Privacy Policy — Memorist

Last updated: March 2026

This Privacy Policy explains how Memorist (“Memorist,” “we,” “our,” or “us”) collects, uses, stores, and protects your information. By using the Memorist app (“App”), you agree to the practices described in this Privacy Policy.

Memorist is a private journaling and reflection tool. Your entries, prompts, photos, and relationship notes are personal and are not shared publicly or with other users.

Memorist is free to use. You can get started in Guest Mode without creating an account, or create a free account for the full core experience. An optional Subscription is available to unlock advanced features such as additional photos, calendar feed, push notifications, daily reminders, data export, and Stats. This Privacy Policy applies equally to all users regardless of tier. Where data practices differ, we note them explicitly below.

1. Information We Collect

We collect the minimum information necessary to operate the App, protect your data, and improve functionality.

1.1 Account Information

Sign in with Apple: To create a Memorist account, you sign in with your Apple ID using Sign in with Apple. This is the only method for creating new accounts.

When you sign in with Apple, we receive:

An Apple ID user identifier token (used to authenticate your identity),
An email address provided by Apple (either your real email or an Apple Private Relay address if you chose “Hide My Email”).

How authentication works: Your Apple ID token is passed to Firebase Authentication (provided by Google), which serves as our backend identity and session management layer. Firebase Auth validates your Apple ID token, creates and manages your user identity, and issues your session. The data flow is: Apple (identity provider) → Firebase Auth (identity and session management) → Firestore (user profile storage).

We store the Apple-provided email address in your user profile for account identification purposes only. We do not use it for marketing, advertising, or communications. If you chose “Hide My Email,” the stored address is a private relay address controlled by Apple (e.g., abc123@privaterelay.appleid.com).

Unified identity: Because Memorist uses Sign in with Apple for authentication and Apple’s iCloud Keychain for encryption key storage, your sign-in identity and your encryption key identity are unified under the same Apple ID. This eliminates the need for separate identity systems and simplifies your security posture. See Section 5 for details on encryption.

Legacy phone authentication: Before March 2026, Memorist used phone number verification (SMS one-time password) for account creation. If you created your account using phone verification before March 2026, your phone number may still be associated with your account. You will be prompted to link your Apple ID when you next open the app. Phone sign-in remains available as a fallback for returning users who have not yet migrated. New accounts require Sign in with Apple.

Guest Mode: You may begin using Memorist without creating an account. In Guest Mode, we do not collect an Apple ID, email address, or any personally identifiable information. Your session is anonymous, identified only by a randomly generated, app-specific identifier (not a hardware or advertising identifier). Guest Mode includes up to 30 entries total (including both event entries and daily journal entries). To continue beyond this point, you will need to create a free account by signing in with your Apple ID. When you do, your existing Guest Mode data is automatically preserved and linked to your new account.

Age verification: When you create an account, you confirm that you are 13 years or older. Apple requires users to be at least 13 years old to have an Apple ID in most regions, which aligns with Memorist’s age requirement and provides an additional verification layer. We do not collect government-issued identification or perform independent age verification beyond Apple’s own policies and user attestation at account creation.

1.2 User-Generated Content

Entries are the primary content you create in Memorist. There are two types: event entries (associated with a specific event) and daily journal entries (associated with a day).

Content you create in the App includes:

entries (event entries and daily journal entries),
written reflections,
relationship Tempo™ settings,
tags for People, Places, or Things,
photos or media you attach to event entries (up to 1 photo per event entry in Guest Mode and Free tier; up to 10 photos per event entry with an active subscription),
metadata associated with entries (dates, timestamps).

You retain ownership of your content.

We process this information solely to:

operate core app features,
sync data across devices,
provide reminders or internal insights (e.g., relationship cadence),
support backups.

Important: All user-generated content is protected by end-to-end encryption (E2EE). See Section 5 for details.

1.3 Device & Technical Data

Automatically collected in limited form to improve reliability:

device model and OS version,
app version,
diagnostics and crash logs,
performance metrics.

