Last Updated: December 19, 2024
Welcome to Remembrance ("we," "us," "our," "Service," or "Platform"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and otherwise process information in connection with our voice journaling web application.
This Privacy Policy applies to all users of Remembrance, including those in the European Union, California, and worldwide. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
Our Privacy Principles:
- We collect only the data necessary to provide our service
- We never sell or share your journal content with advertisers
- You maintain full control over your data
- We use industry-standard security measures
- We are transparent about our data practices
Data Controller/Service Operator:
Individual Operator trading as "Remembrance"
Legal Status: Sole Proprietorship
Email: hello@remembrancejournal.com
Response Time: We respond to data requests and inquiries within 48 hours
Note: Remembrance is operated by an individual sole proprietor, not a corporate entity. All data protection responsibilities and obligations rest with the individual operator.
For data protection inquiries, GDPR requests, or privacy concerns, please contact us at the email address above.
What we collect:
- Username (alphanumeric, 3-50 characters)
- Email address (optional, for account recovery)
- Password (securely hashed, never stored in plain text)
- Account creation date and last login timestamp
How we use it: To authenticate your account, manage your access, and provide customer support
Legal basis: Contractual necessity (required to provide the service)
Storage: MongoDB database with AES-256 encryption at rest
Retention: Until you delete your account
What we collect:
- Voice recordings (audio files in MP3, WAV, M4A, WebM, or MP4 format; maximum 25MB per file, 15-minute maximum duration)
- Transcribed text converted from your voice recordings
- Manually typed journal entries
- Entry timestamps and dates
- Edit history of your entries
How we use it: To provide core journaling functionality, enable transcription, power semantic search, and generate summaries
Legal basis: Contractual necessity and your explicit consent
Storage:
- Audio files are temporarily stored only during transcription processing and permanently deleted immediately after
- Text entries and edit history are encrypted at rest in MongoDB using AES-256
- Transcriptions remain your property and are never used for training purposes
Retention: Until you delete individual entries or your entire account
Important Note: Your journal entries may contain sensitive personal information. We treat all journal content with the highest level of confidentiality.
What we generate:
- Text embeddings (mathematical vectors used to enable semantic search)
- Weekly, monthly, and yearly AI-powered summaries of your journal entries
- Semantic search results and contextual answers to your queries
How we use it: To enable intelligent search, organize your thoughts, and provide automated insights
Legal basis: Contractual necessity (part of our service features)
Storage: Encrypted at rest in MongoDB
Retention: Until you delete the associated journal entries or your account
AI Processing Transparency: All AI processing is performed using OpenAI's APIs (see Section 6 for details). These summaries and search results are generated based on your entries but are never used to train AI models.
What we collect:
- API usage metrics (transcription duration, number of embeddings generated, summary generation frequency)
- Transaction IDs for cost tracking
- Operation timestamps
- Feature usage patterns (which features you use and how often)
How we use it: To improve our service, optimize performance, manage costs, prevent abuse, and provide better user experience
Legal basis: Legitimate business interest
Storage: MongoDB database
Retention: Raw usage data retained for 12 months; after that, it is aggregated and anonymized
Your Control: You can request that your usage data not be used for analytics by contacting us at hello@remembrancejournal.com
What we collect:
- Internet Protocol (IP) addresses (for security and rate limiting)
- Browser type and version (from HTTP headers)
- Session cookies (for authentication)
- Error logs and diagnostic data (for debugging and system maintenance)
- Device information (limited, only browser-level data)
How we use it: To maintain security, prevent fraud and abuse, diagnose technical issues, and ensure service stability
Legal basis: Legitimate business interest and contractual necessity
Storage: Application logs (rotated every 10MB, maximum 10 backups retained)
Retention: 30 days for security logs and session data; session cookies expire automatically after 24 hours of inactivity
Under GDPR, we rely on the following legal bases for processing your personal data:
| Data Type | Legal Basis | Reason |
|---|---|---|
| Account Information | Contractual Necessity | Required to provide the service |
