# Momentan — Privacy Policy **Effective Date:** April 27, 2026 · **Last updated:** April 27, 2026 ## 1. Introduction This Privacy Policy ("Policy") describes how Momentan ("Momentan," "we," "our," or "us") collects, uses, stores, and shares information about users ("you" or "your") of the Momentan mobile application, website, widgets, and all related services (collectively, the "Service"). This Policy is incorporated into and forms part of our [Terms of Service](/terms). By downloading, installing, accessing, or using the Service, you acknowledge that you have read and understood this Policy. This acknowledgment covers the data practices necessary to operate the Service — such as storing your content, managing your account, and keeping the Service secure. It does not, by itself, constitute consent to optional processing such as targeted advertising, AI model training on your content, contact list import, or precise location access. Those purposes require separate, specific consent obtained through in-app prompts or settings at the relevant time, as described in Sections 4 and 6. If you do not agree with this Policy, please do not use the Service. This Policy reflects our current data practices and describes features and collection we anticipate introducing. Where a described feature is not yet active, we will provide notice and obtain any required consent when it launches — this Policy is not a blanket reservation of rights for all future collection. Your continued use of the Service after any material update constitutes acknowledgment of the revised Policy. This Policy should be read alongside our [Terms of Service](/terms). ## 2. Data Controller Momentan is the data controller for personal information collected through the Service. For residents of the European Economic Area ("EEA"), United Kingdom ("UK"), and Switzerland, Momentan acts as data controller and, in certain processing relationships with third parties, also as data processor. All privacy inquiries, data subject requests, and related correspondence should be directed to: privacy@momentan.app. We respond to verifiable requests within the timeframes required by applicable law. ## 3. Information We Collect We collect the following categories of personal information. Where a feature is not yet implemented, we describe practices that will apply when that feature launches. This list reflects the full scope of our anticipated data collection. We will provide notice of any materially new categories at or before the time collection begins. **3.1 Account and Profile Data.** When you create an account, we collect your email address, username, password (stored in hashed, encrypted form), date of birth, phone number, city or general location, profile photo, and stated interests or preferences. We also collect information about how you intend to use the Service — for example, whether you are using it for personal memory-keeping, relationship management, or other purposes you describe during onboarding or in your profile. **3.2 User-Generated Content.** All content you create, input, upload, or store in the Service, including: text entries, moments, memories, and personal notes; photos, images, and videos you upload or capture; voice recordings and the transcriptions produced from them; lists, tasks, goals, and associated notes; tags, labels, and organizational categories; information you record about individuals, including names, birthdays, relationship context, personal observations, and other details; and any other text, media, or data you enter into the Service. **3.3 Contact and Address Book Data.** If you grant the Service permission to access your device contacts, we may upload to our servers: full names, phone numbers, email addresses, birthdays, physical addresses, company affiliations, job titles, relationship labels, profile photos, notes, and any other fields stored in your device address book. This data is used to enable contact import, deduplication, relationship tracking, and birthday reminders. By importing contacts, you represent that you have the legal authority to share that information with us on behalf of the individuals listed. **3.4 Device and Technical Data.** Device type, model, and manufacturer; operating system version; app version and build number; unique device identifiers (including advertising identifiers such as Apple's IDFA, IDFV, and equivalent Android identifiers); IP address; mobile carrier and network type; device language and time zone; screen resolution; app installation and update dates; and crash logs, error reports, and other diagnostic data transmitted automatically when you use the Service. **3.5 Usage and Behavioral Data.** Features and screens accessed; session frequency, duration, and timing; navigation paths within the Service; content you create, view, edit, or delete; notification interactions (delivered, opened, dismissed); search queries entered within the Service; in-app purchase history and subscription status; widget interactions and configurations; A/B test group assignments; and other behavioral signals generated by your interactions with the Service. **3.6 Location Data.** Approximate location derived from your IP address (always). If you grant location permission: precise GPS coordinates you associate with moments or entries; location metadata embedded in photos you upload (EXIF GPS data); and historical location context to the extent you associate locations with records in the Service. We will request device-level permission before accessing precise location. **3.7 Voice and Audio Data.