Security & Privacy Policy

Effective Date: January 1, 2020

This Privacy Policy describes the privacy practices of Memorandum Inc. and its subsidiaries and affiliates (collectively, “Memo” or “us” or “we“). This Privacy Policy describes how Memo collects and uses the personal information you provide as well as security practices. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal information. This Privacy Notice applies to:

  • The website and any other websites or online services controlled by us and which display this Privacy Notice, and
  • Marketing analytics services that we provide to our customers, including via applications, dashboards, and platforms.


Information We Collect for Memo’s Own Business Purposes

Whose information we collect

Memo may collect information about individuals who interact with Memo when using our websites or services (such as employees of our customers), job applicants, and other individuals.

How we collect the information

We may collect information:

  • Directly from individuals
  • From our customers, regarding their employees or authorized users
  • From recruiters‍

Types of information we collect

The types of information we collect include:

  • Personal and business contact information (such as name, business name, address, telephone number, email address, and mailing address)
  • Profile information, such as your username and password that you may set to establish an online account with us
  • Payment information (such as credit card or other financial account numbers). We use a third-party payment processor to process credit and debit card transactions and do not collect or store payment card information ourselves.‍

Information We Collect from or on Behalf of Our Customers

Memo provides marketing analytics services to other businesses – our customers. Select customers may elect to install our technology on their websites, which enables us to collect certain information regarding individuals’ visits to our customers’ websites. We analyze the personal information that we obtain only at the direction of our customer, and only on that customer’s behalf.

We may collect information about individuals who visit the digital media properties that have installed our technology at the direction of our customers (“end users”). Memorandum Inc. collects information under the direction of its customers on certain digital media properties. Memo has no direct relationship with its customers’ end users. Our customers determine the scope of the information we receive, and the information we receive may vary by customer. If you are a customer of one of our customers and would no longer like to be contacted by one of our customers that use our service, please contact the company that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.‍

Typically, when end users access our customers’ webpages to the extent our technology is installed, we automatically collect information about end users’ devices, as described further in the section titled “Cookies and Other Information Collected by Automated Means.”‍

We acknowledge that you have the right to access your personal information. Memo has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the relevant customer of Memo’s (the data controller). If requested to remove data, we will respond within a reasonable timeframe.We will retain personal data we process on behalf of our customers for as long as needed to provide services to our customers. Memo will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.‍


We, our service providers, and our business partners, may collect certain information about the use of our websites by automated means, such as cookies, or similar technologies. Likewise, as part of our services, we may offer our customers the ability to install these types of technologies on their websites; and if a customer does so, we collect information on its behalf.

A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. We use both “session” and “persistent” cookies to collect, store, and sometimes track various types of information on our website and on our customers’ websites. A session cookie is one that disappears after you close your browser.

While a persistent cookie remains after you close your browser (and may be used by your browser when you later return to the Service), persistent cookies generally can be removed. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server. Web browsers may offer individuals the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites or our customers’ websites may not function correctly. We and our service providers and business partners may collect information about your online activities over time and across third-party websites when you use our websites.

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please see the “Privacy Preferences, Rights and Choices” section below for information about how you may opt out of, or limit the use of, your browsing behavior for online behavioral advertising purposes. The information we collect by automated means varies based on whether we are collecting information for our own business purposes or whether we are collecting information from or on behalf of our customers to provide our services.

Automated Data Collection

As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or information about how our websites are used (such as the content that is viewed on our websites, how users navigate on and between our webpages). We also gather information about how individuals interact with our emails (such as whether the email is opened and which links are clicked in the email).

When our customers install our technology on their websites, we collect the same type of information as described above on behalf of our customers.