| Journal Content | Contractual Necessity & Consent | Core service functionality |
| AI-Generated Content | Contractual Necessity | Service features you use |
| Usage Analytics | Legitimate Interest | Service improvement and optimization |
| Technical Data | Contractual Necessity & Legitimate Interest | Security and service stability |
We use your data to:
We also use your data to:
We explicitly do not:
We share your data with the following service providers. These companies process data on our behalf and are contractually obligated to protect your information:
Services Provided:
- Whisper-1 API for voice-to-text transcription
- Text-Embedding-3-Small API for semantic search embeddings
- GPT-4o Mini API for summary generation and semantic query responses
Data Shared:
- Audio files (during transcription only, immediately deleted after processing)
- Journal entry text (for embeddings and summaries)
OpenAI's Data Practices:
- OpenAI retains API data for 30 days only (as of their current policy)
- Your data is NOT used to train OpenAI's models (API users benefit from this policy)
- Data transmitted via encrypted HTTPS connection
- OpenAI is located in the United States
Safeguards:
- We only send data necessary for specific tasks
- OpenAI has robust security and privacy practices
- Standard Contractual Clauses in place for EU data transfers
OpenAI Privacy Policy: https://openai.com/policies/privacy-policy
Service Provided: Cloud database hosting and management
Data Stored:
- Your account information
- All journal entries and transcriptions
- AI embeddings and summaries
- Usage tracking data
Safeguards:
- AES-256 encryption at rest
- TLS 1.2+ encryption in transit
- Regular automated backups
- Access controls and authentication
- Compliance with SOC 2 Type II standards
Location: Multi-region deployment (you can specify region)
Service Provided: Secure payment processing for subscriptions and one-time payments
Data Shared:
- Email address
- Full name
- Billing address
- Payment information (credit/debit card details handled exclusively by Stripe)
- Subscription tier and status
- Transaction history
- Invoice details
Data We Receive from Stripe:
- Customer ID (encrypted identifier)
- Subscription status
- Payment success/failure notifications
- Last 4 digits of card (for display purposes only)
- Card brand (Visa, Mastercard, etc.)
- Card expiry month/year
What We NEVER See or Store:
- Full credit/debit card numbers
- CVV/CVC security codes
- Card PINs
- Complete card details
Safeguards:
- PCI-DSS Level 1 compliance (highest security standard)
- TLS 1.2+ encryption for all data transmission
- Tokenization of payment data
- 3D Secure authentication support
- Fraud detection and prevention
- Regular security audits
Data Location: Stripe processes data in the United States and European Union
Data Retention by Stripe:
- Payment data retained as per Stripe's policy
- Transaction records retained for 7 years (tax/legal compliance)
- You can request deletion of payment methods anytime
Stripe Privacy Policy: https://stripe.com/privacy
Stripe Terms: https://stripe.com/legal
Important: We never have direct access to your complete payment credentials. All sensitive payment data is handled exclusively by Stripe's secure infrastructure.
Service Provided: Secure payment processing for Indian customers (UPI, Cards, Net Banking, Wallets)
Data Shared:
- Email address
- Full name
- Phone number
- Billing address
- Payment information (handled exclusively by Razorpay)
- Subscription tier and status
- Transaction history
- GST details (if applicable)
Data We Receive from Razorpay:
- Customer ID (encrypted identifier)
- Order ID and payment ID
- Payment status
- Payment method used (UPI, Card, Net Banking, Wallet)
- Last 4 digits of card (for display only)
- Transaction timestamp
What We NEVER See or Store:
- Full card numbers
- CVV codes
- UPI PINs
- Net banking credentials
- Wallet passwords
- Complete payment credentials
Safeguards:
- PCI-DSS Level 1 compliance
- RBI (Reserve Bank of India) compliant
- 256-bit SSL encryption
- Two-factor authentication
- Tokenization of payment data
- Real-time fraud detection
- Secure payment gateway
Data Location: Razorpay processes and stores data in India (compliant with Indian data localization requirements)
Data Retention by Razorpay:
- Payment data retained as per RBI guidelines
- Transaction records retained for 7 years (Income Tax Act requirement)
- You can request deletion of saved payment methods
Additional India-Specific Compliance:
- Compliant with Payment and Settlement Systems Act, 2007
- Follows RBI's Master Direction on Digital Payment Security Controls
- Adheres to Indian IT Act, 2000 and Rules
- GST-compliant invoicing
Razorpay Privacy Policy: https://razorpay.com/privacy/
Razorpay Terms: https://razorpay.com/terms/
Important: Razorpay is our primary payment processor for Indian customers. All sensitive payment data is handled exclusively by Razorpay's secure, RBI-compliant infrastructure.
