Stuff by Greger

Greger's rantings on making great products

You are here: Home / ActingWeb – Privacy Policy

ActingWeb – Privacy Policy


1. Introduction

This Privacy Policy explains how ActingWeb AI Memory Service (“we”, “our”, “Service”) collects, uses, and protects your personal information. We are committed to protecting your privacy and handling your data transparently.

2. Data We Collect

2.1 Personal Data

  • Email address (from OAuth2 authentication via Google or GitHub)
  • Display name (if provided by authentication provider)
  • Account creation and last login timestamps

2.2 Memory Data

  • Notes and memories you create and store
  • Categories and tags you assign
  • Timestamps for creation and modification

2.3 Usage Data

  • Service interaction logs (API calls, feature usage)
  • Memory type and count statistics
  • Anonymized AI assistant connection information and prompt interactions

3. How We Use Your Data

3.1 Service Provision

  • Store and retrieve your memories
  • Authenticate your identity
  • Provide AI assistant integrations via MCP
  • You may at your own discretion share your memories with other users through the actor connection functionality

3.2 Service Improvement (Free Tier)

  • Analyze anonymized usage patterns
  • Improve AI categorization and search
  • Enhance service features and reliability

3.3 AI Processing

We use AWS Bedrock AI model services, including Claude AI models, for generating short descriptions and categorizations of your memories. Your identity is not shared with the AI service, and your data is protected by AWS privacy preserving services.

4. Data Storage and Security

Security Measures

  • Location: Amazon Web Services (AWS) DynamoDB in the EU region (eu-central-1)
  • Encryption: All data transmitted via HTTPS; data is encrypted at rest
  • Authentication: OAuth2 via Google or GitHub; no passwords stored
  • Access Control: Per-user data isolation; AI assistants require explicit authorization

5. Third-Party Services

5.1 AWS

  • Data storage (DynamoDB)
  • AI processing (Bedrock)
  • Service processing (Lambda and HTTP gateway)

5.2 Authentication Providers

  • Google and GitHub receive only necessary authentication requests
  • We receive only email and profile information

5.3 AI Assistants

  • Claude, ChatGPT, Cursor, and other MCP-compatible assistants
  • Access requires your explicit OAuth2 authorization
  • You control which memory types each assistant can access

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

Access
Request a copy of your data
Rectification
Correct inaccurate data
Erasure
Request deletion of your data
Restriction
Limit how we process your data
Portability
Receive your data in a portable format
Objection
Object to certain processing activities

To exercise these rights, use the functionality in the web interface, or contact: support@greger.io

7. Data Retention and Deletion

  • Active accounts: Data is retained while account is active
  • Account deletion: All data permanently deleted within 35 days
  • OAuth2 tokens: Immediately revoked upon account deletion or MCP client access revoked
  • Backups: Purged within standard backup rotation cycles (35 days)

8. Premium Tier Privacy Options

Premium subscribers (USD 3.99/month) may:

  • Receive detailed data export in standard formats

9. Children’s Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via the Service or email.

11. Contact Information

For privacy-related questions or requests: