Marrow
← Back

Marrow Privacy Policy

Last updated: June 2026

Who we are

Marrow is a personal AI companion app made by a small independent team. Our goal is to give you a genuinely private place to think, talk, and be remembered, without the tradeoffs that come with large consumer AI products.

privacy@marrowcompanion.com

What we collect

Account information
When you sign up, we store your email address, a hashed (unreadable) version of your password, and your first name. We never store your password in plain text.

Conversation data
Your messages, the AI's responses, and any voice notes you send are stored on our servers so that Marrow can remember you across sessions. This is the core of what Marrow does.

Memory data
Over time, Marrow extracts meaningful facts, themes, and patterns from your conversations and stores them as vector embeddings and a knowledge graph. These are tied to your account and used only to make Marrow's responses more relevant to you.

Usage and billing
If you subscribe, Stripe processes your payment. We receive a customer ID and subscription status from Stripe. We never see or store full card details. We log basic usage counts (messages sent) for abuse prevention.

Technical data
Standard server logs (IP address, timestamp, HTTP status code) retained for up to 30 days for security monitoring.

What we do not collect

  • Location data
  • Contacts or calendar access
  • Advertising identifiers
  • Device usage data or analytics beyond what is described above

How your data is used

Your data is used for one purpose: making Marrow work for you.

  • Conversations are processed by the Gemini language model API (Google DeepMind) to generate responses. Google's API terms prohibit using API inputs to train consumer products.
  • Memory data is stored on our infrastructure and queried on your behalf.
  • We do not sell your data. We do not share it with advertisers. We do not use it to train AI models.

Third-party services

ServicePurposePrivacy policy
Google Gemini APIAI response generationpolicies.google.com/privacy
StripePayment processingstripe.com/privacy
ResendTransactional email (verification, password reset)resend.com/privacy

No other third parties receive your data.

Data retention and deletion

You can permanently delete your account at any time from Settings → Account → Delete account. This immediately and irreversibly erases:

  • Your profile and credentials
  • All conversation history
  • All memory data (embeddings, knowledge graph, summaries)

There is no waiting period. We do not keep a shadow copy.

Stripe retains billing records as required by financial regulations. We cannot delete those on your behalf, but they contain no conversation data.

Security

  • Passwords are hashed with PBKDF2-SHA256 (240,000 iterations)
  • Data in transit is encrypted via TLS
  • Access to production systems is limited to the two-person team

Children

Marrow is not intended for users under 13. We do not knowingly collect data from children.

Your rights

Depending on where you live, you may have rights to access, correct, or export your data, in addition to the deletion right described above. Contact privacy@marrowcompanion.com for any of these requests. We will respond within 30 days.

Changes to this policy

If we make material changes, we will notify you by email and update the date at the top of this page. Continued use of the app after changes constitutes acceptance.

Contact

privacy@marrowcompanion.com