We do not collect precise location unless you voluntarily enter it as part of an entry or tag.

Crash reporting: We use Firebase Crashlytics (provided by Google) to detect and fix app crashes. Crash reports are anonymized and do not contain your journal content.

Analytics metadata: When analytics is enabled (you can disable it in Settings), we collect anonymized usage patterns such as which screens you visit and which features you use. We do not collect the text of your entries or events. See Section 10 for details about analytics and your control over it.

What we cannot see: All user-generated content is protected by end-to-end encryption. See Section 5 for a complete breakdown of what is encrypted versus what queryable metadata we store.

1.4 Subscription and Payment Data

Memorist subscriptions are managed via Apple’s App Store.

We do not receive or store:

full billing information,
payment card numbers,
Apple ID passwords or account credentials (we receive only authentication tokens and an email address via Sign in with Apple; see Section 1.1).

We may receive anonymized subscription status (active, expired, plan tier) to activate features.

Service tiers:

Guest Mode: No account or payment required. Core features with limits described in Section 1.1.
Free tier: Account required (Sign in with Apple). No payment required. Unlimited entries with core features.
Subscription: Optional. Unlocks advanced features including additional photos per event, calendar feed, push notifications, daily reminders, data export, and Stats.

Subscription details:

Subscription pricing is displayed in the App Store and may vary by region
A free trial period may be available for new subscribers, as shown in the App Store at the time of purchase
Billing and trial management are handled entirely by Apple through your Apple ID
Cancel anytime via App Store settings

2. How We Use Your Information

We use your data only to provide you with a secure and meaningful journaling experience.

Specifically, we use it to:

Create and manage your account (or anonymous session in Guest Mode)
Sync and store your personal entries and media
Provide relationship Tempo reminders
Support app stability and performance
Communicate with you about updates or system notices
Maintain account security
Detect fraud or suspicious activity
Apply tier-based feature availability (e.g., entry limits in Guest Mode, photo limits per tier)

We do not:

Sell your data
Use your entries to train public AI models
Share journal content with advertisers
Publish anything you write
Display your content publicly

Subscription features and data implications: Certain features are available only with an active subscription: calendar feed, push notifications, daily reminders, export for backup, and Stats. These features are visible in Settings for all users but enabled only for subscribers.

When you subscribe and enable push notifications or daily reminders, we collect a device token (via Firebase Cloud Messaging and Apple Push Notification service) and your notification preferences. If you disable notifications or your subscription lapses, we stop delivering notifications and may delete the associated device token and preferences.

The Stats feature is available only to subscribers. Stats do not introduce any new data collection. Stats processing happens entirely on your device, using your existing encrypted content and queryable metadata (see Section 5). No Stats data is sent to our servers.

Analytics in Guest Mode: Guest Mode users are subject to the same analytics controls as account holders. Analytics may be enabled or disabled in Settings. When disabled, no analytics events are sent to Firebase, regardless of whether you have an account. See Section 10 for full details.

3. Sharing Your Data

We do not sell, trade, or position your personal data for marketing purposes.

We may share limited information:

3.1 Service Providers

To deliver App functionality securely, we work with the following service providers:

Firebase (Google LLC)

Authentication (validates Sign in with Apple tokens, manages user identity and sessions; phone number verification for legacy accounts created before March 2026)
Cloud storage (Firestore database)
File storage (Firebase Storage for encrypted photos)
Analytics (Firebase Analytics / Google Analytics 4; optional, can be disabled in Settings)
Cloud messaging (push notifications via Firebase Cloud Messaging)
App security (Firebase App Check with Apple DeviceCheck)
Backend functions (Firebase Cloud Functions)

Apple Inc.