** Audio recordings you create using voice features; transcribed text produced from those recordings; and associated metadata including duration, timestamp, and the entry with which the recording is associated. Audio is processed by third-party transcription service providers. See Section 10 for details. **3.8 Photo and Media Metadata.** In addition to the visual and audio content of files you upload, we collect all embedded metadata, including EXIF data (device model, timestamp, focal length, flash status), GPS coordinates embedded at the time of capture, file format, size, and color profile. This metadata is processed as part of the file and subject to the same practices as user-generated content. **3.9 Communications.** Messages, feedback, and support requests you send to us; responses from our team; information you provide in surveys, user research sessions, or beta testing programs; and other correspondence between you and Momentan. **3.9a Subscription and Purchase Data.** When you subscribe to Momentan Pro through the Apple App Store, Apple processes your payment under its own privacy practices and shares with us — through our payments and entitlements platform RevenueCat — only the information needed to grant and maintain your subscription: a stable App User ID we provide (your Momentan account ID), the product purchased, subscription start and renewal/expiration dates, renewal status, and high-level entitlement events such as initial purchase, renewal, cancellation, billing issue, and expiration. We **do not** receive your full payment-card number, billing address, Apple ID password, or other detailed billing information from Apple. RevenueCat acts as our service provider for subscription management; its processing of this data on our behalf is governed by a data processing agreement and by RevenueCat's own privacy policy (https://www.revenuecat.com/privacy). **3.10 Inferred and Derived Data.** Information we derive or infer about you based on data we collect — including interests, preferences, relationship patterns, usage tendencies, life stage characteristics, behavioral attributes, and other inferences drawn from your account data, content, and usage behavior. Derived and inferred data may be used as described in this Policy and may persist even after you delete your account in de-identified or anonymized form. **3.11 Third-Party Data.** We do not independently verify the accuracy, completeness, or legality of information we receive from third-party sources, information you provide about third parties, or contact data you import from your device. We are not responsible for inaccuracies in such data and make no representation as to its accuracy. Information received from third-party sources we may integrate with over time, including analytics providers, measurement companies, advertising platforms, publicly available databases, and business partners. We may combine data received from third parties with information we collect directly. **3.12 Aggregated and De-Identified Data.** We may derive aggregated, de-identified, or anonymized datasets from any of the above categories. Once appropriately processed so that it can no longer reasonably identify you, such data is not subject to this Policy and may be used, retained, licensed, and shared for any purpose without restriction. ## 4. How We Use Your Information We use the information we collect for the following purposes. The legal basis for each purpose (for EEA/UK users) is identified in Section 6. - **Service Provision:** Providing, operating, maintaining, and securing the Service; storing and syncing your data; delivering features you use; processing payments and subscriptions; and fulfilling our contractual obligations to you. - **Personalization:** Customizing your experience, surfacing relevant content and reminders, and tailoring feature availability based on your profile, usage, and inferred preferences. - **Product Analytics and Improvement:** Analyzing how users interact with the Service; identifying bugs and performance issues; conducting A/B testing; measuring feature adoption; and developing new features and products. - **Security and Fraud Prevention:** Detecting, investigating, and preventing unauthorized access, abuse, fraud, and violations of our Terms of Service; maintaining the security and integrity of the Service and its users. - **Communications:** Sending account notifications, security alerts, product updates, and — where you have consented or we have a legitimate basis — marketing communications via email, push notification, or in-app messaging. - **AI and Machine Learning:** Training, testing, fine-tuning, and improving machine learning and AI models using your content and usage data, as described in Section 11. This includes models that power features within the Service and, subject to applicable law and the consents described in Section 6, models developed for other commercial purposes. - **Audience Building and Advertising:** Creating interest profiles, audience segments, and behavioral models; delivering targeted advertising within the Service or through third-party advertising networks; and, as described in Section 5, enabling cross-context behavioral advertising through our commercial partners. - **Commercial Partnerships:** Sharing data with advertising partners, analytics providers, and business partners for commercial purposes as described in Section 5. - **Research:** Conducting internal research and, in some cases, collaborative research using de-identified, aggregated, or appropriately consented data. - **Legal and Compliance:** Complying with applicable laws, regulations, court orders, and legal processes; enforcing our Terms of Service and policies; and protecting the rights, property, and safety of Momentan, our users, and others. - **Business Operations:** Supporting corporate transactions, business development, and other legitimate operational needs. ## 5. How We Share Your Information We may share your information as described below. To the extent sharing constitutes a "sale" or "sharing for cross-context behavioral advertising" under the California Consumer Privacy Act ("CCPA") as amended by the CPRA, we describe that specifically in Sections 5.2 and 17.2 and provide applicable opt-out rights. **5.1 Service Providers.