⚠️ Founder-reviewed interim version — posted 2026-04-21. This page has been reviewed by BNC Solutions LLC's founder for accuracy about how MeMe Care actually operates. An independent attorney review is in progress. We will update this page and note the date when that review completes.
MeMe Care Subprocessors
Last updated: 2026-04-21
MeMe Care uses the vendors below ("subprocessors") to operate the service. Each one receives only the data it needs to do its job. We do not sell data to any of them.
A mirror of this page lives at memecare.ai/subprocessors.
Current subprocessors
| Subprocessor | Purpose | Data shared | Location | Privacy policy |
|---|---|---|---|---|
| Amazon Web Services (Bedrock — hosts Claude Opus) | Document analysis — reads the photo and writes the explanation. Claude is an Anthropic model but runs entirely inside AWS; Anthropic does not receive MeMe Care data. | Photo contents (held in Bedrock's prompt cache up to 5 minutes to serve follow-up questions, then automatically purged); Primary User's first name; optional full legal name; household-member names and relationships | United States (us-east-1) | aws.amazon.com/privacy |
| Cloudflare (Workers, D1, KV, R2, AI Gateway, Email Routing, CSAM Scanning Tool) | Core infrastructure — API, database, object storage, caching, AI request routing, transactional email delivery, network-edge CSAM scanning | All data in transit; scan metadata and account records at rest in D1; voice-cue audio assets in R2; rate-limit counters in KV; transactional email send (magic-link sign-in, approval notifications, legal-consent receipts, dunning, trusted-sender verification — recipient address, subject, body; no photos or scan content) | United States | cloudflare.com/privacypolicy |
| Amazon Web Services (S3 — disaster-recovery backups) | Encrypted off-Cloudflare backup storage for D1 + R2 + Vectorize, used only for disaster recovery | Encrypted backup snapshots of account records, scan metadata, and voice-cue assets. Encryption keys held by MeMe Care, not by AWS. | United States | aws.amazon.com/privacy |
| Deepgram (Aura-2 text-to-speech) | Primary text-to-speech — reads responses aloud in a warm voice | Text of AI response being spoken (in-memory only; no training use per Deepgram enterprise terms) | United States | deepgram.com/privacy |
| OpenAI (Whisper + TTS-1-HD) | Speech-to-text (Whisper) and fallback text-to-speech (TTS-1-HD, used only if Deepgram is briefly unavailable) | Primary User's voice recording (in-memory, deleted after transcription); text of AI response being spoken | United States | openai.com/policies/privacy-policy |
| Stripe | Web subscription billing, customer portal, hosted checkout | Account Holder's email, billing address, payment method last-4 (we never see card numbers), subscription records | United States | stripe.com/privacy |
| Apple App Store / StoreKit | iOS subscription billing via Apple In-App Purchase | Apple receipt identifiers, subscription status, auto-renewal state | United States (per Apple ASC terms) | apple.com/legal/privacy |
| Google Play Billing | Android subscription billing | Google receipt identifiers, subscription status, auto-renewal state | United States (per Google Play terms) | policies.google.com/privacy |
| Apple (APNs) | iOS push notification delivery — scam alerts, reminders, approval requests to the trusted contact | Push token, short notification title + body, scan ID | United States | apple.com/legal/privacy |
| Google (FCM) | Android push notification delivery — scam alerts, reminders, approval requests to the trusted contact | Push token, short notification title + body, scan ID | United States | policies.google.com/privacy |
| Sentry | Runtime error reporting across the backend Worker, mobile app, and web app | Stack traces, error messages, app + OS version (configured with sendDefaultPii: false so no user identifiers are attached) |
United States | sentry.io/privacy |
| Telnyx (voice telephony — Voicemail Screening add-on only) | Primary voice telephony provider for the Voicemail Screening add-on. Receives the carrier-forwarded call (via Conditional Call Forwarding), records the voicemail, and streams the audio to MeMe Care for transcription + scam analysis. Also serves voicemail playback back to the Primary User's device on demand. | Caller phone numbers (hashed per-seat before metadata storage); voicemail audio (transient — held only as long as needed to hand off to MeMe Care, typically under 5 minutes, then deleted) | United States | telnyx.com/privacy-policy |
What is not shared with any subprocessor
- We do not share contacts, location, browsing history, or advertising identifiers with anyone — we do not collect them in the first place.
- Photos and audio are never stored at rest on our servers or our subprocessors'. They exist only for the seconds it takes to analyze them.
- AI explanations are returned to the Primary User's device and not stored on our servers.
- No subprocessor receives the full set of data held by any other subprocessor. Each receives only what it needs to do its specific job.
Data retention at subprocessors
- Amazon Web Services (Bedrock) — Claude Opus runs entirely inside AWS infrastructure. Per the AWS Service Terms (§75 Bedrock), Amazon does not use your inputs or outputs to train any model (Anthropic's or otherwise) and model providers (including Anthropic) do not receive your data. Photos and explanations may remain in Bedrock's ephemeral prompt cache for up to 5 minutes to serve follow-up questions about the same document, then are automatically and irreversibly purged.
- Deepgram — enterprise terms prohibit use of MeMe Care audio output for training. Synthesis happens in real time and is not retained by Deepgram.
- OpenAI — API usage under the OpenAI API data policy; we use the
store=false/ non-training API paths. No training on MeMe Care traffic. - Cloudflare — scan metadata and account records live in D1 until the account is deleted or the 90-day scan-pruning job removes them; audit logs retained 7 years; voice-cue audio in R2 retained indefinitely (static brand assets); Email Routing send logs retained per Cloudflare's standard operational window; message bodies not retained at rest beyond delivery.
- AWS S3 (backups) — encrypted DR snapshots retained per our DR plan (generally 30 days of daily backups + 12 months of monthly backups); snapshots are encrypted with keys held by MeMe Care, not AWS.
- Stripe — billing records retained per Stripe's standard lifecycle (7 years typical for tax / audit).
- Sentry — error events retained per our project-level retention setting (90 days default); no PII attached.
- Apple / Google — push tokens and payloads retained per each provider's standard push lifecycle.
- Telnyx — active only for accounts with the Voicemail Screening add-on enabled. Voicemail audio is held on Telnyx only transiently (under 5 minutes from capture through handoff to MeMe Care), then deleted from Telnyx. Hashed caller numbers may be retained in Telnyx's call-metadata logs per their standard telephony data-retention schedule; raw unhashed caller numbers are not stored by MeMe Care.
Changes to subprocessors
If we add or materially change a subprocessor in a way that affects what data is shared, we will:
- Post the update to memecare.ai/subprocessors and
docs/legal/subprocessors.md. - Announce the change in-app and via email to the Account Holder at least 30 days before the new subprocessor starts processing your data.
We may make non-material changes (a vendor reorganizes, a region expands) without prior notice, but we'll update the table here.
Questions
BNC Solutions LLC 418 Broadway, Ste. N Albany, NY 12207
A Spanish-language informational translation of this list is available at memecare.ai/subprocessors?lang=es. The English version is the authoritative document.