Sign in with Apple (identity provider and authentication)
Subscription management (StoreKit 2)
Payment processing (App Store)
Push notification delivery (Apple Push Notification service)
Encryption key synchronization (iCloud Keychain)
Device attestation (DeviceCheck)

How authentication works: Apple acts as the identity provider via Sign in with Apple. When you sign in, Apple provides an authentication token to Firebase Auth (Google), which validates the token, creates and manages your user identity, and issues your session. Firebase Auth serves as an intermediary identity and session management layer — it does not independently verify your identity. Your user profile (including your Apple-provided email address) is then stored in Firestore.

Important: These providers are bound by confidentiality agreements and can only process data on our behalf. Firebase stores only encrypted ciphertext for your content (see Section 5: End-to-End Encryption).

3.2 Legal Compliance

We may disclose information if required by law, court order, or governmental request, but only to the extent legally necessary.

4. Data Storage and Security

We take reasonable technical and organizational steps to protect your information.

End-to-end encryption is a core design principle of Memorist, not an optional feature.

Examples may include:

encryption in transit (TLS/HTTPS),
encryption in storage (AES-GCM),
access controls,
secure backups.

End-to-end encryption (E2EE): All entries (event entries and daily journal entries), photos attached to event entries, and tags are encrypted on your device before syncing to our servers. We never have access to your readable content. See Section 5 for complete details.

No method of digital storage or transmission is 100% secure. You use the App at your own risk.

5. End-to-End Encryption

Your journals, events, and photos are encrypted so only you can read them — not even Memorist.

Memorist uses industry-standard end-to-end encryption (E2EE) to protect your content. This means that all content you create, store, or sync via Memorist is encrypted on your device before it leaves your hands. Only you hold the encryption keys.

Unified identity: With Sign in with Apple, your authentication identity and your encryption key storage are now unified under the same Apple ID. Your sign-in is handled by Apple, and your encryption keys are stored in Apple’s iCloud Keychain — both tied to the same Apple ID. This eliminates the previous separation between your sign-in identity and your encryption key identity, simplifying your security posture and reducing the risk of identity mismatch.

What makes E2EE different

Most apps say “encrypted” but mean they encrypt your data on their servers — where they still hold the keys and can technically read your content.

With E2EE:

We never have access to your encryption keys or the readable content of your data
What we store on our servers is encrypted ciphertext — meaningless bytes without your personal encryption key
No one else can access your content — not our staff, not hackers, not governments (unless they have your device and passcode)

What is encrypted

Fully encrypted (unreadable to us):

Daily journal entries: Full text including moods, highlights, challenges, gratitude, and daily intentions
Event descriptions and notes: What you write about each event
Location names: Where events take place
People’s names: Names mentioned in events
Tag names: Names of all your People, Place, and Thing tags
Photos: Encrypted before upload to Firebase Storage (ciphertext stored)
Redaction flags: Whether specific events are marked private

These are stored in encrypted envelopes (labeled enc in our database). Without your encryption key, they are meaningless bytes.

What is NOT encrypted (queryable metadata)

Even with E2EE, we store some metadata in queryable form to enable core app functionality. This metadata cannot be used to reconstruct your content, but it does reveal patterns about your usage.

Account information:

Your Apple ID identifier and Apple-provided email address (authentication) — for users who sign in with Apple
Your phone number (authentication) — for legacy users who created accounts before March 2026 and have not yet migrated to Sign in with Apple
Apple migration status (whether your Apple ID has been linked to your account)
Account creation date
Last sign-in date

Event metadata (for timeline sorting and recurrence):

Event date and time (timestamp)
All-day flag
Duration
Timezone
Creation and update timestamps
Recurrence pattern (daily, weekly, monthly, yearly)
Series and exception markers (for recurring events)
Soft-delete markers

Entry metadata (for daily journal sorting):

Entry date
Creation and update timestamps
Soft-delete markers

Photo metadata:

Photo URLs (ciphertext stored in Firebase Storage)
Thumbnail URLs
Encrypted blob headers (needed for decryption)

Tag metadata:

Tag type classification (Person, Place, or Thing)
Usage statistics (count, last used date)
Tag associations via UUID (which events/entries use which tags)

Important: Tag names themselves are fully encrypted. We only store UUID references that link tags to content. An attacker with access to our database could see “Event A uses Tag B” but not what Tag B’s name is.