PCI-DSS Compliance:
We maintain PCI-DSS compliance by:
- Never storing, processing, or transmitting card data ourselves
- Using only PCI-DSS Level 1 certified payment processors (Stripe and Razorpay)
- Implementing secure payment forms (hosted by processors)
- Maintaining secure network infrastructure
- Regular security assessments
- Employee training on payment security
Your Payment Security:
- All payment pages use HTTPS with TLS 1.2+
- Payment forms are hosted by Stripe/Razorpay (not on our servers)
- We use tokenization (encrypted references instead of actual card data)
- We implement 3D Secure for additional authentication
- We monitor for suspicious transactions
- We never email or call asking for payment details
Service Provided: Application hosting and deployment
Data Shared:
- Technical logs (IP addresses, error logs)
- Session data
- Non-sensitive operational metrics
Safeguards:
- Infrastructure-level encryption
- DDoS protection and security monitoring
- Regular security audits
- Compliance certifications
Since our service is cloud-hosted and we use international service providers, your data may be transferred to and processed in countries outside your country of residence, including the United States.
For users in the European Union and European Economic Area (EEA):
We ensure that data transferred internationally receives the same level of protection as required in the EU through contractual safeguards.
While your account is active:
- Journal entries, transcriptions, and embeddings are retained indefinitely
- Account information retained until you delete your account
- Usage data retained for 12 months, then aggregated/anonymized
Financial and Payment Data (Legal Requirement):
- Transaction records: Retained for 7 years (required by tax laws in India, US, EU)
- Invoices and receipts: Retained for 7 years (accounting and tax compliance)
- Payment dispute records: Retained until resolved + 6 years (statute of limitations)
- Subscription history: Retained for 7 years (audit and compliance)
- Refund records: Retained for 7 years (tax reporting)
Why 7 Years?
- Income Tax Act (India): Requires 7-year retention
- IRS (United States): Requires 7-year retention
- EU VAT Directive: Requires 10-year retention (we use 7 as minimum)
- Legal disputes: Statute of limitations typically 6-7 years
What This Means:
Even if you delete your account, we must retain financial records for legal compliance. However:
- These records contain only transaction data (amounts, dates, invoice numbers)
- They do NOT contain your journal entries or personal content
- They are stored securely and separately from active user data
- They are used ONLY for tax, accounting, and legal compliance
- They are never used for marketing or analytics
- After 7 years, they are permanently deleted
When you delete your account:
1. All journal entries are immediately deleted from active systems
2. All account information is immediately deleted (except as noted below)
3. All usage analytics associated with your account are anonymized
4. Database backups are purged within 30 days
5. OpenAI's retained data is deleted per their policy (maximum 30 days)
6. Financial records retained for 7 years (legal requirement - see Section 8.1)
What Gets Deleted Immediately:
- All journal entries and transcriptions
- All AI-generated summaries and embeddings
- Your username and password
- Your email address (from active systems)
- Your preferences and settings
- Your API keys
- Session data and cookies
What Must Be Retained (Legal Requirement):
- Transaction records (amounts, dates, invoice numbers)
- Tax-related information (for 7 years)
- Payment dispute records (until resolved + statute of limitations)
- Anonymized financial data for accounting
Your Rights:
- You can request a copy of retained financial data
- You can request anonymization of personal identifiers in financial records
- After 7 years, all data is permanently deleted
Deletion Process:
- Go to Account Settings → Privacy & Security → Delete Account
- Confirm deletion (this action is irreversible)
- All data permanently deleted within 30 days
We maintain automated backups for disaster recovery purposes:
- Backups are retained for up to 30 days
- Backups are encrypted with the same safeguards as active data
- When you delete your account, backups are purged within 30 days
If you are located in the EU or EEA, you have the following rights under GDPR:
Right of Access:
- You can request a copy of all personal data we hold about you
- Response provided within 30 days in a portable format
- Request email: hello@remembrancejournal.com
Right of Rectification:
- You can correct inaccurate personal data
- Use Account Settings to update your information directly
- Contact us to correct data you cannot update yourself
Right of Erasure (Right to be Forgotten):
- You can request deletion of your data
- We will delete within 30 days unless legal obligations require retention
- Some data may need to be retained for legal compliance
Right of Data Portability:
- You can request your data in a machine-readable format (JSON export)
- Available in Account Settings → Data Export
- Provides portability to move to another service
Right to Restrict Processing:
- You can ask us to limit processing of your data
- Useful if you dispute accuracy or object to processing
- We will maintain data but not actively use it
Right to Object:
- You can object to processing based on legitimate interest
- You can opt-out of analytics and aggregated data collection
- Request via Account Settings or email
Right Not to be Subject to Automated Decision-Making:
- We do not use automated decision-making on your journal content
- We do not perform profiling for purposes beyond stated features
Right to Withdraw Consent:
- You can withdraw consent for processing at any time
- Withdrawal does not affect processing before you withdrew
- Contact us or use Account Settings to withdraw
To Exercise Rights: Contact hello@remembrancejournal.com with "GDPR Request" in the subject line. We will verify your identity and respond within 30 days.
