Privacy Policy

Last updated: 2026-02-16

This policy applies to the MemoFlow client (current repository implementation, mainly Android platform). MemoFlow is designed to connect user-managed Memos services and does not provide a centralized hosted account system.

1. Types of data processed

1.1 Account and connection data

• Memos server address (Base URL)
• Basic account profile returned by Memos service
• Access token (PAT / Access Token)
• Username and password entered during password login flow (used only for sign-in and token exchange)

Notes:

• Password is used only for login requests and is not stored as long-term plaintext credential.
• Account state and token data are written to device secure storage (flutter_secure_storage).

1.2 Memo and business data (local)

• Memo body, tags, visibility, timestamps, status
• Attachment metadata (filename, type, size, external link, etc.)
• Location data (optional): place placeholder text, latitude, longitude
• Reminder data, sync queue, import history, statistics cache, etc.

Notes:

• These data are mainly stored in local SQLite database.
• Local attachments and audio files are stored in app-local directories.

1.3 Feature settings data

• AI settings (API URL, API Key, model, prompt, user profile, quick prompts)
• Image bed settings (service URL, account, password, strategy, token)
• WebDAV settings (service URL, auth data, backup plan)
• Location settings (toggle, Amap key, precision)
• App lock settings (password hash and salt, no plaintext password)
• Draft content

Notes:

• These settings are mainly written to device secure storage.
• Some preference items use both secure storage and app-private fallback files.

1.4 Diagnostic and log data

• Debug logs and network request/response logs (toggle in settings)
• Log files are kept locally and not auto-uploaded

Notes:

• Log module applies sanitization/cropping for token, cookie, password, coordinates, content body, etc.
• Before manual log export or submission, sensitive data should still be reviewed by user.

2. Data transmission destinations

2.1 User-configured Memos server

MemoFlow sends required requests to the user-provided Memos server for login, sync, reading, and writing memos/attachments.

Important notice:

• Android manifest allows cleartext traffic (usesCleartextTraffic=true).
• With http://, transport-layer encryption is not guaranteed; https:// is recommended.

2.2 User-configured AI service API

When AI Summary is enabled, the client sends selected memo text and prompt data to the user-configured AI API (for example OpenAI/Anthropic-compatible endpoints).

Payload may include:

• Time range and count metadata
• Memo text (current implementation cap is about 12000 characters)
• User profile and supplemental prompt
• Inclusion of private memos based on toggle setting

2.3 Amap geocoding API (optional)

If location is enabled and Amap key is configured, client sends coordinates to Amap Web API for reverse geocoding.

2.4 WebDAV (user-configured service)

MemoFlow provides two WebDAV modes:

1. Settings sync (/settings/v1)

• Sync payload is JSON files (preferences, AI settings, image bed settings, location settings, app lock snapshot, draft, etc.)
• This is file synchronization, not end-to-end encrypted backup

2. Local library backup (/backup/v1)

• Client-side encryption flow: PBKDF2 + AES-GCM + HKDF
• Backup files, object chunks, and index are uploaded only after encryption
• If "remember backup password" is enabled, password is stored in device secure storage

2.5 Image bed service (optional)

When image bed upload is enabled, image data and required auth info are sent to the configured image bed service (for example Lsky).

2.6 Update announcement config sources

Client requests public config URLs for update/announcement JSON, used for version announcements and notice display.

3. Permission usage (Android)

• INTERNET: access Memos, AI, WebDAV, image bed, update config
• POST_NOTIFICATIONS, SCHEDULE_EXACT_ALARM, RECEIVE_BOOT_COMPLETED: reminders and reboot restore
• REQUEST_IGNORE_BATTERY_OPTIMIZATIONS: improve reminder reliability under system constraints
• VIBRATE: haptic feedback
• CAMERA: photo attachment
• RECORD_AUDIO: audio attachment
• ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION: location recording
• Storage/gallery permissions: image save, import/export, shared-file read (triggered by OS version and user action)

4. Behaviors not found in current code scope

• No integration of Firebase Analytics, Sentry, Crashlytics, Mixpanel, or similar telemetry/crash upload SDKs
• Memo body is not sent to AI services unless AI features are explicitly used
• Local logs are not automatically uploaded to project maintainer servers

5. User controls

Within the app, users can control or revoke:

• Third-party share toggle
• Whether private memos are included in AI Summary
• Network request/response log toggle
• System permissions (location, microphone, camera, notifications, etc.)
• WebDAV settings sync toggle and encrypted backup toggle
• Backup password remember toggle

Users can also:

• Remove account and clear corresponding local cache
• Clear local library, delete local attachments and log files
• Migrate data via import/export flow

6. Security recommendations

• Prefer HTTPS endpoints for Memos / WebDAV / image bed / AI services
• Keep tokens and API keys private, do not expose in public channels
• Before log submission, sharing, or third-party integration, verify data destinations

7. Minor users

MemoFlow is a general productivity tool. Minors should use it under guardian guidance.

8. Policy updates and contact

If feature scope or data handling changes, this page will be updated accordingly.
For privacy-related questions, use:

• GitHub: https://github.com/hzc073/memoflow/issues/new
• Help page: /en/help/contact