** We share information with vendors and service providers who process data on our behalf, including cloud hosting and infrastructure providers (including Supabase), payment and subscription management providers (including Apple's App Store and RevenueCat, which manages our subscription entitlements and receives subscription events from Apple to grant or revoke Pro access), customer support platforms, push notification services, transcription providers, crash analytics services, and other technical vendors. These parties are contractually required to use your data only to provide services to Momentan. **5.2 Advertising, Analytics, and Commercial Partners.** We may share device identifiers, advertising identifiers, usage data, behavioral data, and interest-based inferences with advertising networks, demand-side platforms, measurement and attribution companies, analytics providers, and marketing technology platforms for the purpose of delivering targeted advertising, measuring advertising effectiveness, and building audience segments. Some of this sharing may constitute a "sale" or "sharing for cross-context behavioral advertising" under California law. You have the right to opt out of this sharing as described in Section 17.2. **5.3 AI and Research Partners.** We may share user-generated content, usage data, and derived information with AI and machine learning service providers and research partners for model training, fine-tuning, and research purposes, as described in Section 11. Data shared with AI partners may be subject to confidentiality obligations and, where feasible, de-identification or pseudonymization measures. **5.4 Business Partners.** We may share information with strategic business partners for joint product development, co-branded features, research, and other commercial collaboration, subject to applicable privacy commitments. **5.5 Business Transfers.** In connection with a merger, acquisition, investment, asset sale, reorganization, bankruptcy, or similar transaction — whether proposed or consummated — your information may be transferred to a successor entity as a business asset. We will endeavor to provide notice of material transfers where practicable and as required by applicable law, including through an in-app notice or email. **5.6 Legal and Safety Disclosures.** We may disclose information to law enforcement, regulatory authorities, or other parties when required by applicable law, legal process, or court order; or when we reasonably believe disclosure is necessary to protect the safety, rights, property, or security of Momentan, our users, or the public. **5.7 Emergency and Safety Disclosures.** Notwithstanding other provisions of this Policy, we may disclose information — including without your prior consent — where we reasonably and in good faith believe that disclosure is necessary to prevent imminent serious harm, death, or significant injury to you or a third party. Such disclosures may be made to emergency services, law enforcement, or other parties we determine are in a position to address the emergency. We are not liable for any disclosure made in good faith under this provision. **5.8 With Your Consent.** We may share information with additional third parties when you have separately provided consent for such sharing. **5.9 De-Identified and Aggregated Data.** We may share de-identified, anonymized, or aggregated data with any party for any purpose, including commercial purposes, without restriction. ## 6. Legal Bases for Processing (EEA / UK / Switzerland) For users in the EEA, UK, or Switzerland, we process personal data under the following legal bases under the GDPR and equivalent national laws. Where we rely on consent, you may withdraw it at any time as described in Section 17.3, without affecting the lawfulness of processing prior to withdrawal. **Contract (Art. 6(1)(b) GDPR).** Processing necessary to provide the Service and fulfill our agreement with you, including: account creation and management; cloud storage and data sync; contact import and birthday reminders; storage and organization of moments, notes, photos, lists, and other content; subscription and payment processing; and responding to your support requests. **Legitimate Interests (Art. 6(1)(f) GDPR).** Processing we conduct on the basis of our legitimate business interests, which we have determined are not overridden by your fundamental rights and freedoms, including: security monitoring, fraud detection, and abuse prevention; crash analytics and technical diagnostics; aggregate product analytics, A/B testing, and product development; internal research and feature improvement; non-promotional service communications; enforcing our Terms of Service; and business transfers and corporate operations. You may object to processing on this basis; see Section 17.3. **Consent (Art. 6(1)(a) GDPR).