Our Use of Personal Information for Memo’s Own Business Purposes

Memo may use personal information to:

  • Provide our services to our customers
  • Communicate about the products and services we offer, and respond to requests, inquiries, comments, and suggestions
  • Analyze and enhance our communications and strategies (including by identifying when emails sent to you have been received and read)
  • Operate, evaluate and improve our business, our websites, and other products and services we offer (including to improve our algorithms and develop new products and services)
  • Invoice and collect payment for our services
  • Establish and maintain an individual’s profile on our website
  • Tailor the content we display in our communications and on our websites
  • To conduct research about Memo or our services,
  • To notify you of technical updates or changes in policy,
  • To contact you for marketing and promotional purpose,
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements,
  • Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests),
  • Protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites), and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide,
  • Process employment applications,
  • Monitor recruiting statistics, to inform our recruitment activities.

In addition, we may aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.

Our Use of Personal Information on Behalf of Our Customers

We use personal information we collect from or on behalf of our customers to provide services to our customers at their direction.  We do not use this personal information for Memo’s own purposes. We use personal information only as directed or authorized by our customer.

Typically, we are directed or authorized to use personal information collected on behalf of the customer to provide analytics regarding use of our customers’ websites and end user interactions with our customers’ content.‍


We will not sell or rent customers’ or end users’ personal information to third parties except as described in this Privacy Policy. We may disclose your personal information to:

  • Memo affiliates and subsidiaries
  • Service providers that perform services on our behalf, such as customer service and support providers, technology providers (including providers of payment processing, technology support, web hosting, and email communications)
  • Survey and market research providers
  • Advertising and marketing partners
  • Analytics organizations

Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will – where required by applicable law – make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Notice. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal information.

In addition, we may share your information to comply with legal and regulatory requirements, and protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities.


If you submit your information in connection with job opportunities at Memo, we will use and disclose the information to process your application (including to contact you and/or your references and former employers if appropriate), to monitor recruitment statistics, and to comply with government reporting requirements. We also retain statistical information about applicants to help inform our recruitment activities. We will process this information based on our legitimate interest of evaluating job candidates or, when you provide us with sensitive information, based on your consent.


Marketing emails

You may unsubscribe from receiving marketing or other commercial emails from Memo by following the instructions included in the email. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications (such as important product safety information, or changes in website on mobile application terms).

Privacy preferences and rights

Individuals in certain jurisdictions, like the EEA, have certain rights and choice regarding Memo’s processing of their personal information. Please see the “How to Contact Us” section below for our contact information to exercise those rights and choices. In some cases where your personal information is accessible through an online portal or platform, you may be able to directly exercise these rights by following the instructions on the portal or platform.

Please note that if the exercise of these rights limits our ability to process personal information, we may be precluded from providing our products or services to individuals who exercise these rights, or from otherwise engaging with such individuals going forward.

‍We reserve the right to verify the identity of the individual in connection with any requests regarding personal information to help ensure that we provide the information to individuals to whom the information pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information.

For information about the rights and choices users have with respect to cookies and online tracking, please see the “Cookies and Other Information Collected by Automated Means” section of this Privacy Notice.

General objections to the processing of personal information

To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal information. In some circumstances, withdrawing your consent to Memo’s use or disclosure of your personal information will mean that Memo will not be able to provide products or services to you or to otherwise engage with you.

Access to personal information

Upon request, Memo will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by emailing We will respond to your request within a reasonable timeframe.  If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business, in a commonly used format. We may reject your request to access, correction or deletion of your information, as permitted by applicable law.  If we reject your request, we will notify you of the reasons for the rejection.

Portability of personal information

You may request that we transfer your personal information to another data controller. We may reject your request, as permitted by applicable law. If we reject your request, we will notify you of the reasons for the rejection.


Under the California Consumer Privacy Act (“CCPA”), and subject to exceptions, California residents have certain rights regarding their data, including:

  • The right to know the categories of personal information we’ve collected and the categories of sources from which we got the information (see above).
  • The right to know the business purposes for sharing personal information (see “Information Use” above).
  • The right to know the categories of third parties with whom we’ve shared personal information (see “Information Sharing and Disclosure” above).
  • The right to access the specific pieces of personal information we’ve collected and the right to delete your information.
  • The right to opt out of having your personal information sold. Memo does not sell or rent personal information to third parties, as we understand that term to be defined by the CCPA and its regulations regarding implementation and compliance.

