MyPenny is a personal AI-memory service. You save memories; the AI assistant you choose — such as Claude, ChatGPT, Perplexity, or Grok — retrieves them over the Model Context Protocol (MCP) and uses them as context in your conversations. This page explains, plainly and accurately, what we collect, how we use it, who else sees it, how long we keep it, and the controls you have.

We have written this to be accurate to how the system actually works today. Where something is a design goal rather than a current guarantee, we say so. We do not claim your memories are end-to-end encrypted, zero-knowledge, or technically unreadable by us. They are not. The honest description is below.

Memory content you provide. The text of every memory you save, your always-on “core memory” blocks, personal trackers (habits/metrics/goals), and the LLM-generated summaries and briefings we build from them.

Input from sources you connect. When you connect a source (a browser extension, screen-capture feature, email, or an MCP client), we receive the raw payload so we can extract memories from it. We also generate a numeric embedding (a 1024-dimension vector) for each memory so semantic search works, and we store tags and metadata (timestamps, importance and confidence scores, memory type, source label, and the workspace a memory belongs to).

Account and identity. Your email and name (via our authentication provider, Clerk), your plan and subscription status, and billing identifiers held by our payment processor (Stripe). We do not store your payment card numbers; Stripe does.

Connection and call metadata. Which MCP clients you have connected (client type, user agent, first/last seen, whether revoked), and, for each memory write, limited provenance metadata: the tool used, client/session identifiers, and a coarse country category derived from the request — not your raw IP address. We use this only for security, abuse prevention, and rate limiting.

Operational records. Transactional email we send you, bulk-import job status, and internal access records (recorded against a hashed identifier with a reason code and timestamp — never the content itself).

Data minimization. We collect only what is needed to run the memory service. We do not collect just-in-case profile data, we do not request your location, and our MCP tools are designed to return only the data relevant to your request. We do not place secrets, keys, or tokens in tool responses.

What we do not touch. MyPenny reads and writes only to its own memory store. It does not read, reconstruct, or extract your assistant’s chat history, conversation summaries, the assistant’s own memory, or files you have uploaded to that assistant. It operates only on the memories you save and the snippets your client explicitly sends. We do not scrape external websites, relay queries to third-party APIs on your behalf, or integrate with outside services without authorization.

• Storage and retrieval — saving your memories and making them searchable by meaning (vector search) and keyword (lexical search) when your assistant asks for them over MCP.
• Memory formation and upkeep — automated background jobs (“sleeptime”) read your raw input to extract, de-duplicate, and structure memories; build per-topic briefings; and periodically merge redundant entries and flag contradictions. These jobs send memory content to a model provider (below) to do this work.
• Search embeddings — generating the numeric vector for each memory at write time; this step sends the memory text to our embedding provider (below).
• Authentication, billing, and transactional email — verifying your identity, enforcing your subscription, and sending account/billing notices.
• Service operations — error tracking, performance/cost telemetry, and rate limiting. Our observability pipeline is built so that no memory content is ever sent to it — only error messages, counts, timings, and identifiers.

We do not sell your data, we do not use it to serve advertising, and HelperLabs does not use your memory content to train its own models. The model providers that process your content (below) operate under their own terms.

Who receives it (sub-processors)

We use the following third parties to run the service. Each operates under its own privacy policy. The ones that receive your memory content are called out explicitly.

• Convex Inc. — backend platform and database; stores all of your data on managed cloud (AWS) infrastructure. Receives memory content: yes.
• OpenRouter — model gateway used by our background jobs and for embeddings. Receives memory content: yes (extraction, consolidation, tagging, briefings, embedding).
• OpenRouter’s underlying models (currently DeepSeek V4 Flash for processing and BAAI BGE-m3 for embeddings; these may change) — the inference models that actually process the content. Receives memory content: yes.
• The AI assistant you choose (e.g. Claude, ChatGPT, Perplexity, Grok) — retrieves your memories over MCP and receives them in its prompt context, in plain text. This is the core purpose of the product and is governed by that assistant provider’s own terms. Receives memory content: yes.
• Clerk — authentication and identity (email, name, login credentials only). No memory content.
• Stripe — payment and subscription processing (billing data only). No memory content.
• AWS KMS (HelperLabs account) — encryption key management (key operations and encryption-context metadata only). No memory content.
• Cloudflare — DNS / CDN / edge (routing and standard HTTP request metadata). No memory content.
• Vercel — hosts our marketing site and dashboard. No content store.
• PostHog — error and performance observability (error messages, counts, timings, and identifiers, including your user ID). No memory content.
• Resend — transactional and account email (email addresses and the email itself). No memory content.

Each provider’s privacy policy: Convex, OpenRouter, Clerk, Stripe, AWS, Cloudflare, Vercel, PostHog, Resend.

Your chosen AI provider, OpenRouter, and OpenRouter’s underlying models see your memory content in plain text. MyPenny’s protections do not extend into those providers. Choose providers you trust, and review their policies.

• Memories, core memory, trackers, and summaries — kept for as long as your account exists, subject to automated importance-based pruning over time.
• Raw source input, screen-capture text, and session transcripts — transient: deleted as soon as our background job has extracted memories from them, with a backstop that deletes any unprocessed remainder within 7 days. We do not retain raw screen text or transcripts long-term.
• Embeddings — kept for the life of the memory they belong to.
• Account and connection records — kept while your account is active; a revoked connection is marked revoked and stops working immediately.
• Internal access records — retained for accountability (hashed identifier, reason, timestamp; no content).