** For the following purposes, we rely on your consent, which we obtain through in-app prompts, settings, or onboarding flows: marketing and promotional communications by email or push notification; cross-context behavioral advertising and sharing data with advertising partners for that purpose; importing and uploading your device contacts to our servers; accessing precise GPS location; using your user-generated content to train AI/ML models beyond what is necessary to provide features you are actively using; and sharing your personal data with third parties for their independent commercial purposes. You may withdraw consent at any time through app Settings or by contacting privacy@momentan.app. **Legal Obligation (Art. 6(1)(c) GDPR).** Processing required to comply with applicable laws, regulations, or binding orders from competent authorities. **Special Categories (Art. 9 GDPR).** Your use of the Service may involve storing information that reveals sensitive personal characteristics — such as health conditions, relationship details, or other sensitive matters about yourself or others — that you choose to enter. We process such data to provide the storage and organizational features you use, on the basis of your explicit consent given at the time you enter such information. You may withdraw this consent by deleting the relevant content. ## 7. Cookies and Tracking Technologies We and our third-party partners use cookies, pixel tags, software development kits (SDKs), local storage, and similar tracking technologies on our website and within the Service for purposes including session authentication, preference storage, analytics, product improvement, and advertising measurement. Third-party advertising and analytics partners may independently deploy tracking technologies subject to their own privacy policies and may track you across websites, apps, and devices. Where required by applicable law (including EU ePrivacy rules), we will obtain your consent before placing non-essential tracking technologies. ## 8. Biometric Authentication We do not collect biometric identifiers or biometric information. The Service offers optional Face ID and Touch ID authentication, which is handled entirely by your device's operating system and secure enclave. Biometric templates are never transmitted to or stored on our servers. We collect only basic authentication event metadata — timestamp and success/failure status — to secure your account. If you do not enable biometric authentication, none of the above applies. ## 9. Sensitive Personal Information (California — CPRA) The following categories of information we may collect qualify as "sensitive personal information" under the California Privacy Rights Act (CPRA): precise geolocation (when location permission is granted); account login credentials (username and password); and, to the extent you store private notes, communications, or messages in the Service, the content of those communications. We use sensitive personal information for the purposes of providing the Service and as described in this Policy. You have the right to request that we limit our use and disclosure of your sensitive personal information to uses necessary to provide the Service, as permitted by law. To exercise this right, contact privacy@momentan.app with "Limit Sensitive PI Use" in the subject line. We will not discriminate against you for exercising this right. ## 10. Voice Data and Transcription When you use voice recording features within the Service, we collect your audio recordings, the transcribed text produced from those recordings, and associated metadata including duration and timestamp. Audio is transmitted to and processed by third-party speech-to-text service providers; it is not processed solely on-device. By enabling voice features, you consent to this transmission and processing. You may disable voice features at any time through app Settings. Audio recordings and transcriptions associated with deleted entries will be removed in accordance with the retention periods in Section 13. ## 11. AI, Machine Learning, and Research **Features you use.** We use your content and usage data to operate and improve the AI-assisted features you actively use — such as transcription, search, and smart suggestions. This processing is necessary to provide those features and is carried out on the basis of our contract with you. **AI model training on identifiable content.** We do not train generalized AI or machine learning models on your identifiable content by default. If we introduce AI training programs that use identifiable user content — for example, to train models beyond what is needed to deliver features you use — we will notify you in advance and ask for your explicit, separate opt-in consent through a clear in-app flow before any such training begins. That consent will be voluntary, specific to the stated purpose, and revocable at any time through app Settings or by contacting privacy@momentan.app. Withdrawing consent does not affect processing that occurred before withdrawal. **Aggregate and de-identified data.** We may use de-identified, anonymized, or aggregated data derived from user activity to improve our AI features and the Service generally. This processing is conducted on the basis of our legitimate interests and does not require separate consent, as it cannot reasonably be used to identify you. **Third-party AI providers.** We work with the following third-party AI service providers to deliver specific features. We obtain in-app consent (via a "Cloud Processing" disclosure modal) before transmitting any of your content to these providers. The consent applies to all of the providers below; you can revoke it any time in Profile → Settings → Cloud Processing. - **Deepgram (Deepgram, Inc.)