Privacy Policy

Effective July 16, 2026

1. Who we are

Ergo is a hosted decision-memory service operated by myzona, available at ergomem.com, app.ergomem.com, and api.ergomem.com (the “Service”). This policy describes what personal data we collect, why, and what your choices are.

2. What we collect

  • Account data — your email address, used to create your account, sign you in, and contact you about the Service.
  • Content you store — the claims, reasons, and documents you write to your Ergo workspace. This is your data; we process it only to run the Service for you.
  • Billing data — handled by Stripe, our payment processor. We never see or store your card details; we keep only your subscription status and plan.
  • Technical data — request logs (IP address, timestamps, endpoints) kept for security, rate limiting, and debugging.

3. How we use it

We use your data to operate the Service: authenticate you, store and retrieve your content, enforce plan limits, process payments, prevent abuse, and respond when you contact us. We do not sell personal data, we do not use your stored content to train models, and we do not run third-party advertising or analytics trackers on the Service.

4. Service providers

We rely on a small set of providers to run the Service:

  • Cloudflare — hosting, network security, sign-in (email one-time codes), and the Turnstile anti-bot check on signup.
  • Stripe — subscription payments and billing management.

Each receives only the data it needs to provide its function and processes it under its own privacy terms.

5. Cookies

We use only functional cookies: a session cookie that keeps you signed in to app.ergomem.com, and the cookies Cloudflare Turnstile needs to distinguish humans from bots on signup. There are no advertising or cross-site tracking cookies.

6. Retention and deletion

Your content stays in your workspace for as long as your account exists. If you cancel, we retain your data for a reasonable period so you can return or export it — it is not automatically deleted. You can request full deletion of your account and stored data at any time via contact, and we will honor it promptly. Technical logs are kept only as long as needed for security and debugging.

7. Security

All traffic to the Service is encrypted in transit (TLS). API access is authenticated with per-tenant tokens, and each customer’s data is scoped to their own tenant. No system is perfectly secure — if we learn of a breach affecting your data, we will notify you.

8. Your rights

You can access, correct, export, or delete your data. Depending on where you live, you may have additional statutory rights (such as under the GDPR). For any request, reach us via the contact page.

9. Changes to this policy

We may update this policy as the Service evolves. If a change is material, we will notify you by email or through the Service before it takes effect.