If you delete your account or ask us to, we will permanently delete your stored memories and associated data; we process these requests manually today (see Your controls).

Security

• In transit — all connections use TLS; our MCP and API endpoints are served only over HTTPS.
• At rest — your data is stored on our backend provider’s managed cloud infrastructure, which encrypts data at rest at the storage layer. We are building an additional layer of application-level (envelope) encryption for sensitive content fields, using keys held in our own AWS KMS account; this layer is not yet enabled in production. When it is, those fields will be stored as ciphertext, and we will hold the encryption keys — this is not end-to-end or zero-knowledge encryption.
• Authentication — MCP clients connect using an OAuth authorization-code flow with PKCE. Access tokens are scoped to your individual account; your assistant’s platform receives no standing or elevated access to your memories, and you can revoke any connection at any time, which immediately blocks further access from that token. Our own background processing runs under internal service identities used solely to operate the service for you.
• Access control and logging — internal access to stored content is restricted and recorded. Our logs and telemetry are designed never to contain memory content, prompts, payloads, or raw error objects.
• Embeddings (disclosed limitation) — we store memory embeddings as numeric vectors in readable form because they are required for the search you rely on. Published research shows embeddings of this kind can be partially inverted to recover approximate (not exact) content. We disclose this rather than imply otherwise.

What this means. MyPenny uses (and is extending) encryption with keys we hold and operate. We are technically capable of accessing your memory content — for example to run the background processing the product depends on, or if compelled by valid legal process. We do not claim that we cannot read your memory, and we do not offer end-to-end or zero-knowledge encryption today. True end-to-end encryption, in which only you hold the key, is on our roadmap for a future tier and is not available now.

Vulnerability reports. We welcome security reports from researchers and from our platform partners. Email security@mypenny.ai; we acknowledge and investigate reports in good faith and with reasonable care.

MyPenny is a general, user-controlled memory store — not a health, medical, or specialized-data application. We do not collect, solicit, request, or require, and MyPenny is not designed or marketed to process: Protected Health Information (PHI) as defined under the HIPAA Privacy Rule (45 C.F.R. § 160.103); payment card (PCI) data; government-issued identifiers; or authentication credentials and secrets.

Because MyPenny stores free-form text you choose to save, a memory you write could incidentally contain personal or sensitive details. We do not solicit special-category data; if you choose to store such content, you do so voluntarily and at your own discretion, and by storing it you authorize us to process it as described on this page (including by the background jobs and the AI provider you have connected). We treat all stored content with the protections described above and use it only to operate the service for you.

Not a regulated or professional-advice service. MyPenny does not provide medical, legal, financial, or other professional advice and is not a diagnostic or treatment tool. MyPenny is not HIPAA-compliant and is not appropriate for regulated PHI workflows.

Your controls

• Access — your memories are visible to you through your connected assistant and the MyPenny dashboard.
• Correct and update — you can create, update, supersede, and reorganize memories (including core-memory blocks) directly through the MyPenny tools, and organize them into separate workspaces.
• Revoke connections — you can disconnect any connected AI client from your dashboard at any time; that immediately blocks all further access from that token.
• Export — you can request a copy of your stored data by emailing privacy@mypenny.ai; we fulfill export requests on request.
• Deletion — you can delete your account, or request deletion of your data, by emailing privacy@mypenny.ai. We will permanently delete your stored memories and associated data. We process these requests manually today and are building self-service deletion in the dashboard. Transient source inputs are deleted automatically as described under Data retention.
• Email preferences — you can opt out of marketing email via the unsubscribe link in any such message.
• Billing — you manage your subscription through the billing portal.

Your legal rights

Depending on where you live, you may have rights over your personal data under laws such as the EU/UK GDPR (access, rectification, erasure, portability, restriction, and objection) and the CCPA/CPRA in California (to know, to delete, to correct, and to opt out of “sale” or “sharing”). We do not sell or share your personal data for cross-context behavioral advertising. You can exercise these rights using the controls above or by emailing privacy@mypenny.ai; we will not discriminate against you for exercising them. If you are in the EEA/UK and we cannot resolve your concern, you may lodge a complaint with your local data-protection authority.

We may disclose your information when required by law, subpoena, court order, or other valid legal process, or to protect the rights, safety, and security of our users, the public, or HelperLabs. Because we hold the encryption keys, our architecture cannot cryptographically prevent disclosure compelled by valid legal process. We will resist overbroad requests and disclose only what we are required to. If your threat model requires defense against legal compulsion, MyPenny is not the right product for that today.

Children

MyPenny is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

Changes to this page

We may update this page as the product evolves. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. We will not retroactively reduce the protections that applied to data already collected without an appropriate basis.

Contact

Questions, privacy requests (access, export, deletion), or security reports:

• Email: privacy@mypenny.ai (privacy & data requests) · security@mypenny.ai (security reports) · support@mypenny.ai (general support)
• Operator: HelperLabs, LLC

We aim to respond to privacy and security inquiries promptly.