** — speech-to-text transcription. When you use the voice agent or voice memo, your audio recording is sent to Deepgram over a secure connection and converted to text. Deepgram's privacy policy: https://deepgram.com/privacy. - **OpenRouter (OpenRouter Inc.)** — AI-model gateway. We send transcribed text or person/moment context bundles to OpenRouter, which forwards the request to the appropriate underlying model below. OpenRouter's privacy policy: https://openrouter.ai/privacy. - **Anthropic (Anthropic PBC) — Claude** — used by the voice agent (`agent-parse`) to interpret a transcript and produce a structured moment, list, list-item, or contact record. Anthropic's privacy policy: https://www.anthropic.com/legal/privacy. - **Google (Google LLC) — Gemini** — used as the fallback model for both the voice agent and the AI Person Summary feature. Google's privacy policy: https://policies.google.com/privacy. - **DeepSeek (DeepSeek)** — used as the primary model for the AI Person Summary feature, which produces a pre-meeting brief from the moments, notes, and tasks you have logged about a specific person. DeepSeek's privacy policy: https://chat.deepseek.com/downloads/DeepSeek%20Privacy%20Policy.html. The data sent to these providers is limited to: the specific audio recording (Deepgram only), the transcribed text (OpenRouter → Anthropic / Google), or a per-person bundle of fields you have logged (OpenRouter → DeepSeek / Google). We do **not** send your full contacts list, your photos, your audio library, or moments unrelated to the feature you are actively using. These providers are bound by data processing agreements that restrict use of your data to providing the contracted feature. Their services are subject to their own privacy policies, which are linked above and which we represent are commercially reasonable in protecting your data. We do not authorize any of these providers to use your content to train their generalized models without our specific direction, and we do not provide that direction by default. ## 12. Automated Profiling and Decision-Making We may use automated means, including machine learning algorithms, to analyze your data and create profiles about you for purposes including personalization, content recommendations, notification optimization, and advertising targeting. EEA/UK users have the right under GDPR Art. 22 not to be subject to solely automated decisions that produce significant legal or similarly significant effects. If you believe such processing is affecting you, contact privacy@momentan.app to request human review. ## 13. Consumer Health Data Information you record in the Service — such as health conditions, medical events, mood, or wellness notes — may qualify as "consumer health data" under Washington's My Health MY Data Act (MHMDA) or similar statutes. We process such data to provide the storage and organizational features you use within the Service. We do not sell consumer health data or share it for targeted advertising without your separate authorization. Washington residents and residents of other states with applicable consumer health data laws may exercise their rights by contacting privacy@momentan.app. ## 14. Data Retention We retain your information for the following periods, or longer where required by law, pending dispute, or investigation: - **Account and profile data:** Duration of active account, plus 3 years after account deletion for legal compliance purposes. - **User-generated content** (moments, notes, photos, videos, lists): Duration of active account, plus 90 days after deletion; backup copies may persist up to 180 days. - **Imported contacts:** Duration of active account, plus 1 year after account deletion or contact removal. - **Voice recordings and transcriptions:** Retained until you delete the associated entry or your account; see above periods for post-deletion. - **Usage and behavioral data:** 2 years from collection. - **Technical and diagnostic logs:** 13 months from collection. - **Support communications:** 3 years from the close of the inquiry. - **Payment and transaction records:** 7 years, for tax and financial compliance. - **Inferred and derived data:** May persist in de-identified or anonymized form after account deletion. - **De-identified and aggregated data:** Indefinitely, for any lawful purpose. Upon account deletion, we will initiate deletion of identifiable personal data from active production systems within 90 days, subject to the exceptions above. However, your data may persist in encrypted backup archives, disaster recovery systems, and operational audit logs for additional periods consistent with the relevant retention category above, or longer where required by law. Such residual data is not accessible in ordinary operation and will be overwritten or purged through our standard backup rotation schedules. Model weights, embeddings, inferences, and other technical artifacts derived in part from your data may persist after account deletion in a form that does not individually identify you. Your rights in relation to such artifacts are limited to the extent that exercising those rights would require Momentan to de-aggregate, re-identify, or reconstruct personal data from what is otherwise anonymized output. **Service metrics and aggregate data as business assets.** Statistical measures, aggregate behavioral patterns, anonymized interaction data, and service-level analytics derived from user activity are owned by Momentan as business assets and are not personal data. These assets are not subject to individual data rights requests and may be used, transferred, licensed, or sold as part of Momentan's business operations without restriction. The presence of your individual activity in the underlying dataset used to generate such assets does not confer any rights over the resulting aggregate or statistical output. **Pseudonymized data.