California residents also have the right to not be discriminated against if they choose to exercise their privacy rights.

As a California resident, you may exercise your right to know or your right to deletion by sending an email request to Memo’s Data Privacy Officer at  Upon your request, we will contact you to ensure that you are a resident of California or otherwise entitled to the protections offered by the CCPA. Once verified, we will do our best to honor your request within forty-five (45) days of its receipt.  Note that we can only process requests from users which are verified so Memo may need your assistance in order to timely or completely process said request.


We may transfer personal information to countries other than the country in which the data was originally collected for the purposes described in this Privacy Policy. For example, if you are located outside of the United States, we typically transfer your personal information to the United States, where Memo is headquartered. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the information.


We will retain your information for as long as necessary to fulfill the purpose(s)for which the information was collected, depending on the purpose(s) for which the information was collected, the nature of the information, any contractual relationship that may governs the retention of the data, and our legal or regulatory obligations.


We may display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at


Our website includes Social Media Features, such as the Facebook Like button, and Widgets, such as the Share This button or interactive mini-programs that run on our website. These Features may collect your Internet protocol address, which page you are visiting on our website, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.


The Site may contain links to other sites. Memo is not responsible for the privacy practices of such other sites. We encourage our users to be aware when leaving the Site to read the privacy statements of each site that collects personal information.


Memo has established policies and controls, monitors compliance with those controls, and proves our security and compliance to third-party auditors. Memo maintains a SOC 2 Type II attestation. Our SOC 2 Type II report is available on request.

Data Security

  • All datastores with customer data are encrypted at rest.
  • Memo uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks.
  • Encryption keys and passwords are managed via AWS Secrets Manager, AWS Parameter Store, or our Secret and Password Manager. This prevents direct access to data by any individuals, including employees unless granted on an as-needed basis.

Product Security

  • Memo has automated vulnerability scanning built into key stages of our Secure Development Lifecycle (SDLC).
  • Memo uses an intrusion detection system to provide continuous monitoring of the company’s network and early detection of potential security breaches.

Enterprise Security

  • Memo secures remote access to internal resources using a modern VPN platform based on a zero trust architecture and 
  • Memo provides comprehensive security training to all employees upon onboarding and annually. 
  • Memo requires MFA authentication into all internal applications with access to customer data.
  • Employees are granted access to applications based on their role and legitimate business needs based on the principle of least privilege, and automatically deprovisioned upon termination of their employment.
  • Memo reviews all security policies and procedures on at least an annual basis and all controls are continuously monitored.


We may occasionally update or modify this Privacy Policy, at our sole discretion. The date of the most recent update of this document will always be displayed at the beginning of this page. If we change our Privacy Policy, we will post those changes on the Site located at If we decide to use personal information in a manner different from that stated at the time it was collected, we will notify users via email (if an email address has been provided) or display a notice on the Site. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting the personal information we collect.


Memo uses third-party subprocessors to assist in providing Memo’s Applications and Services (as described in agreements with our Customers). These subprocessors provide hosting and data analysis services to assist in developing and improving the Applications and Services. The following entities are considered subprocessors:

Entity Name Amazon Web Services

Corporate Location ‍United States

Data Protection Amendment

In addition to the foregoing privacy policy, Memo offers a data protection addendum (DPA) for customers processing data on behalf of EU/EEA individuals and California residents. If you would like to enter into our DPA, or have questions about processing data with Memo, please email


If you have any questions, comments, or concerns about this Privacy Policy, please contact us at

For specific questions regarding Memo’s compliance with the General Data Protection Regulation (“GDPR”) or the CCPA, please contact Memo’s Data Security Officer at:

Data Security Officer Email:

Please include “GDPR” or “CCPA” in the subject line, as appropriate.