Privacy Policy

Effective Date: July 11, 2025
Last Updated: July 11, 2025

1. Who We Are

This privacy policy applies to services operated by Evercode, a business operated by Muhammad Yasir Noor as an individual entrepreneur (Einzelunternehmen) registered in Germany.

Contact Information: - Legal Name: Muhammad Yasir Noor - Business Name: Evercode - Address: Bachstr. 22a, 55270 Schwabenheim an der Selz, Germany - Email: [email protected] - Business: Software Development

Data Protection Officer: As a small business (Einzelunternehmen), we do not have a designated Data Protection Officer. For all data protection inquiries, please contact us directly using the email address above.

2. What This Policy Covers

This privacy policy describes how we collect, use, and protect your personal information when you use: - Our landing page at memory.glacecore.com - Our authentication and MCP Store platform at platform.glacecore.com - Our MemoryCore MCP service at mcp.memory.glacecore.com

3. Information We Collect

3.1 Landing Page (memory.glacecore.com)

Our landing page collects minimal information: - Server logs: IP addresses, browser information, and access times (automatically collected) - No cookies or tracking: We do not use analytics, tracking cookies, or marketing pixels

3.2 Platform Services (platform.glacecore.com)

Authentication & Account Management

When you create an account, we collect: - Email address: For account identification and communication - Profile information: Name and profile picture from your Google account for account display and user interface functionality - Authentication tokens: To maintain your login session securely - Session data: Browser session keys, CSRF tokens, and OAuth state information - Account timestamps: Creation date and last update information

System Monitoring & Security

Our platform automatically collects: - System logs: IP addresses, user-agent strings, request URLs, and error messages - Performance data: Response times, system errors, and service availability metrics - Security logs: Authentication attempts, session management, and access patterns - User activity: Service interactions, feature usage, and platform navigation

MCP Store & Marketplace

When you browse or purchase tools, we collect: - Purchase records: Transaction history and tool ownership information - Purchase dates: For legal compliance and access control - Tool access data: Which tools you have access to and installation status

3.3 MCP Tools Data Collection

MemoryCore Tool (mcp.memory.glacecore.com)

When you use our memory service, we collect and process: - Memory content: All text, information, and data you store in your memory collections - Memory metadata: Custom labels, tags, and organizational information you add - Search data: Technical data that helps us find your memories when you search (stored as numbers, not readable text) - Usage analytics: API requests, response times, and service performance metrics - Search queries: Questions and searches you perform within your memories

4. How We Use Your Information

4.1 Legal Basis for Processing

We process your personal information based on the following legal bases under GDPR Article 6:

Contract Performance (Article 6(1)(b))

User authentication and account management
Memory storage and retrieval services
Purchase processing and tool access
Service delivery and support

Legitimate Interest (Article 6(1)(f))

Security monitoring and fraud prevention
Service improvement and analytics
System performance optimization
Error monitoring and debugging
Account identification and user interface display
User account recognition and interface functionality

Legal Obligation (Article 6(1)(c))

Purchase record retention for tax compliance
Security incident documentation
Regulatory compliance reporting

Marketing communications (if you opt-in)
Non-essential cookies (currently none)

4.2 Platform Services Usage

Authentication: Verify your identity and maintain secure access
Account management: Maintain your user profile and preferences
Service delivery: Provide access to MCP tools and marketplace
Security monitoring: Detect and prevent unauthorized access
Performance optimization: Improve platform speed and reliability
Customer support: Respond to your questions and technical issues

4.3 MCP Tools Usage

MemoryCore service: Store and retrieve your memories across AI tools
Search functionality: Enable semantic search within your stored content
Data synchronization: Keep your memories updated across different AI tools
Usage analytics: Monitor service performance and reliability

4.4 General Service Improvements

Feature development: Analyze usage patterns to enhance functionality
Quality assurance: Monitor service performance and user satisfaction
Legal compliance: Meet regulatory requirements and industry standards

5. How We Store and Protect Your Information

Data Storage

Location: Our servers are located in Germany
Vector database: Your memories are stored in Qdrant Cloud with user-specific isolation
Authentication: User accounts managed through Supabase OAuth service

Data Security

Access controls: Strict user isolation - you can only access your own memories
Authentication: Industry-standard OAuth 2.1 security
Regular monitoring: Automated security monitoring and updates

6. Third-Party Services

We use the following third-party services to operate our platform:

6.1 Personal Data Processors

These services process your personal data and are subject to GDPR requirements:

Supabase Inc. (United States)

Purpose: User authentication and account management
Data processed: Email address, name, profile information from Google OAuth
Legal basis: Contract performance and legitimate interest
Safeguards: EU-US Data Privacy Framework certified
Privacy policy: https://supabase.com/privacy

Google LLC (United States)

Purpose: OAuth authentication service
Data processed: Email address, name, profile picture (with your permission)
Legal basis: Contract performance and legitimate Interest
Safeguards: EU-US Data Privacy Framework certified
Privacy policy: https://policies.google.com/privacy

6.2 MCP Tools Data Processors

MemoryCore Tool Dependencies

Qdrant Cloud (Global Infrastructure) - Purpose: Memory storage and search functionality for MemoryCore MCP tool - Data processed: Your memory content, search data, and organizational information - Legal basis: Contract performance - Safeguards: Standard contractual clauses and encryption - Privacy policy: https://qdrant.tech/legal/privacy-policy/