** Where we process data in pseudonymized form — meaning data from which direct identifying information has been separated and is held under separate access controls — such pseudonymized data may be retained for operational, security, research, and compliance purposes beyond the standard retention periods above. Pseudonymized data is not considered "personal data" for retention purposes to the extent that re-identification without the separately held key is not reasonably possible by ordinary means. ## 15. Data Security We implement industry-standard technical and organizational security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS) and at rest, access controls, authentication requirements, and periodic security assessments. No security system is impenetrable, and we cannot guarantee absolute security. We are not responsible for unauthorized access obtained despite our measures. In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law, including GDPR Art. 33/34 and applicable US state breach notification laws. ## 16. International Data Transfers Momentan operates globally. Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States, which may have data protection laws that differ from those in your jurisdiction. By using the Service, you acknowledge these international transfers. For transfers of personal data from the EEA, UK, or Switzerland to third countries not recognized as providing an adequate level of protection, we rely on Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement, the EU-U.S. Data Privacy Framework (where applicable), or other lawful transfer mechanisms. ## 17. Your Privacy Rights and Choices **17.1 All Users.** Regardless of jurisdiction, you may: update your account information within the app; opt out of marketing emails via the unsubscribe link in any message; adjust device-level permissions for contacts, location, camera, microphone, and notifications through your device Settings; and request account deletion through in-app Settings or by emailing privacy@momentan.app. Note that revoking certain permissions may limit or disable features of the Service. **17.2 California Residents (CCPA / CPRA).** California residents have the right to: (a) know what personal information we collect, use, disclose, and sell or share; (b) request deletion of personal information, subject to exceptions; (c) correct inaccurate personal information; (d) opt out of the sale or sharing of personal information for cross-context behavioral advertising; and (e) limit use and disclosure of sensitive personal information (Section 9). To exercise rights (a)–(c) or (e), contact privacy@momentan.app. To opt out of sale or sharing (right (d)), contact privacy@momentan.app with the subject line "Do Not Sell or Share My Personal Information." Response time: 45 days, extendable by 45 days with notice. We will not discriminate against you for exercising these rights. > **Categories of personal information we sell or share for cross-context behavioral advertising:** Device identifiers and advertising identifiers; internet and network activity (usage data, app interaction data); inferences drawn from usage to create interest profiles. **Categories we do not sell:** Precise geolocation, biometric data, consumer health data, or the content of private notes without your separate consent. **17.3 EEA / UK / Switzerland (GDPR / UK GDPR).** You have the right to: access your personal data; rectify inaccurate data; request erasure ("right to be forgotten"), subject to grounds for retention; restrict processing; data portability; and object to processing based on legitimate interests or for direct marketing. You may also withdraw consent for any consent-based processing at any time — for example, to withdraw consent for AI training or for contact import, contact privacy@momentan.app or adjust permissions in app Settings. Withdrawal does not affect the lawfulness of prior processing. Response time: 30 days (extendable by 2 months for complex requests). You may lodge a complaint with your local data protection supervisory authority. **17.4 Other State Residents.** Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other US states with comprehensive privacy laws have rights including access, correction, deletion, portability, and opt-out from targeted advertising, sale of personal data, and certain profiling. We honor requests from residents of all US states with applicable privacy laws. Contact privacy@momentan.app to exercise your rights. Response time: 45 days, extendable by 45 days with notice. **17.5 Verification of Rights Requests.** To protect against fraudulent, unauthorized, or abusive requests, we are required to verify your identity before processing any data subject rights request. We may require you to confirm account credentials, provide documentation, or complete an additional verification step. For requests involving sensitive personal information, or for requests submitted by an authorized agent on your behalf, we may require written proof of authorization and may separately verify your identity directly with you. We may deny or delay requests that we cannot verify to a reasonable degree of certainty, and we are not liable for harm resulting from denial of an unverifiable request. Verification information collected for this purpose is used solely for verification and is not used for any other purpose or shared with third parties. **17.6 Deceased Users.