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
Right to Know:
- You can request what personal information we collect
- You can request the sources of that information
- You can request how we use it
Right to Delete:
- You can request deletion of personal information we have collected
- Exceptions: Information necessary to provide services, legal compliance
- We will delete within 45 days
Right to Opt-Out:
- We do not sell your personal information, so there is nothing to opt-out of
- You can limit data processing for analytics
Right to Non-Discrimination:
- We will not discriminate against you for exercising CCPA rights
- You will receive the same service and pricing
Right to Correct:
- You can request correction of inaccurate information
To Exercise Rights: Contact hello@remembrancejournal.com with "CCPA Request" in the subject line. We will respond within 45 days.
No special request needed:
- Access: You can view all your data in-app anytime
- Edit: You can edit your account information directly
- Delete: You can delete individual entries or your entire account
- Export: You can export your data in standard formats
- Opt-Out: You can disable optional features (analytics, summaries)
Essential Cookies:
- Session Authentication Cookie: Maintains your login session (expires after 24 hours of inactivity)
- Security Tokens: CSRF protection cookies (prevents cross-site request forgery)
- Preferences: Remembers your UI preferences (dark mode, language, etc.)
Purpose: These cookies are required for the service to function. Without them, you cannot use Remembrance.
Control: Essential cookies cannot be disabled as the service will not work without them.
We explicitly do not use:
In Your Browser:
- You can manage cookies in your browser settings
- Disabling essential cookies will prevent the service from working
- Instructions: [Browser-specific instructions available on most browser vendor websites]
Important: We do not track you across the web or use cookies for marketing purposes.
We implement comprehensive security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.
Encryption:
- All data encrypted in transit using HTTPS with TLS 1.2 or higher
- Database encryption at rest using AES-256
- Passwords hashed with SHA-256 plus unique salt for each user
- Audio files encrypted during transmission and temporarily storage
Access Control:
- All access requires authentication
- Session-based authentication with secure, HTTPOnly cookies
- Complete data isolation between users (users cannot access other users' data)
- Minimal privilege principle (only essential personnel have access)
Rate Limiting:
- 100 requests per minute for general API usage
- 10 requests per minute for transcription (to prevent abuse)
- IP-based rate limiting to detect suspicious activity
Input Validation:
- All user inputs are validated and sanitized
- Protection against SQL injection (MongoDB parameterized queries)
- Protection against Cross-Site Scripting (XSS) attacks
- CORS protection (only configured origins can access the API)
Infrastructure:
- Automated daily database backups
- 30-day backup retention for disaster recovery
- Infrastructure-level DDoS protection
- Automated security updates and patches
- Health monitoring and alerting systems
Access Policies:
- As an individual operator, I have minimal access to user data
- No routine access to journal content
- Access logged and auditable
- Secure credential management using environment variables
Incident Response:
- Security incidents logged and tracked
- Breach notification procedures in place
- User notification within 72 hours if high risk
- Regulatory notification as required
- Public transparency report maintained
No System is 100% Secure:
- While we implement industry-standard security measures, no internet transmission or electronic storage is completely secure
- You use Remembrance at your own risk
- We cannot guarantee absolute protection against all threats
Your Responsibilities:
- You are responsible for maintaining the confidentiality of your password
- Do not share your account credentials with others
- Report suspicious activity immediately to hello@remembrancejournal.com
- Use strong, unique passwords
- Keep your device secure and updated
Remembrance is not intended for:
- Children under 13 years old (United States)
- Children under 16 years old (European Union)
We do NOT:
- Knowingly collect data from children under these age thresholds
- Market to children
- Provide features designed specifically for children
If we discover that a user is below the minimum age requirement:
1. We will immediately disable the account
2. We will delete all associated data within 30 days
3. We will notify the account holder (or parent/guardian if identifiable)
Parents and Guardians: If you believe your child has created an account, please contact us immediately at hello@remembrancejournal.com with proof of age. We will take prompt action.
