g., to remember your language preference). We do not use third-party advertising cookies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted by updating the "Last Updated" date and, where appropriate, by sending you a notification. Your continued use of the Service after a change constitutes acceptance of the updated Policy.

14. Contact

If you have any questions about this Policy or how we handle your data:

ITjure F.Z.E
B.C. 1302456, Ajman Free Zone C1 Building
Ajman Free Zone, United Arab Emirates
Email: info@itjure.com