6.2 Infrastructure Services

These services provide technical infrastructure but do not process personal data:

Hosting services: Web servers and application infrastructure
Content delivery networks: Static asset delivery (fonts, libraries)
Database infrastructure: Technical database hosting services

7. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Here are our general retention practices:

Account and Authentication Data

User accounts: Maintained until you request account deletion
Authentication data: Retained until session ends or account deletion
Session information: Automatically deleted when sessions expire

Platform Service Data

Usage analytics: Retained for reasonable periods to improve service performance
System logs: Kept for necessary periods for security monitoring and troubleshooting

MCP Tools Data Retention

MemoryCore Tool

Memory content: Stored until you delete it or request account deletion
Search data: Stored until you delete the associated memory
Usage analytics: Retained for reasonable periods to improve service performance

Legal and Business Records

Purchase records: Retained as required by applicable tax and business laws
System backups: Maintained for reasonable periods to ensure service continuity

Automatic Deletion

We automatically delete expired sessions, temporary files, and unnecessary system data on a regular basis to minimize data storage and protect your privacy.

Your Control

You can request deletion of your account and associated data at any time by contacting us at [email protected].

As a user, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can update or correct your personal information.

Right to Erasure

You can request deletion of your account and all associated data.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing of your personal data for legitimate interests.

Right to Restrict Processing

You can request that we limit how we use your personal data.

If you have provided consent for any data processing activities, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In Germany, you can contact: - Federal Commissioner for Data Protection and Freedom of Information (BfDI) - Website: https://www.bfdi.bund.de/EN/ - Complaint form: Available on their website

How to Exercise Your Rights

Contact us at [email protected] with your request. We will: - Respond within 30 days (or 3 months for complex requests) - Verify your identity before processing your request - Provide information free of charge (fees may apply for excessive requests) - Explain any refusal if we cannot fulfill your request

9. International Data Transfers

Since we operate from Germany, your data primarily remains within the European Union. However, some third-party services process data outside the EU with appropriate legal safeguards:

9.1 Transfer Safeguards

All international data transfers comply with GDPR Article 46 using one or more of the following safeguards:

EU-US Data Privacy Framework: For certified US companies (Supabase, Google)
Standard Contractual Clauses (SCCs): EU-approved contract terms ensuring data protection
Technical safeguards: Encryption in transit and at rest
Organizational measures: Access controls and data minimization

9.2 Specific Transfer Details

Supabase Inc.: EU-US Data Privacy Framework certified, EU data center
Google LLC: EU-US Data Privacy Framework certified, global infrastructure
Qdrant Cloud: May process data in various global regions with contractual safeguards

9.3 Your Rights Regarding Transfers

You have the right to: - Request information about specific transfers of your data - Object to transfers based on legitimate interests - Request that transfers be stopped if safeguards are inadequate

10. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. All decisions regarding: - Account access and restrictions - Tool purchases and refunds
- Customer support responses - Service modifications

Are made by human review, not automated systems. Our AI tools (memory search, content processing) are used to assist you but do not make decisions about you.

11. Data Sources

For transparency under GDPR Article 14, here are the sources of your personal data:

Data Collected Directly from You

Account registration information
Memory content you store
Support requests you submit

Data Collected from Third Parties

Google OAuth: Email, name, and profile picture (with your permission during OAuth flow)
Technical data: IP addresses from web servers, user-agent from browsers

Data Generated by Our Systems

Usage analytics and performance metrics
Security logs and access patterns
System error logs and debugging information

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will: - Notify you within 72 hours of becoming aware of the breach - Describe the nature of the personal data breach - Explain likely consequences and measures taken to address them - Provide contact information for further inquiries - Report to supervisory authorities as required by GDPR Article 33

We maintain incident response procedures to minimize the impact of any potential data breaches.

13. California Privacy Rights (CCPA)

For California residents, you have additional rights:

Categories of Information Collected

Identifiers: Email address, name, user ID
Personal information: Profile information from OAuth
Commercial information: Usage patterns and service interactions
Internet activity: Service usage and performance data

Your California Rights

Right to know: What personal information we collect and how we use it
Right to delete: Request deletion of your personal information
Right to opt-out: Opt out of sale of personal information (we do not sell data)
Right to non-discrimination: Equal service regardless of privacy choices

14. Cookies and Tracking

We use minimal cookies for essential functionality: - Session cookies: To maintain your login state (essential) - Authentication cookies: For secure OAuth flow (essential) - No tracking cookies: We do not use analytics or marketing cookies

You can disable cookies in your browser, but this may limit service functionality.

15. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by: - Updating the "Last Updated" date - Sending email notification for material changes - Posting notice on our website

16. Contact Us

For questions about this privacy policy or your personal data:

Email: [email protected]
Response time: We aim to respond within 48 hours

For complaints about data processing: German Data Protection Authority (BfDI): https://www.bfdi.bund.de/EN/

17. Age Restrictions and Children's Privacy

Our services are not intended for users under 16 years old. We do not knowingly collect, use, or disclose personal information from children under 16.

If we become aware that we have collected personal information from a child under 16, we will: - Delete the information immediately from our systems - Terminate the account associated with the child - Notify parents/guardians if contact information is available - Implement additional safeguards to prevent future occurrences

If you believe we have collected information from a child under 16, please contact us immediately at [email protected].

This privacy policy is designed to be clear and comprehensive while meeting GDPR, CCPA, and German data protection requirements. If you have questions about how we handle your personal information, please contact us.