In the event of a data breach, we will:
Immediate Response (Within 24 hours):
1. Investigate the breach to determine scope and impact
2. Contain the breach to prevent further unauthorized access
3. Secure affected systems
4. Begin notification process
User Notification (Within 72 hours if high risk):
1. Email notification to all affected users
2. Clear explanation of what happened
3. Information on how you can protect yourself
4. Confirmation of remediation steps
5. Contact information for questions
Regulatory Notification:
- Notify regulatory authorities as required by law (GDPR: 72 hours to supervisory authority)
- Provide transparency reports on our website
- Cooperate with investigations
Notification will include:
- What data was affected
- When the breach occurred
- What we discovered and confirmed
- Steps we have taken
- Steps you should take to protect yourself
- Our contact information
You will be notified via:
- Email to the address on file
- In-app notification
- Public announcement on our website/status page (if widespread)
If we make material changes to this Privacy Policy, we will:
When we make significant changes:
- Accept: Continue using the service (implies acceptance)
- Reject: Delete your account before changes take effect
- You cannot use the service while refusing new terms
Minor clarifications or corrections may be made without advance notice. Last updated date at the top of this policy indicates when changes were made.
We build privacy protection into Remembrance from the start:
- Collect only necessary data
- Minimize data retention
- Provide user controls
- Encrypt sensitive data
- Regular security audits
We are transparent about:
- What data we collect
- How we use it
- Who we share it with
- Your rights
- Our security practices
We take responsibility for:
- Complying with privacy laws
- Responding to data requests
- Investigating breaches
- Maintaining security
- Improving our practices
Since Remembrance uses artificial intelligence for transcription, embeddings, and summaries, here are important considerations:
What AI Does:
- Converts your voice to text (OpenAI Whisper)
- Creates semantic representations of your entries (embeddings)
- Generates summaries of your journal entries
- Provides semantic search results
Limitations You Should Know:
- Transcription may have errors: AI transcription is highly accurate but not perfect, especially with accents, background noise, or technical terms
- Summaries may be incomplete: AI-generated summaries may miss nuance or context
- Search may not be perfect: Semantic search understands meaning but may miss exact keyword matches
- Not professional advice: AI outputs are NOT substitutes for professional medical, legal, financial, or psychological advice
- AI outputs not guaranteed: We cannot guarantee accuracy or completeness of AI-generated content
You can:
- Disable AI features: Choose not to use transcription, embeddings, or summaries
- Manual entry only: Type entries directly without using voice
- Review before using: Always review transcriptions before saving
- Edit summaries: Summaries are suggestions; edit as needed
- Request human review: Contact us if you need human verification of AI outputs
Your Data and AI Training:
- Your journal entries are NOT used to train OpenAI models
- OpenAI API data policy excludes training by default
- We do not use your content for any AI model training
- Only you access and benefit from your data analysis
For privacy questions, data requests, or concerns:
Email: hello@remembrancejournal.com
Subject Line: "Privacy Request" or "Data Protection Inquiry"
Response Time: Within 48 hours
In Your Email, Please Include:
- Your full name
- Account email address
- Clear description of your request
- Any supporting documentation
If you are not satisfied with our response:
EU/EEA Users: You have the right to lodge a complaint with your local data protection authority (supervisory authority). Contact information available at https://edpb.ec.europa.eu/about-edpb/board/members_en
California Users: You can contact the California Attorney General at https://oag.ca.gov/
Data Protection Inquiries: hello@remembrancejournal.com
This Privacy Policy is governed by the laws of [Your Country/State], without regard to its conflict of law provisions.
For disputes:
- Any disputes will be resolved through good faith negotiation
- If negotiation fails, disputes will be resolved through binding arbitration
- Arbitration will be conducted according to the rules of [Your Jurisdiction]
- Location: [Your City/Country]
GDPR Jurisdiction:
- For users in the EU, data protection supervisory authorities have jurisdiction
- You can lodge complaints with your local data protection authority
Personal Data: Information that identifies you or can reasonably be linked to you (name, email, IP address, etc.)
