GoodMem Cloud Privacy Policy

Last updated: June 22, 2026 Effective: June 22, 2026

This Privacy Policy explains how PAIR Systems, Inc. ("PAIR Systems," "we," "us," or "our") collects, uses, and shares personal information in connection with our GoodMem Cloud service at cloud.goodmem.ai, our website at goodmem.ai, and related pages, tools, and communications (collectively, the "Services").

This Policy describes how we handle personal information for which we act as a controller — for example, account, billing, and website information.

Scope — hosted service only. This Policy applies to the GoodMem Cloud hosted service at cloud.goodmem.ai and to our website at goodmem.ai. It does not apply to self-managed, self-hosted, or self-installed deployments of the GoodMem software (for example, installs via get.goodmem.ai). If you run GoodMem yourself, you (or your organization) operate that deployment and are responsible for the data in it; this Policy does not cover it.

Customer Content. When a business customer uses GoodMem Cloud, we process the data they store in the Service ("Customer Content") on their behalf as a processor/service provider. Our handling of Customer Content is governed by our Terms of Service and Data Processing Addendum (DPA), not by this Policy. If you are an individual whose personal information appears in a customer's Customer Content, please contact that customer (the controller) to exercise your rights.


1. Information we collect

1.1 Account and profile information. When you sign up or are invited to a Domain (organization), we collect your name, email address, organization/Domain name, role, and, if you choose to provide it, your phone number.

1.2 Authentication information. We use a third-party authentication provider (Stytch) and single sign-on with Google and GitHub. When you sign in, we receive basic profile and authentication information from your identity provider (such as your name, email address, and a unique identifier). We do not receive or store your Google or GitHub password.

1.3 Billing information. For paid use, our payment processor (Stripe) collects and processes your payment details. We do not store full payment-card numbers; we receive limited billing information such as billing contact, the last four digits, card brand, and transaction and invoice records.

1.4 Usage, log, and device information. We automatically collect information about how the Services are accessed and used, such as IP address, browser and device characteristics, pages and features used, requests and timestamps, referring/exit pages, and diagnostic and performance logs.

1.5 Cookies and analytics. We and our analytics provider (PostHog) use cookies and similar technologies to operate the Services, remember your preferences, and understand usage. See Section 6 (Cookies and analytics).

1.6 Communications and support. When you contact us (for example, support or sales inquiries) we collect the information you provide and our correspondence with you.

We do not intentionally collect special categories of sensitive personal information through the account, billing, or website Services, and you should not submit such information to us outside of Customer Content.


2. How we use information

We use personal information to:

We do not use Customer Content to train, fine-tune, or develop AI or machine-learning models, and we do not sell personal information.


3. Legal bases (EEA/UK)

Where the EU/UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Services you request); our legitimate interests (to secure, operate, analyze, and improve the Services, and for direct B2B communications), balanced against your rights; compliance with legal obligations; and your consent where required (for example, certain cookies or marketing).


4. How we share information

We share personal information only as described below; we do not sell it.

4.1 Service providers / sub-processors. We share information with vendors who process it on our behalf to provide the Services, under contracts requiring appropriate protection. These currently include, for example:

A current list of sub-processors is available at https://trust.pairsys.ai.

4.2 Within your organization. Account and usage information may be visible to administrators and other authorized users of your Domain.

4.3 Legal and safety. We may disclose information if required by law, legal process, or government request, or where we believe disclosure is necessary to protect the rights, property, or safety of PAIR Systems, our users, or others, or to enforce our agreements.

4.4 Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

4.5 With your direction or consent. We may share information at your direction or with your consent.


5. International data transfers

We are based in the United States and may process and store information in the United States and other countries where we or our service providers operate. Where we transfer personal information from the EEA, UK, or Switzerland, we use appropriate safeguards (such as the European Commission's Standard Contractual Clauses) where required.


6. Cookies and analytics

We use cookies and similar technologies that are necessary to operate the Services (for example, authentication and session cookies) and, with consent where required, analytics cookies. We use PostHog to understand how the website and product are used; PostHog processes this analytics data in the United States. For this purpose a cookie may be set on the .goodmem.ai domain so that usage can be measured consistently across our website (goodmem.ai) and app (cloud.goodmem.ai). You can control cookies through your browser settings and, where offered, our cookie-consent controls.


7. Data retention

We retain personal information for as long as needed to provide the Services and for the purposes described in this Policy, and thereafter as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Account information is generally retained for the life of the account and for a reasonable period afterward; billing records are retained as required for tax and accounting purposes. Retention of Customer Content is governed by the Terms of Service and DPA.


8. Security

We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal information. No system is completely secure, and we cannot guarantee absolute security. Information about our security practices is available at https://trust.pairsys.ai.


9. Your rights and choices

Depending on where you live, you may have rights regarding your personal information, such as to access, correct, delete, or port it, to object to or restrict certain processing, and to withdraw consent.

9.1 EEA/UK (GDPR). You may exercise the rights above and lodge a complaint with your local supervisory authority.

9.2 California (CCPA/CPRA). California residents may request access to, deletion of, and correction of personal information, and may opt out of "sale" or "sharing" of personal information. We do not sell personal information, and we do not share it for cross-context behavioral advertising. We will not discriminate against you for exercising your rights.

9.3 How to exercise. Contact us at privacy@pairsys.ai. We will verify your request as required by law. If your personal information is contained in a customer's Customer Content, we will refer your request to that customer.

9.4 Marketing choices. You can opt out of marketing emails using the unsubscribe link in those emails. We may still send you service and administrative messages.


10. Children

The Services are for business use and are not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.


11. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice as appropriate (for example, by posting the updated Policy with a new "Last updated" date or by other notice). Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.


12. Contact us

PAIR Systems, Inc. c/o Cogency Global Inc. (registered agent), 850 New Burton Road, Suite 201, Dover, DE 19904 Privacy: privacy@pairsys.ai Legal: legal@pairsys.ai