MemoFlow

English

简体中文

English

简体中文

Appearance

Terms of Service

Last updated: 2026-02-16
Effective date: 2026-02-16

These terms apply to the current functional scope of the MemoFlow client ("the Client"). Before installing, accessing, or using the Client, users should read and understand these terms in full. Continued use of the Client constitutes acceptance of these terms.

1. Parties and scope

  1. These terms are published by the MemoFlow project maintainer and apply to the Client and subsequent versions.
  2. The Client is positioned as a connection and management tool. Its core purpose is connecting to user-configured Memos services, not providing a centralized hosted account system.
  3. These terms govern usage rules and responsibility allocation for the Client only and do not replace agreements between users and third-party service providers.

2. Service nature and functional scope

Based on current implementation, the Client mainly provides:

  • Connection to user-specified Memos server for authentication, memo read/write, and sync.
  • Local storage of memo and attachment-related data (SQLite and local file directories).
  • Optional AI summary capability (selected memo content sent to user-configured AI APIs).
  • WebDAV settings sync (default root path /MemoFlow/settings/v1).
  • WebDAV encrypted local-library backup and restore (accounts/{id}/backup/v1).
  • Optional location, image bed upload, third-party sharing, import/export, log export, and update announcement fetch.

3. User eligibility and account responsibility

  1. Users should have the legal capacity required and ensure usage complies with applicable laws and regulations.
  2. Users should ensure server addresses, account credentials, tokens, and API keys are valid, lawful, and authorized for use.
  3. Users are solely responsible for credential safekeeping and must not disclose them to unrelated parties. Losses caused by poor credential management are borne by users.

4. Authentication and access control

  1. The Client supports password login and token/PAT modes. Related credentials are stored via secure storage mechanism (flutter_secure_storage).
  2. For server flows where token plaintext is returned only once, users should retain it by themselves. The Client does not guarantee future retrieval of the same token plaintext.
  3. The project maintainer does not host user account systems and does not control server-side authentication policies of user Memos instances.

5. Third-party services and dependencies

The Client can connect to the following third-party capabilities, configured voluntarily by users:

  1. Memos service: primary memo data read/write and sync.
  2. AI service: AI summary requests sent to user-configured API endpoints.
  3. WebDAV service: settings sync and backup storage.
  4. Map service: reverse geocoding through Amap Web API when location is enabled.
  5. Image bed service: image and auth data transfer when image upload is enabled.
  6. Update config sources: public URLs used to fetch announcement config.

Users should comply with terms, privacy policies, and billing rules of all third-party services they use.

6. Data handling and local storage boundaries

  1. The Client stores business data, settings, logs, and exported files locally on user devices.
  2. Current code does not implement automatic upload of user memo or log data to maintainer-owned servers.
  3. When users manually trigger share, export, log submission, or third-party uploads, related data leaves local environment according to user actions.

7. Sync and backup statements

  1. WebDAV settings sync synchronizes app setting files and is a file-level synchronization mechanism.
  2. WebDAV local-library backup uploads data after client-side encryption (PBKDF2 + AES-GCM + HKDF).
  3. Backup passwords are managed by users. If remember-password is enabled, password is stored in secure storage.
  4. Sync and backup are affected by network, third-party availability, and device state. The Client does not guarantee absolute success rate or completeness.
  5. Users should keep independent backup strategy and periodically verify restore usability.

8. Security notice and risk disclosure

  1. Current Android manifest permits cleartext traffic (usesCleartextTraffic=true). When users configure http:// endpoints, encrypted transport may not be present.
  2. The project maintainer recommends using only https:// endpoints for Memos, WebDAV, AI, image bed, and other external services.
  3. Device-side risks such as root/jailbreak, debug injection, malware, and OS vulnerabilities are outside maintainer control.
  4. Although logs include sanitization logic, users should still manually review sensitive content before export/submission.

9. Permission usage (Android)

According to current code and manifest, the Client may request:

  • Network, notification, and reminder related permissions (including boot restore and exact alarms).
  • Camera, microphone, and location permissions (triggered by specific features).
  • Storage/gallery related permissions (depending on OS version and user action).

Users may revoke permissions via system settings. Related features may become limited or unavailable after revocation.

10. User content and compliance

  1. Users bear full legal responsibility for content created, imported, uploaded, synced, or shared via the Client.
  2. Users should ensure content does not infringe third-party rights, including intellectual property, privacy, and reputation rights.
  3. Users must not use the Client for illegal activities, and must not interfere with or abuse third-party service interfaces.

11. Intellectual property

  1. Intellectual property rights of Client software code, docs, and related identifiers are governed by open-source license and applicable law.
  2. Users retain rights to their own memo content. Users grant the Client limited technical authorization required for local storage, sync, encryption, and export operations.

12. Fees and billing responsibility

  1. Current code does not implement mandatory subscription or automatic charging.
  2. Any third-party costs (cloud services, model calls, object storage, network traffic, etc.) are borne by users.

13. Disclaimer

  1. The Client is provided on an "as-is" basis. No explicit or implied warranty is made regarding uninterrupted availability, fitness, or error-free operation.
  2. To the maximum extent allowed by law, maintainer is not liable for losses caused by third-party outages, network interruption, system constraints, configuration errors, user misoperation, or force majeure.
  3. To the maximum extent allowed by law, maintainer is not liable for indirect damages, expected-benefit loss, or data-loss consequences.

14. Limitation of liability

To the maximum extent allowed by law, total liability for any claim is limited to direct consideration paid by users for the Client (if any). If no direct consideration exists, minimum legal liability scope applies.

15. Terms updates and notice

  1. The maintainer may update these terms due to feature iteration, compliance requirements, or operational needs.
  2. Updated versions are published on help documentation pages with updated timestamp.
  3. Continued use after updates constitutes acceptance of revised terms.

16. Suspension and termination

  1. Users may stop using the Client at any time and may delete local data/configuration by themselves.
  2. For illegal or abusive usage, the maintainer may suspend or restrict related support within legal scope.

17. Governing law and dispute resolution

  1. Formation, performance, interpretation, and dispute resolution of these terms are governed by the laws of the People's Republic of China (excluding conflict-of-law rules; mandatory legal rules prevail where applicable).
  2. Disputes should be resolved through friendly negotiation first. If negotiation fails, either party may submit dispute to a competent people's court.

18. Contact

These terms are written based on current repository implementation. If feature boundaries change, this document will be updated accordingly.