Processing: Any operation on personal data (collection, storage, use, sharing, deletion, etc.)
Data Controller: Entity that determines how and why data is processed (that's us)
Data Processor: Entity that processes data on behalf of the controller (OpenAI, MongoDB, Stripe)
Data Subject: The person whose data is being processed (you)
GDPR: General Data Protection Regulation (EU law)
CCPA: California Consumer Privacy Act (California law)
Journal Content: All entries, recordings, transcriptions, and related data you create
AI-Generated Content: Embeddings, summaries, and search results created by AI
Sensitive Data: Information about health, race, religion, political views, or other protected characteristics
Q: Do you sell my data?
A: No, absolutely not. We never sell journal entries, personal information, or any data to advertisers or third parties. Your privacy is our priority.
Q: Can I download my data?
A: Yes. We provide data export functionality in Account Settings → Data & Privacy → Export My Data. Your data is exported in JSON format.
Q: What happens if Remembrance shuts down?
A: We will provide advance notice and offer you time to download your data. We will permanently delete your data within 30 days of service closure unless you request otherwise.
Q: Can I request data deletion?
A: Yes, you can delete individual entries anytime, or delete your entire account in Account Settings. All data is deleted within 30 days.
Q: Is my data secure?
A: We use military-grade encryption (AES-256), HTTPS transmission, and secure authentication. However, no system is 100% secure. We recommend strong passwords and secure devices.
Q: Who can access my journal?
A: Only you can access your journal. We do not read, access, or share your entries. Exceptions: Legal requirements (court orders, law enforcement) with notice to you whenever possible.
Q: How do you use OpenAI?
A: We send audio and text to OpenAI's APIs for transcription, embeddings, and summaries. OpenAI does not train models on API data and retains it for only 30 days.
Q: Is this GDPR compliant?
A: Yes. We comply with GDPR Article 28 requirements, use Standard Contractual Clauses for transfers, and respect all GDPR rights. EU users have full data protection.
Q: Is this CCPA compliant?
A: Yes. California residents have all CCPA rights: right to know, delete, opt-out, correct data, and non-discrimination. We do not sell personal information.
This Privacy Policy reflects our commitment to protecting your data while providing a valuable journaling service. We understand that your journal entries may contain deeply personal information. We treat this responsibility seriously and have implemented comprehensive safeguards.
We are committed to:
- Privacy First: Minimizing data collection and maximizing protection
- Transparency: Being honest about our practices
- User Control: Giving you tools to manage your data
- Compliance: Following all applicable laws
- Continuous Improvement: Updating security and privacy practices
If you have questions about this policy or our privacy practices, please don't hesitate to contact us. We welcome your feedback.
Thank you for trusting Remembrance with your personal thoughts and memories.
We accept payments through:
Stripe (International):
- Credit cards (Visa, Mastercard, American Express, Discover)
- Debit cards
- Digital wallets (Apple Pay, Google Pay)
- Bank transfers (ACH, SEPA)
Razorpay (India):
- Credit and debit cards (Visa, Mastercard, RuPay, Maestro)
- UPI (Google Pay, PhonePe, Paytm, BHIM)
- Net Banking (all major Indian banks)
- Digital wallets (Paytm, Mobikwik, Freecharge, etc.)