Can metadata be used to reconstruct your content?

No. The queryable metadata we store (timestamps, recurrence patterns, tag UUIDs) cannot be used to reconstruct your journal entries, event descriptions, or any readable content. Here’s why:

Timestamps tell us when you created something, not what it says
Recurrence patterns tell us an event repeats, not what the event is about
Tag UUIDs are random identifiers that link to encrypted tag names—without the encryption key, they’re meaningless

Without your encryption key (stored in your iCloud Keychain), all content remains permanently unreadable ciphertext.

What we explicitly do NOT store:

Journal entry content (fully encrypted)
Event descriptions and notes (fully encrypted)
Location names (fully encrypted)
People’s names in events (fully encrypted)
Tag names (fully encrypted)
Any form of your readable content

Why this metadata is necessary:

Timeline sorting requires timestamps
Recurrence projection requires pattern information
Multi-device sync requires update timestamps
Tag library requires usage statistics

This is the trade-off of a functional E2EE journaling app: we need minimal metadata to provide features like timeline sorting and recurring events, but we never have access to what you actually write.

Important exception: Calendar Feed (optional export)

The Calendar Feed is available only with an active subscription. It is visible in Settings for all users but enabled only for subscribers. If you are a subscriber and enable the Calendar Feed (Settings → Calendar Feed), you are explicitly choosing to create a plaintext export of your Events for use with third-party calendar apps like Apple Calendar or Google Calendar. This feature does not change how your data is encrypted — it creates an additional plaintext copy specifically for calendar app compatibility.

Why plaintext? Third-party calendar apps cannot decrypt E2EE content. So when you enable this feature, you’re trading E2EE protection for calendar app compatibility.

What gets exported:

Event entries only — daily journal entries are NEVER included
Tags are NEVER exported
The Calendar Feed is disabled by default — you must opt in

How your encryption works

Your encryption key is generated automatically on your device when you first create content. This key is stored in your iCloud Keychain — Apple’s secure, encrypted key storage system.

Benefits:

Your encryption key syncs seamlessly to your other Apple devices (iPhone, iPad, Mac)
You can access your encrypted content on any device signed into your iCloud account
Your key is protected by your device passcode and biometrics (Face ID/Touch ID)

Important to know:

Memorist uses iCloud Keychain to sync your encryption key across your devices
If you sign out of iCloud, disable iCloud Keychain, or lose access to your Apple ID, your encrypted content cannot be decrypted
We cannot recover your data for you — this is by design to ensure true privacy
If you need to access your data on a new device, make sure you’re signed into the same iCloud account
App uninstall: Uninstalling Memorist does not delete your encryption keys from iCloud Keychain. Keys persist and will be available if you reinstall the app on any device signed into the same iCloud account

Your Responsibility: Backups and Key Management

Because we cannot access your encrypted content, we do not store backups of your readable data on our servers. It is your responsibility to back up your content. If you lose access to your encryption keys or devices, your content cannot be recovered by Memorist.

This is the trade-off of true end-to-end encryption: your privacy is absolute, but so is your responsibility to protect your data.

How to protect your data:

1. Enable iCloud Backup (Recommended)

Go to iPhone Settings → [Your Name] → iCloud → iCloud Backup
Turn on iCloud Backup
This backs up your local database, app settings, and encryption keys
If you lose your device, you can restore from iCloud backup and regain access to your content

2. Use Multiple Devices

Sign into Memorist on multiple Apple devices (iPhone, iPad, Mac)
Your encryption keys sync automatically via iCloud Keychain
If one device is lost, you can still access your content from another device
This provides redundancy in case one device fails

What happens if you lose access to iCloud Keychain:

You will not be able to decrypt your content
We cannot provide you with your encryption keys
Your encrypted data on our servers becomes permanently inaccessible
There is no password reset or account recovery for encryption keys

Best practices:

Keep your Apple ID credentials secure and memorable
Enable two-factor authentication on your Apple ID
Ensure at least one trusted device remains signed into your iCloud account
Use multiple Apple devices to ensure redundancy

Your Responsibility: Device Security

Because your encryption keys are stored on your device (via iCloud Keychain), the security of your Memorist content depends entirely on the security of your devices.

