Privacy Policy

This Privacy Policy explains how Christchurch Web Solutions Limited, trading as Total Recall (“we”, “us”, or “Company”), collects, uses, stores, and protects your personal data when you use the Total Recall service at totalrecall.chat (“Service”).

We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable. This policy applies to all users worldwide.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

The data controller responsible for your personal data is:

If you have any questions or concerns about how we handle your personal data, please contact us at the email address above.

We collect and process the following categories of personal data:

3.1 Account Information

When you create an account, we collect your email address and an encrypted password. If you choose to provide additional profile information (such as a display name or timezone), we store that as well.

3.2 Conversations & Memories

We store the full text of your conversations with AI models, including your messages and AI responses. We also store memories that the AI extracts from your conversations (facts, preferences, relationships, and other contextual information you share). These memories are used to provide personalised responses in future conversations.

3.3 Notes, To-dos & Reminders

We store notes you create, to-do items, and reminders, including their content, due dates, recurrence rules, and delivery preferences (email or SMS). If you provide a phone number for SMS reminders, we store that number.

3.4 Uploaded Files

Files and images you upload through the Service are stored securely. This includes documents imported for knowledge base purposes. We store file metadata (name, size, type, upload date) alongside the file content.

3.5 API Keys & AI Models

When you provide API keys for third-party AI providers or other services (such as Twilio), we store them encrypted at rest. Keys are decrypted in server memory only when making API calls on your behalf and are never logged or transmitted to any party other than the intended provider.

If you use the free tier without providing your own API keys, your messages are processed using AI models accessed via API credentials managed by us. In this case, we are the entity with the provider relationship and your conversation data is sent to the AI provider under our account. The same data handling and privacy protections apply regardless of whether you use your own keys or our managed keys.

3.6 Email Activity

If you use the email composition feature, we store drafts and a record of sent emails (recipient, subject, body, and any attachments) to provide you with a sent-email history.

3.7 Usage Metrics

We collect basic usage metrics such as the number of messages sent, the AI models used, and token consumption. These metrics help us maintain the Service and provide you with usage insights. We do not use third-party analytics or tracking services.

3.8 Technical Data

Our servers automatically log limited technical data when you access the Service, including IP address, browser type, and access timestamps. This data is used solely for security monitoring and troubleshooting and is not combined with your account data for profiling purposes.

We use your personal data for the following purposes:

• Providing the Service: storing your conversations, memories, notes, reminders, and files; delivering reminders via email or SMS; composing and sending emails on your behalf; making API calls to AI providers using your keys.
• Personalisation: using your stored memories and conversation history to provide contextually relevant AI responses.
• Account management: authenticating your identity, managing your account settings, and communicating with you about your account (such as password reset emails or service notices).
• Service improvement: analysing aggregate, anonymised usage patterns to improve performance, reliability, and features. We do not use your conversations or personal data to train AI models.
• Security: monitoring for abuse, fraud, and security threats; enforcing our Terms of Service.
• Legal compliance: complying with applicable legal obligations, resolving disputes, and enforcing our agreements.

We process your personal data on the following legal bases under the GDPR:

• Performance of a contract (Article 6(1)(b)): processing that is necessary to provide the Service to you in accordance with our Terms of Service. This includes storing your content, making API calls, delivering reminders, and sending emails on your behalf.
• Legitimate interests (Article 6(1)(f)): processing for security monitoring, fraud prevention, service improvement through anonymised analytics, and enforcing our Terms. We have assessed that these interests do not override your fundamental rights and freedoms.
• Legal obligation (Article 6(1)(c)): processing required to comply with applicable laws, such as responding to lawful requests from authorities or maintaining records required by law.
• Consent (Article 6(1)(a)): where we rely on consent for specific processing activities, we will obtain your explicit consent and you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data.

6.1 Infrastructure

Your data is stored on self-hosted infrastructure located in European data centres operated by Hetzner in Germany. We use a self-hosted Supabase instance (built on PostgreSQL) for our primary database. We do not use shared cloud database services or multi-tenant platforms where your data could be commingled with other customers’ data.

6.2 File Storage

Uploaded files are stored in Cloudflare R2, a globally distributed object storage service. Cloudflare R2 stores data across Cloudflare’s network and may replicate data to multiple locations for durability. Access to stored files is restricted to authenticated users and is governed by Cloudflare’s security practices.

6.3 Security Measures

• All data in transit is encrypted using TLS (HTTPS).
• API keys are encrypted at rest using strong encryption algorithms.
• Passwords are hashed using industry-standard algorithms and are never stored in plaintext.
• Access to production systems is restricted to authorised personnel and protected by SSH key authentication.
• Row-Level Security (RLS) policies enforce data isolation at the database level, ensuring users can only access their own data.
• We perform regular backups and maintain disaster recovery procedures.

6.4 Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and we will notify affected users without undue delay, in accordance with GDPR requirements.

The Service interacts with third-party services in the following ways. In each case, the data shared is limited to what is necessary to provide the specific feature.

7.1 AI Providers (OpenAI, Anthropic, Google, OpenRouter)

When you send a message, we transmit relevant conversation context to the AI provider, using either your own API key or (for free-tier users) credentials managed by us. The data sent includes your message, relevant conversation history, and applicable memory context. We do not control how AI providers process this data; their respective privacy policies apply. You can review their policies:

• OpenAI: openai.com/privacy
• Anthropic: anthropic.com/privacy
• Google: policies.google.com/privacy
• OpenRouter: openrouter.ai/privacy

7.2 Cloudflare (R2 Object Storage)

Uploaded files are stored in Cloudflare R2. Cloudflare processes data in accordance with their privacy policy and data processing addendum. Cloudflare R2 is used solely for file storage and does not involve analytics or tracking.

