Stuff by Greger

Greger's rantings on making great products

You are here: Home / ActingWeb – Privacy Policy

ActingWeb – Privacy Policy

Last updated: November 23, 2025

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

📋 Table of Contents

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to ActingWeb.
  • Account means a unique account created for You to access our Service or parts of our Service.
  • Service refers to the ActingWeb Personal Memory service, accessible at https://ai.actingweb.io and through connected AI assistants via the Model Context Protocol (MCP).
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Memory Data refers to personal information, notes, preferences, and other content You choose to store in the Service.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • AI Processing refers to automated analysis of Your Memory Data to generate summaries, categorizations, and enhanced search capabilities.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You and to create an Account. Personally identifiable information may include, but is not limited to:

  • Email address (through Google or GitHub OAuth2 authentication)
  • First name and last name (if provided through OAuth2 provider)
  • Profile information from Your chosen authentication provider

Memory Data

The Service is designed to store personal information You choose to remember. This includes:

  • Notes and memories: Free-form text, titles, and descriptions You create
  • Categorized information: Personal details organized into categories (health, travel, food, work, shopping, entertainment, news, and general notes)
  • Tags and metadata: Labels and organizational information You assign to Your memories
  • Timestamps: Creation and modification dates for Your stored information

AI-Enhanced Data

To improve Your experience, We use AI services to process Your Memory Data:

  • Short descriptions: AI-generated summaries of longer content to improve search and organization
  • Categorization: Automated suggestions for organizing Your memories into appropriate categories
  • Search optimization: Processing to enhance the relevance and speed of memory retrieval

Privacy Note: This processing is performed using Amazon Web Services (AWS) Bedrock AI with privacy-preserving practices. Your Memory Data is sent to AWS AI services only for the purpose of generating these enhancements and is not stored by AWS beyond the processing duration.

Integration Data

When You connect AI assistants (such as Claude, ChatGPT, or others) through the Model Context Protocol (MCP):

  • OAuth2 tokens: Securely stored credentials that allow AI assistants to access Your Memory Data on Your behalf
  • Client information: Names and identifiers for connected AI assistants
  • Access permissions: Your settings controlling which memory categories each AI assistant can access

Tracking Technologies and Cookies

We use minimal cookies only for essential authentication purposes:

  • Session cookies: To maintain Your login session securely
  • OAuth2 state tokens: Temporary tokens used during the authentication process

We do not use cookies for tracking, advertising, or analytics purposes.

Use of Your Personal Data

The Company uses Personal Data for the following purposes:

  • To provide and maintain our Service: Including storing, retrieving, and organizing Your Memory Data
  • To manage Your Account: To manage Your registration and access to the Service
  • To enable AI assistant integration: To allow authorized AI assistants to access Your Memory Data through MCP
  • To improve the Service: AI processing to enhance search, categorization, and memory organization
  • To contact You: To send critical service updates, security notifications, or respond to Your inquiries (We do not send marketing emails)
  • To ensure security: To detect and prevent unauthorized access to Your Account

We do not share Your personal information or Memory Data with third parties, except as described in this policy (AWS for data storage and AI processing).

Storage and Security of Your Data

Data Storage

Your Personal Data and Memory Data are stored using Amazon Web Services (AWS) DynamoDB in the European region (eu-central-1). This includes:

  • Account information and authentication credentials
  • All Memory Data You create
  • Access control settings and permissions

Security Measures

The security of Your Personal Data is important to Us. We implement:

  • Encryption in transit: All data transmission uses HTTPS/TLS encryption
  • Encryption at rest: AWS DynamoDB provides server-side encryption for stored data
  • OAuth2 authentication: Industry-standard authentication protocol with Google and GitHub
  • Access controls: Fine-grained permissions controlling which AI assistants can access which memory categories
  • Regular security updates: We maintain current security practices and promptly address vulnerabilities

However, no method of transmission over the Internet or electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Retention of Your Personal Data

The Company will retain Your Personal Data and Memory Data for as long as Your Account remains active, or as long as necessary to provide You with the Service.

You may request deletion of Your Account and all associated data at any time by contacting Us at support@greger.io. Upon account deletion:

  • Your Personal Data will be permanently deleted within 30 days
  • Your Memory Data will be immediately inaccessible and permanently deleted within 30 days
  • OAuth2 tokens for connected AI assistants will be immediately revoked

We may retain limited Usage Data for internal analysis and security purposes, but this data does not identify You personally and is retained for a maximum of 90 days.

Third-Party Services

AWS (Amazon Web Services)

We use AWS for:

  • Data storage: DynamoDB for storing Your Account and Memory Data (eu-central-1 region)
  • AI processing: AWS Bedrock for generating short descriptions and categorizations

AWS processes Your data only on Our behalf and in accordance with Our instructions. AWS complies with GDPR and provides appropriate data protection guarantees. More information: https://aws.amazon.com/privacy/

Authentication Providers

We use OAuth2 authentication with:

  • Google: For Google account login
  • GitHub: For GitHub account login

These providers authenticate Your identity but do not have access to Your Memory Data. We only receive basic profile information (email, name) necessary to create and manage Your Account.

AI Assistant Integrations

When You connect AI assistants (Claude, ChatGPT, etc.) through MCP:

  • You explicitly authorize each assistant’s access to Your Memory Data
  • You control which memory categories each assistant can access
  • Assistants access Your data only when You actively use them
  • You can revoke access at any time through the Account settings

The privacy policies of these AI assistants govern how they process data You share with them. We are not responsible for the privacy practices of third-party AI assistants.

International Data Transfer

Your information, including Personal Data, is processed in the European Union (AWS eu-central-1 region) and may be transferred to and maintained on computers located outside of Your country where data protection laws may differ.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company takes all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy. We use AWS, which provides appropriate safeguards including GDPR compliance for European data protection standards.

Disclosure of Your Personal Data

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Your Data Protection Rights (GDPR)

If You are located in the European Economic Area (EEA), You have certain data protection rights:

  • Access: You can request copies of Your Personal Data
  • Rectification: You can request correction of inaccurate Personal Data
  • Erasure: You can request deletion of Your Personal Data
  • Restriction: You can request restriction of processing of Your Personal Data
  • Portability: You can request transfer of Your data to another organization or directly to You
  • Object: You can object to processing of Your Personal Data

To exercise these rights, please contact Us at support@greger.io. We will respond to Your request within 30 days.

Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

We also may limit how We collect, use, and store some of the information of Users between 13 and 18 years old. In some cases, this means We will be unable to provide certain functionality of the Service to these users.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top of this Privacy Policy.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective, if the changes are material.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

📧 Get in Touch

If you have any questions about this Privacy Policy, data deletion requests, or exercising Your data protection rights, You can contact us:

Email: support@greger.io

Service website: https://ai.actingweb.io

Copyright © 2025 · Greger Teigre Wedel