Since our servers cannot decrypt your content or help with recovery, you must protect your devices and keys. A compromised device means compromised journal content.

Essential security practices:

1. Use a strong device passcode

Use a 6-digit or alphanumeric passcode (not a simple 4-digit code)
Never use easily guessable codes (birthdays, “123456,” etc.)
Your device passcode protects access to iCloud Keychain (and therefore your encryption keys)

2. Enable biometric security

Use Face ID or Touch ID for quick, secure device access
This prevents shoulder surfing and unauthorized access

3. Enable device encryption

iOS devices have encryption enabled by default when you set a passcode
This ensures your local database is encrypted at rest

4. Keep your device physically secure

Don’t leave devices unlocked and unattended
Enable “Find My iPhone” to remotely wipe a lost or stolen device
If a device is stolen while unlocked, an attacker may access your Memorist content

5. Never share your device passcode

Anyone with your device passcode can access iCloud Keychain
This means they can access your Memorist encryption keys and decrypt your content

6. Keep iOS updated

Install iOS security updates promptly
Security patches protect against known vulnerabilities

What happens if your device is compromised:

If someone gains access to your unlocked device or learns your passcode, they can access your Memorist content
If your device is stolen while unlocked, immediately use “Find My iPhone” to remotely lock or erase it
If you believe your Apple ID has been compromised, change your password immediately and review which devices have access to your iCloud account

What Memorist cannot do:

We cannot remotely lock or wipe your devices
We cannot revoke access to encryption keys stored on compromised devices
We cannot decrypt your content even if you forget your device passcode (only you can access your content via your device)

Remember: Your privacy is absolute, but so is your responsibility. The same encryption that protects you from us also protects your content from recovery if you lose access to your devices or keys.

Guest Mode (Getting Started Without Creating an Account)

Even if you start using Memorist in Guest Mode (without creating an account), your data is still protected by E2EE. Your encryption key is tied to your anonymous session. End-to-end encryption applies equally to Guest Mode, Free, and Subscription users — it is a core design principle, not a paid feature.

What Guest Mode includes: Guest Mode provides core journaling features with up to 30 entries total (including both event entries and daily journal entries) and 1 photo per event entry. Certain features — calendar feed, push notifications, daily reminders, export for backup, and Stats — are visible in Settings but available only with an active subscription. You may also see a banner encouraging account creation for long-term data safety.

Creating an account from Guest Mode: When you create a free account by signing in with your Apple ID, your Guest Mode data and encryption key are automatically preserved and linked to your new account. No data is lost in this transition.

Data Export and E2EE

Memorist provides a data export feature for backup purposes (Settings → Export for backup). This feature is available only with an active subscription; it is visible in Settings for all users but enabled only for subscribers. Important: The export feature does not change how your data is encrypted. It decrypts your content on your device and produces a plaintext backup file. The export process maintains our E2EE security model:

On-device decryption: All decryption happens locally on your device using your encryption keys from iCloud Keychain
Server never sees plaintext: Your encrypted data is downloaded from our servers and decrypted only on your device
Exported file contains plaintext: The .zip file you download contains your data in readable JSON format (and optionally full-resolution photos)
Your responsibility: Once exported, you are responsible for securing the .zip file. Store it in a secure location (e.g., encrypted backup drive) and do not share it.

Important: Exported files are not encrypted. This is intentional—the export is designed so you can access your data even if you lose access to Memorist or your encryption keys. Treat exported files like you would treat your physical journal.

