Privacy & Data

Authentication data (Google OAuth)

When you log in with Google, we receive your name, email, and profile picture. We also request the drive.file scope (restricted access) so Mnemosyne can create its own folder in your Google Drive and read/write ONLY the files it creates. We never see your other Drive files, your Gmail, your Calendar, or anything else in your Google account.

Project content (lives in your Drive)

Your refined Markdown documents are saved as files (Project_V1.md, Project_V2.md, ...) inside a Mnemosyne folder in YOUR Google Drive. Our database only stores metadata: project name, version number, creation/update timestamps, and the Drive folder ID. You can revoke Drive access or delete the folder at any time; the content never leaves your control.

AI credentials (API keys)

Your AI provider API keys (Google AI Studio, Anthropic, OpenAI) are stored exclusively in your browser's localStorage. They are never sent to our servers for storage. During AI operations, credentials are transmitted via HTTPS directly from your browser to our backend, which uses them in a single request to the AI provider and discards them immediately.

Microphone (voice capture)

When you use the voice recording feature, your browser asks for microphone permission. Audio is captured locally, pre-processed in the browser (volume normalization + silence trimming + WAV encoding), then uploaded to our backend only when you explicitly click Send. The backend forwards the audio to your chosen AI provider for transcription, then discards the bytes — nothing is stored server-side beyond the resulting Markdown, which still goes to your Drive.

Clipboard (paste + copy)

The paste button and copy button use the browser's Clipboard API. Clipboard content only leaves your machine when you explicitly click these buttons, and only for the duration of that single action. No clipboard polling, no silent reads.

What we do NOT collect

• Third-party tracking cookies or analytics
• Location data
• Payment information (we have no paid plans)
• Data from other apps or services

Your rights under GDPR

• Access (Art. 15) — Request a copy of your personal data
• Rectification (Art. 16) — Correct inaccurate data
• Erasure (Art. 17) — Request complete deletion of your data ("right to be forgotten")
• Portability (Art. 20) — Export your data in a structured format (Markdown)
• Restriction (Art. 18) — Limit the processing of your data
• Objection (Art. 21) — Contest the processing of your data

Data subject rights (Art. 18)

• Confirmation and access to data
• Correction of incomplete or outdated data
• Anonymization, blocking, or deletion of unnecessary data
• Data portability
• Deletion of data processed with consent
• Revocation of consent

Your rights under CCPA

• Know — What personal data we collect and how it is used
• Delete — Request deletion of your personal data
• Opt-out — Refuse the sale of your data (we do not sell personal data)
• Non-discrimination — Exercise your rights without unfavorable treatment

Your rights under PIPL

• Right to know and decide about processing
• Right to restrict or refuse processing
• Right to access and copy your data
• Right to correct and supplement data
• Right to delete your personal data
• Right to request explanation of processing rules