** We do not automatically grant access to, transfer, or delete the accounts or data of deceased users upon request from third parties. A legally authorized representative (such as an estate executor) seeking to access, modify, or delete a deceased user's account must provide sufficient legal documentation — such as letters testamentary, letters of administration, or a court order — to privacy@momentan.app. We will evaluate and respond to such requests as required by applicable law and at our reasonable discretion. We are not liable for any harm arising from our good-faith denial of an insufficiently documented request. **17.7 Illinois Residents (BIPA).** To the extent we collect biometric event metadata as described in Section 8, your consent is obtained as described therein. For BIPA-specific rights or questions, contact privacy@momentan.app. **17.8 Excessive or Repetitive Requests.** Where permitted by applicable law, we may charge a reasonable administrative fee for, or decline to respond to, requests that are manifestly unfounded, excessive in number relative to similar prior requests from the same individual, or repetitive. We will notify you of our determination and the basis for any fee or refusal within the required response timeframe. A "repetitive" request means a request for the same category of data or right that you have submitted within the preceding twelve (12) months and in respect of which we have already provided a complete response, and where no material change in circumstances justifies a further request. We will not charge a fee for your first request in any 12-month period relating to any given right or category of data. Any fee charged will be proportionate to the administrative costs incurred and will be disclosed to you before you are charged. **17.9 Security Processing Without Consent.** Notwithstanding any consent-based restrictions described in this Policy, we reserve the right to process personal data — including retaining logs, access records, and communication metadata — without consent and without prior notice to the extent necessary to: (a) prevent, detect, investigate, or respond to fraud, abuse, security incidents, or unauthorized access; (b) protect the security, integrity, or availability of the Service or our systems; (c) comply with a legal obligation, court order, or binding governmental request; or (d) establish, exercise, or defend legal claims. Any such processing will be limited in scope and duration to what is strictly necessary for the relevant security or legal purpose. ## 18. Account Deletion You may request deletion of your account and associated personal data at any time through app Settings or by emailing privacy@momentan.app. Upon receipt of a verified deletion request, we will initiate deletion of identifiable personal data within 90 days, subject to the retention periods in Section 14 and applicable legal requirements. De-identified and aggregated data derived from your information, and model weights or other AI artifacts trained in part on your data, may be retained after deletion in a form that does not individually identify you. Google Play requires that apps with account creation also provide an in-app path to account deletion and a web-accessible deletion request. Both are available: in-app Settings → Account → Delete Account, and by emailing privacy@momentan.app. ## 19. Children's Privacy The Service is not directed to children under 13 (or under 16 in applicable EEA jurisdictions). We do not knowingly collect personal information from children below the applicable age threshold without verifiable parental consent. If we learn that we have collected personal information from a child without required consent, we will take steps to delete it promptly. If you believe a child has provided personal information to us without required consent, please contact us at privacy@momentan.app. ## 20. Limitation of Liability Our liability for any privacy-related claims is governed by the limitation of liability in our [Terms of Service](/terms), which is incorporated here by reference. Nothing in this Policy creates liability beyond what is permitted under applicable law or what is set out in the Terms of Service. ## 21. Third-Party Services The Service may integrate with or link to third-party services, platforms, SDKs, or websites. This Policy does not apply to those third parties. Third-party SDKs and libraries integrated into the Service may independently collect data about you subject to their own privacy policies. We are not responsible for the privacy practices or security of third parties and encourage you to review their privacy policies before use. ## 22. Changes to This Policy We reserve the right to update or modify this Policy at any time. We will notify you of material changes by posting the updated Policy within the Service and updating the effective date above. For significant changes, we will provide additional notice via email or in-app notification where practicable. Your continued use of the Service following any update constitutes acceptance of the revised Policy. If you do not agree with any update, you must cease use of the Service. We encourage you to review this Policy periodically. ## 23. Contact For privacy-related inquiries, data subject access requests, deletion requests, or complaints: - **Privacy:** privacy@momentan.app - **General:** hello@momentan.app We will respond to verifiable requests within the timeframes required by applicable law. --- © 2026 Momentan. All rights reserved. | [Back to home](/)