Technical Details

For transparency and security researchers:

Encryption algorithm: AES-GCM (256-bit keys)
Key management: Per-user Key Encryption Key (KEK) with per-item Data Encryption Keys (DEKs) using envelope encryption
Key storage: Apple iCloud Keychain with kSecAttrSynchronizable=true
Authentication: Authenticated encryption with Additional Data (AAD) binding to prevent tampering

6. Support Limitations Due to E2EE

Because of our end-to-end encryption architecture, there are important limitations on what Memorist support can help you with.

What We CANNOT Do

We cannot recover your data if you lose access to your encryption keys.

This is not a policy choice — it is a technical reality of end-to-end encryption. Your encryption keys are stored exclusively on your devices via iCloud Keychain. We do not have copies of your keys, and we cannot decrypt your content without them.

Specific scenarios where we cannot help:

× Lost Apple ID or iCloud Keychain access

If you forget your Apple ID password and cannot recover your account
If you disable iCloud Keychain and lose your local encryption keys
If you sign out of iCloud and delete the app before backing up

× Forgotten device passcode

We cannot bypass your device passcode to access encryption keys
We cannot reset or recover your encryption keys

× Account recovery after key loss

We cannot restore your encrypted content without your encryption keys
There is no master key, backdoor, or recovery mechanism
Your content becomes permanently unrecoverable

× Data access from lost or stolen devices

We cannot remotely lock or wipe your devices
We cannot revoke encryption keys from compromised devices
We cannot see what devices have access to your content

× Decryption of your content

We cannot read your journal entries, events, or notes
We cannot provide you with unencrypted copies of your data
We cannot decrypt your content even with legal orders or warrants

What We CAN Help With

✓ Technical issues and bugs

App crashes or performance problems
Sync issues (if your devices can communicate with our servers)
Feature requests and feedback

✓ Account and billing

Subscription management and cancellations
Payment issues with Apple App Store
Account deletion requests

✓ General guidance

How to enable iCloud Backup
How to use multiple devices for redundancy
Understanding how encryption works
Explaining the Calendar Feed feature

✓ Privacy and security questions

Understanding what data we collect
How E2EE protects your content
Data deletion and GDPR rights

Why This Limitation Exists

This is the fundamental trade-off of true end-to-end encryption:

You get absolute privacy → We cannot read your content, even if we wanted to.

You accept absolute responsibility → We cannot recover your content if you lose access to your keys.

Most journaling apps offer account recovery because they hold your encryption keys (or don’t encrypt at all). Memorist is different: you hold the only keys, which means you are the only one who can unlock your content.

Before You Contact Support

If you’re experiencing issues accessing your content, please check:

Are you signed into iCloud? (Settings → [Your Name])
Is iCloud Keychain enabled? (Settings → [Your Name] → iCloud → Keychain)
Are you using the same Apple ID that you used when you created your content?
Do you have iCloud Backup enabled? (Settings → [Your Name] → iCloud → iCloud Backup)
Are you signed in on other devices? Try accessing Memorist on another device signed into the same iCloud account.

If none of these steps work and you’ve lost access to your iCloud Keychain, we cannot recover your data. This is by design.

7. Your Content

Your journal entries, images, tags, and reflections are private by default.

You may:

edit,
export,
or permanently delete your content at any time, subject to system limitations.

Export formats available:

1. Full data export (.zip)

Download all your content as JSON files via Settings → Export for backup.

Export options:

All data (text only): Entries, events, and tags in JSON format (fast export)
All data + Photos: Complete backup with all images (may take time)

What’s included in full export:

Daily journal entries: Full text including moods, highlights, challenges, gratitude, daily intentions, and timestamps
Event entries: Descriptions, locations, people, tags, recurrence patterns, timestamps, and timezone info
Tags: All People, Places, and Things with full metadata (tempo/cadence, relationship types, birthdays)
Photos (optional): Full-resolution images and thumbnails, organized by parent event entry

What’s NOT included:

