Privacy Policy

This Privacy Policy explains how Momento (“we”, “us”) collects, uses and protects information when you use our desktop application, our web platform at mymomento.gg, and any related services (together, the “Service”). By using the Service you accept the terms below.

1. Who we are

Momento is operated by the Momento team. We build a review and capture toolkit for competitive esports, primarily targeting Tier-1 organisations and their staff. The Service is not affiliated with, endorsed by, or sponsored by Riot Games, Inc., Valve Corporation, or any other game publisher.

2. Information we collect

2.1 Account information

When you create an account we collect your display name, email address and any organisation context you supply (team, role). We store hashed credentials only — we never see your plain password.

2.2 Riot Games account linkage

If you choose to link a Riot Games account, we receive and store the public identifiers exposed by the Riot Games API:

• Your Riot ID (game name + tag line)
• Your encrypted PUUID
• Your summoner identifiers for the games you opt in to (League of Legends, Teamfight Tactics)
• Public ranked tier, division, LP and recent match identifiers
• Public match metadata required to power our review features (champions, items, augments, placements, timestamps)

We do not request or store any private credentials for Riot Games services. We do not access your private messages, friends list, or any data not exposed by the official Riot Games API.

2.3 Capture data

The desktop application records gameplay footage, screenshots and in-game event logs locally on your machine. This content stays on your device unless you explicitly choose to sync it to your Momento account or share it with a teammate. We never silently upload capture data.

2.4 Usage telemetry

We collect minimal anonymised telemetry to monitor the health of the Service (page views, feature usage counts, error reports). We do not use third-party advertising or cross-site tracking technologies. No data is sold or rented to third parties.

2.5 Billing

If you subscribe to a paid plan, billing is handled by our payment processor. We store the subscription status, plan tier, billing contact and invoice references. We never store full card numbers.

3. How we use the information

• Operate, maintain and improve the Service
• Authenticate you and protect your account
• Power the review, capture and annotation features you opted into
• Provide aggregated competitive insights tied to your linked Riot account
• Communicate operational notices (security incidents, planned downtime, changes to this Policy)
• Detect and prevent abuse, automation and fraud
• Comply with applicable legal obligations

Our legal bases under the EU General Data Protection Regulation (“GDPR”) are: performance of our contract with you, your consent (for optional integrations such as Riot account linkage), our legitimate interest in running a secure Service, and our legal obligations.

4. Sharing and third parties

We share data only with the following categories of recipients:

• Infrastructure providers that host the Service (cloud compute, object storage, content delivery). These providers act as processors bound by contractual terms equivalent to ours.
• Payment processor for subscription billing.
• Riot Games API, as a read-only data source. We do not send personal data back to Riot Games beyond the standard API requests that identify the queried account.
• Authorities, only where required by a legally binding request.

We do not sell, rent or otherwise commercialise data obtained through the Riot Games API. Aggregate competitive statistics derived from public match data may be displayed within the Service but are not packaged or resold as a separate product.

5. Retention

• Account information: kept as long as your account is active, deleted within 30 days of account closure.
• Linked Riot data: refreshed regularly from the Riot Games API; cached snapshots are kept for up to 30 days.
• Capture files synced to your account: kept as long as you keep them, deleted within 7 days of your deletion request.
• Aggregate analytics: kept indefinitely in anonymised form (no individual identification possible).
• Billing records: kept for the duration legally required for tax and accounting (typically 10 years in the EU).

6. Your rights

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction granting equivalent rights, you may:

• Request a copy of the personal data we hold about you
• Have inaccurate data corrected
• Request deletion of your data (“right to be forgotten”)
• Restrict or object to certain processing
• Receive your data in a portable, machine-readable format
• Withdraw consent at any time for processing based on consent
• Unlink your Riot Games account, which deletes the related cached snapshots
• Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at the address in section 11. We respond within one month.

7. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest, restricted access controls, audit logging, and routine security reviews. No method of transmission or storage is 100% secure; we will notify affected users without undue delay if a personal data breach is likely to result in a high risk to their rights and freedoms.

8. International transfers

Some of our infrastructure providers operate servers outside the European Economic Area. Where applicable, transfers are protected by the European Commission’s Standard Contractual Clauses or an equivalent safeguard.

9. Children

The Service is not directed to children under 13, or under the age of digital consent in your jurisdiction (16 in most EU member states). We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will remove it.

10. Changes

We may update this Policy. Material changes are announced by email and within the Service at least 30 days before they take effect. The effective date at the top of this page always reflects the latest version.

11. Contact

For any privacy question or request, write to privacy@mymomento.gg.