- EMI options (select banks)
Billing Cycle:
- Monthly subscriptions: Billed on the same date each month
- Annual subscriptions: Billed once per year
- Automatic renewal unless cancelled
Payment Authorization:
By subscribing, you authorize us to:
- Charge your payment method on the billing date
- Charge for subscription renewals automatically
- Charge for any applicable taxes
- Charge for overage fees (if applicable to your plan)
- Update payment amounts with 30 days notice
Failed Payments:
If payment fails:
1. We attempt to charge again within 3 days
2. You receive email notification
3. After 3 failed attempts, subscription may be suspended
4. You have 7 days to update payment method
5. After 7 days, subscription is cancelled and access is revoked
Payment Retries:
- Day 1: Initial charge attempt
- Day 3: First retry
- Day 5: Second retry
- Day 7: Final retry
- Day 8: Subscription suspended
Invoice Generation:
- Automatic invoice generated for each payment
- Sent to your registered email address
- Available in Account Settings → Billing History
- Includes transaction ID, date, amount, tax breakdown
Invoice Contents:
- Invoice number (unique identifier)
- Date of transaction
- Description of service
- Subscription tier
- Amount charged
- Currency
- Tax details (GST for India, VAT for EU)
- Payment method (last 4 digits)
- Billing address
GST Invoices (India):
- GST-compliant invoices for Indian customers
- GSTIN displayed (if you provide it)
- HSN/SAC code: 998314 (Online information and database access)
- Place of supply
- IGST/CGST/SGST breakdown
Refund Processing:
- Refunds processed within 5-10 business days
- Refunded to original payment method
- Email confirmation sent
- May take additional 5-7 days to appear in your account (bank processing time)
Chargeback Policy:
If you dispute a charge with your bank/card issuer:
1. We receive chargeback notification
2. We investigate the transaction
3. We provide evidence to payment processor
4. Your account may be suspended during investigation
5. If chargeback is upheld, your account is terminated
6. If chargeback is reversed, access is restored
Chargeback Fees:
- Stripe charges us $15 per chargeback
- Razorpay charges us ₹500 per chargeback
- We may pass this fee to you if chargeback is found fraudulent
- We reserve the right to terminate accounts with excessive chargebacks
Dispute Resolution:
Before filing a chargeback, please contact us at hello@remembrancejournal.com. Most issues can be resolved quickly through direct communication.
Supported Currencies:
- USD (United States Dollar) - via Stripe
- INR (Indian Rupee) - via Razorpay
- EUR (Euro) - via Stripe
- GBP (British Pound) - via Stripe
Currency Conversion:
- Prices displayed in your local currency
- Exchange rates determined by payment processor
- Rates may fluctuate between billing cycles
- You are responsible for any currency conversion fees charged by your bank
Tax Collection:
We collect applicable taxes based on your location:
India:
- GST (Goods and Services Tax): 18%
- Charged on all Indian transactions
- GSTIN: [To be added upon GST registration]
- Place of supply: Based on your billing address
European Union:
- VAT (Value Added Tax): 15-27% (varies by country)
- Charged based on your country of residence
- Reverse charge mechanism for businesses with valid VAT ID
United States:
- Sales tax: Varies by state (0-10%)
- Charged based on billing address
- Exempt for certain states
Other Countries:
- Local taxes applied as required by law
- Displayed at checkout before payment
Tax Exemption:
If you are tax-exempt:
- Provide valid tax exemption certificate
- Email to hello@remembrancejournal.com
- We will review and apply exemption if valid
Transaction Records:
- Retained for 7 years (legal requirement)
- Used for tax reporting, accounting, audits
- Stored securely and separately from journal content
- Never used for marketing or analytics
What We Retain:
- Transaction ID and date
- Amount and currency
- Payment method (last 4 digits only)
- Invoice number
- Tax amount
- Subscription tier
- Billing address
What We Do NOT Retain:
- Full card numbers
- CVV codes
- Card PINs
- Complete payment credentials
Fraud Prevention:
- Real-time transaction monitoring
- Velocity checks (unusual payment patterns)
- IP address verification
- Device fingerprinting
- 3D Secure authentication
- Address verification (AVS)
- CVV verification
Suspicious Activity:
We may flag transactions as suspicious if:
- Multiple failed payment attempts
- Unusual purchase patterns
- Mismatched billing information
- High-risk IP addresses
- Stolen card indicators
If Flagged:
- Transaction may be declined
- Additional verification required
- Account may be temporarily suspended
- You will be notified via email
Cancellation:
- Cancel anytime in Account Settings
- Access continues until end of billing period
- No refunds for partial months
- Data retained for 30 days after cancellation
Upgrades:
- Immediate access to new tier features
- Prorated charge for remaining billing period
- New billing cycle starts immediately
Downgrades:
- Takes effect at end of current billing period
- No immediate charge
- Features restricted at renewal date
Pausing Subscription:
- Not currently supported
- You must cancel and resubscribe later
- Data retained for 30 days after cancellation
Last Updated: December 19, 2024
Next Review Date: December 19, 2025
This Privacy Policy is subject to change. Users will be notified of material changes with at least 30 days advance notice.