thinkingmemory / cloud

Privacy Policy

Last updated: June 15, 2026

This Privacy Policy explains how ThinkingDBx Pvt. Ltd. ("ThinkingDBx", "we") collects, uses, and protects personal data when you use ThinkingMemoryCloud (the "Service"). We act as a data controller for account data and as a processor for the content you store.

1. Data we collect

  • Account data — name, email, hashed password, tenant, and login timestamps.
  • Usage data — API requests, operation counts, and audit/log entries used for security, quotas, and billing.
  • Content ("Your Data") — the memories and metadata you send to the Service.
  • Payment data — handled by our payment provider; we do not store full card details.

2. How we use data

  • to provide, secure, and maintain the Service;
  • to enforce plan limits, prevent abuse, and meter usage;
  • to process payments and send transactional email (verification, sign-in, billing);
  • to communicate service and account notices.

We do not sell your personal data, and we do not use the content you store to train models.

3. Processors & sub-processors

  • Paddle.com Market Ltd. (Paddle) — payments and billing (Merchant of Record).
  • Hosting / email — our own infrastructure operated by ThinkingDBx in India, including a self-hosted mail server for transactional email.

4. Data location & retention

Data is processed on infrastructure operated by ThinkingDBx. We retain account and content data for as long as your account is active and for a reasonable period afterwards, then delete or anonymise it, unless a longer period is required by law.

5. Security

We apply technical and organisational measures including per-tenant isolation (database row-level security), hashed credentials and API keys, encryption in transit (TLS), and access controls. No method of transmission or storage is completely secure.

6. Your rights

Subject to applicable law (including the EU/UK GDPR and India's DPDP Act), you may request access, correction, deletion, export, or restriction of your personal data, and may object to certain processing. Contact our data protection contact at dpo@thinkingdbx.com.

7. Cookies

We use a strictly necessary, httpOnly session/refresh cookie to keep you signed in. We do not use advertising or third-party tracking cookies in the console.

8. Children

The Service is not directed to children under 18 and we do not knowingly collect their data.

9. Changes

We may update this Policy; material changes will be notified via the Service or email.

10. Contact

ThinkingDBx Pvt. Ltd., Hyderabad, Telangana, India · CIN U62011TS2025PTC206211. Privacy enquiries: dpo@thinkingdbx.com.