App settings and preferences (notifications, theme, display preferences)
Account and subscription data (managed by Apple/RevenueCat)
Integration settings (Calendar Feed configuration)
App metadata (feature flags, onboarding state)

Important security notes:

Decryption happens on your device to maintain E2EE security
Exported .zip file contains plaintext (unencrypted) data
You are responsible for securing the exported file
Store exported files in a secure location (e.g., encrypted backup drive)
Do not share exported files—they contain your unencrypted journal content

Rationale: The export focuses on your irreplaceable content (entries, including both event entries and daily journal entries). Settings and preferences are device-specific and easily reconfigurable. See Section 5 for details on how export maintains E2EE.

2. iCalendar (ICS) feed

Optional calendar feed for event entries only (plaintext, opt-in only). Daily journal entries are never included. See Section 5 for details about this plaintext export option.

Backups: Because of end-to-end encryption, we cannot back up your readable content on our servers. You are responsible for backing up your data using the export feature or other backup strategies. See Section 5 (“Your Responsibility: Backups and Key Management”) for recommended backup strategies.

If you delete your account, associated data may become permanently unrecoverable.

Account deletion: When you delete your account, all data is permanently removed immediately with no grace period or recovery option. This includes:

All encrypted content on our servers
Your authentication records
All device tokens and settings
Encryption keys on the current device (keys may persist in iCloud Keychain on other devices)

Important: Because encryption keys are stored in iCloud Keychain with sync enabled, keys may remain accessible on your other Apple devices after account deletion. Apple provides no API for us to force-delete keys from all devices. However, these keys become useless after account deletion since there is no encrypted data to decrypt.

We cannot restore your account or data after deletion.

8. Children’s Privacy

Memorist is for users 13 years and older.

We do not knowingly collect information from users under age 13.

If you believe a minor under 13 has created an account, please contact us at: hello@memorist.me

9. Third-Party Services

Memorist integrates with Apple’s systems for:

authentication,
subscription management,
billing.

Your use of Apple services is governed by Apple’s own policies.

We are not responsible for:

Apple App Store billing terms,
Apple’s identity systems,
Apple’s retention of transactional data.

10. Analytics (Minimal & Respectful)

We use Firebase Analytics (Google Analytics 4) to:

understand feature usage patterns,
detect errors,
improve design and stability.

We do not collect the text of your journal entries for analytics.

Analytics may be anonymized or aggregated before use.

Your control: You can disable analytics in Settings → Analytics. When consent is disabled, no events are sent to Firebase.

11. AI and Feature Processing

If the App analyzes or enhances content (e.g., for tagging or insights), it is strictly local on-device or private to your account.

On-device machine learning: We use Core ML (Apple’s on-device machine learning framework) for tag type classification (identifying whether a tag represents a Person, Place, or Thing). This processing happens entirely on your device. No content is sent to external servers for AI processing.

Your writing is never used to train public or external models.

If this ever changes in the future, we will obtain clear user consent.

12. Data Retention

We retain your information as long as:

your anonymous session is active (Guest Mode),
your account exists (Free and Subscription tiers),
retention is required to operate the App.

Guest Mode data retention: Guest Mode data is associated with your anonymous session and persists as long as the session remains active. If you do not create an account, your data may be subject to removal after an extended period of inactivity. We encourage Guest Mode users to create a free account to ensure long-term data preservation.

Account-based data retention (Free and Subscription): Your data is retained for as long as your account exists, regardless of subscription status. If your subscription lapses or you choose to unsubscribe, your data remains intact and accessible — only subscription-specific features (calendar feed, push notifications, daily reminders, export for backup, and Stats) are disabled. Unsubscribing never results in data loss.

When deleting your account, associated data will be removed immediately. There is no grace period or backup retention after account deletion. This is a permanent, hard delete with no recovery option.

What gets deleted:

All Firestore data (events, entries, tags, settings)
All Firebase Storage files (encrypted photos)
All Firebase Authentication records
All device tokens and notification preferences
Encryption keys on the current device

What happens to iCloud Keychain: Your encryption key in iCloud Keychain may persist on other devices after account deletion. Apple provides no API for us to force-delete keys from all devices. However, these keys become useless since there is no encrypted data to decrypt.