7.3 Postal (Transactional Email)

We use a self-hosted Postal mail server to send transactional emails, including account verification emails, password reset emails, reminder notifications, and emails you compose through the Service. Postal runs on our own infrastructure and email data does not pass through third-party email delivery services.

7.4 Twilio (SMS, User’s Own Account)

If you choose to enable SMS reminders, you do so by connecting your own Twilio account. SMS messages are sent via Twilio using your own credentials. We transmit the message content and recipient phone number to Twilio on your behalf. Twilio’s privacy policy governs their handling of that data.

7.5 Stripe (Payment Processing)

If you subscribe to a paid plan, payments are processed by Stripe, Inc. We share your email address and billing information with Stripe for the purpose of payment processing and subscription management. We do not store your full payment card details. Stripe’s privacy policy applies: stripe.com/privacy.

7.6 No Tracking or Analytics Third Parties

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking or analytics services. We do not embed third-party advertising scripts. We do not sell, rent, or share your personal data with data brokers or advertisers.

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data. These rights apply regardless of where you are located, though certain rights may be subject to local exceptions.

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you. You can access most of your data directly through the Service (conversations, memories, notes, files, etc.). For a comprehensive data export, contact us at privacy@totalrecall.chat.

8.2 Right to Rectification

You have the right to request correction of inaccurate personal data. You can edit your account information, memories, notes, and other content directly within the Service. If you need assistance, contact us.

8.3 Right to Erasure

You have the right to request deletion of your personal data. You can delete individual conversations, memories, notes, files, and other content through the Service. You can also delete your entire account, which will remove all associated data from our active systems within 30 days. Residual copies in encrypted backups may persist for up to 90 days before being overwritten.

8.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format. We support data export functionality within the Service. You may also request a portable export by contacting us.

8.5 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing. During the period of restriction, we will store your data but not process it further (except for storage) without your consent.

8.6 Right to Object

You have the right to object to processing based on legitimate interests. If you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.

8.7 Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In the UK, the relevant authority is the Information Commissioner’s Office (ICO) at ico.org.uk. If you are located in the EU, you may contact your local data protection authority.

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@totalrecall.chat. We will respond to your request within one month. If your request is complex or we receive a large number of requests, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.

Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions.

Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, contact us at privacy@totalrecall.chat. We will verify your identity before processing your request and respond within 45 days.

We use only strictly necessary cookies. We do not use tracking cookies, advertising cookies, or analytics cookies.

The only cookies set by the Service are authentication session cookies, which are essential for keeping you logged in and maintaining your session security. These cookies are first-party, httpOnly, secure, and expire when your session ends or after a reasonable inactivity period. They cannot be used to track you across other websites.

Because we use only strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive (Directive 2002/58/EC, as amended). You can configure your browser to refuse cookies, but doing so will prevent you from using the Service, as authentication requires session cookies.

The Service is not directed at, and is not intended for use by, children under the age of 18 (or the age of legal majority in their jurisdiction, whichever is greater). We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child without appropriate parental or guardian consent, we will take steps to delete that data promptly. If you believe that a child has provided us with personal data, please contact us at privacy@totalrecall.chat.

Your primary account data, conversations, memories, and structured content are stored on servers located in Germany within the European Economic Area (EEA). This data does not leave the EEA for storage purposes.

However, data may be transferred outside the EEA in the following circumstances:

• AI providers:when you send a message, conversation context is transmitted to the AI provider you have selected (e.g., OpenAI, Anthropic, or Google). These providers may process data in the United States or other jurisdictions. This transfer is initiated by your choice of provider and use of your own API key. The relevant provider’s data processing terms apply.
• Cloudflare R2:uploaded files stored in Cloudflare R2 may be replicated to data centres outside the EEA as part of Cloudflare’s global infrastructure. Cloudflare maintains appropriate data transfer mechanisms, including Standard Contractual Clauses.
• Twilio:if you enable SMS reminders via your own Twilio account, message data is processed by Twilio, which may transfer data internationally. Twilio’s data processing addendum and transfer mechanisms apply.

Where data is transferred outside the EEA or the UK, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (for EU GDPR), the UK International Data Transfer Agreement (for UK GDPR), or an adequacy decision by the European Commission or the UK Secretary of State, as applicable.

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

• Account data: retained for as long as your account is active. If you delete your account, your data is removed from active systems within 30 days.
• Conversations, memories, notes, and files: retained for as long as your account is active, unless you delete them individually. Deleted items are removed from active systems promptly and from backups within 90 days.
• Usage metrics: retained in aggregate, anonymised form indefinitely for service improvement purposes. Individual usage records are deleted when your account is deleted.
• Security logs: server access logs containing IP addresses and request metadata are retained for up to 90 days for security monitoring purposes and then automatically purged.
• Backups: encrypted database backups may retain residual copies of deleted data for up to 90 days before being overwritten through the normal backup rotation cycle.

We may retain certain data for longer periods where required by law (for example, to comply with tax, legal, or regulatory obligations) or to establish, exercise, or defend legal claims.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 14 days before the changes take effect.

The “Last updated” date at the top of this page will be revised to reflect the date of the most recent changes. We encourage you to review this policy periodically.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service and delete your account.

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we handle your personal data, please contact us:

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK at ico.org.uk, or with your local data protection authority if you are located in the EU.