13. International Use

Data may be stored or processed in different regions to ensure reliability.

By using Memorist, you consent to transfer and processing of your information outside your country, as necessary to provide the service.

Firebase data location: Your data may be stored in Google Cloud Platform regions, primarily in the United States. All data stored is encrypted ciphertext (see Section 5).

Cross-border data transfers: Where required by law (including GDPR), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for international data transfers. These are legally binding commitments between data processors to protect personal data transferred outside the EU/EEA.

Important: Because your content is protected by end-to-end encryption, even if your encrypted data is transferred internationally, it remains unreadable without your encryption keys (which are stored exclusively in your iCloud Keychain).

14. Your Rights

Depending on your jurisdiction, you may have certain rights, including:

Access to your data
Correction of inaccurate data
Export or portability (iCalendar/ICS feed for events, if enabled)
Deletion (“Right to be Forgotten”)
Withdrawal of consent
Complaint to a regulatory authority

Important limitation: Due to end-to-end encryption, if you lose access to your encryption keys (via iCloud Keychain), we cannot recover your content for you. This is by design to ensure true privacy.

We will honor your rights where required by law and will do our best to support reasonable requests.

For GDPR (EU) users:

Legal basis for processing: Consent and contract performance
Data transfers: Standard Contractual Clauses (SCCs) where applicable
Contact for privacy inquiries: hello@memorist.me

For CCPA/CPRA (California) users:

Do Not Sell My Personal Information: We do not sell personal information
Right to opt-out: You can disable analytics in Settings
Categories of data collected: See Section 1
Right to delete: Available via Settings → Delete my Account

15. App Store Data Safety Disclosures

Our app store listings reflect our E2EE architecture and minimal data collection practices.

When you view Memorist in the Apple App Store or Google Play Store, you’ll see “Data Safety” or “App Privacy” labels. These disclosures are consistent with this Privacy Policy and reflect our commitment to privacy.

What we report in app stores:

Data Collected:

Account identifier: Apple ID (via Sign in with Apple); phone number for legacy accounts created before March 2026
Usage data: Anonymized analytics (optional, can be disabled in Settings)
Crash data: Anonymized crash reports for debugging

User Content:

User content: Stored and synced in encrypted form (E2EE); we cannot access or read it
Browsing history, search history, or other user-generated content — encrypted on your device and synced only as ciphertext

Data Linked to You:

Apple-provided email address (for account identification)
Phone number (for legacy accounts created before March 2026)
Analytics data (if enabled)

Data Not Linked to You:

Crash logs (anonymized)

Key statement for app stores:

“Memorist uses end-to-end encryption. Your journal entries, events, photos, and personal notes are encrypted on your device before syncing. We cannot access or read your content. Only minimal metadata (timestamps, settings) is stored to enable core functionality like timeline sorting and multi-device sync.”

Important clarification:

Even though we store your encrypted data on our servers (Firebase):

We cannot decrypt or read your content
We do not have access to your encryption keys
The data is meaningless ciphertext without your personal key
It cannot be used to identify you or reconstruct your content

For the official breakdown of what data Memorist collects and how it is linked to you, please refer to our App Privacy labels in the App Store.

Verification:

You can verify our data collection practices by:

Reviewing this Privacy Policy
Checking our App Store / Google Play listing
Examining our open-source security architecture documentation (if made available)
Contacting us with specific questions at hello@memorist.me

If you notice any discrepancy between our app store disclosures and this Privacy Policy, please contact us immediately.

16. Changes to This Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will notify you within the App or by other reasonable means.

Continued use of the App after updates indicates acceptance of the revised Policy.

17. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

Email: hello@memorist.me

Website: https://memorist.me

This Privacy Policy is effective as of March 2026 and applies to all users of the Memorist app.