Privacy Policy

Introduction

MemofyAI ("the App") is a note-structuring app designed with user privacy as a top priority. This Privacy Policy explains how information is handled within the App.

AI Processing

The App offers two AI processing modes. Before your input text is ever transmitted to a third-party AI service, the App displays an explicit in-app consent dialog the first time you choose Cloud AI Mode. No text is sent to any cloud AI service without your explicit consent.

• On-Device Mode: Your input text and generated results are processed entirely on your device and are never transmitted to external servers. Once the AI model has been downloaded, the App can be used offline.
• Cloud AI Mode (Fast Mode): To accelerate structuring, your input text is forwarded through the App's backend server (an Edge Function provided by Supabase Inc.) to the Google Gemini API operated by Google LLC (generative AI model: Gemini 2.5 Flash), and the result is returned to your device.
  • Data sent: Only the text you input
  • Data NOT sent: User account information, device identifiers, location, or any other personal information
  • Retention: Neither the App nor the backend server (Supabase) persists the transmitted content. Handling by the Google Gemini API is governed by Google LLC's own privacy policy
  • Consent: Explicit in-app consent is required the first time Cloud AI Mode is used. Consent state is stored locally on your device and can be changed anytime by switching modes in Settings

If you wish to avoid external transmission, please use On-Device Mode.

Information We Collect

1. Usage Data (Firebase Analytics)

To improve the App, we collect the following anonymized usage data through Firebase Analytics:

• Feature usage (how often each feature is used, processing time, etc.)
• Anonymized aggregates of user interactions (screen views, key button taps, etc.)
• Technical events (error occurrence locations and types, etc.)

2. Crash Reports (Firebase Crashlytics)

To improve App stability, the following information is automatically collected when a crash occurs:

• Stack traces (technical information about the error location)
• Device model and OS version
• App version

3. Remote Configuration (Firebase Remote Config)

We use Firebase Remote Config to optimize App settings. This retrieves configuration values from a server and does not transmit any personal user information.

4. Data Stored on Your Device

The following data is stored only on your device and is never transmitted externally:

• Input text
• AI-generated structured notes (Markdown files)
• App settings (selected AI mode, selected AI model, Obsidian folder selection, etc.)
• Downloaded AI model files

External Transmission in Cloud AI Mode

When you choose Cloud AI Mode (Fast Mode) for a conversion, your input text is forwarded as follows:

1. App → the App's backend server (Edge Function gemini-proxy provided by Supabase Inc.) over HTTPS
2. Backend server → Google Gemini API operated by Google LLC (generativelanguage.googleapis.com)

Data Sent

• The text you input (including text extracted via OCR)
• A non-personal instruction prompt for the AI model
• Inference parameters (model name, temperature, etc.)

Data NOT Sent

• User account information, ID, or email address
• Device identifiers, IDFA / IDFV, Firebase Instance ID
• Location, contacts, or any other content from your photo library

When Consent Is Obtained

The first time you use Cloud AI Mode, the App displays an explicit in-app consent dialog. Your input text will not be transmitted externally unless you tap "Agree". Consent state is stored locally on your device.

Retention

• The App and the backend server (Supabase): Never persisted. Discarded from memory after the request completes
• Google Gemini API: Governed by Google LLC's privacy policy and the Gemini API Terms of Service

If you prefer not to transmit any data externally, switch to On-Device Mode from the settings screen. In On-Device Mode, your input text is never transmitted outside your device.

Obsidian Integration (iOS Only)

If you choose to use the Obsidian integration feature:

• Markdown files are appended to a local folder that you have explicitly selected (via iOS security-scoped bookmarks)
• The destination is local storage on your device only; the App itself does not transmit these files to any cloud service
• This feature is not available on Android
• You can revoke the selected folder at any time from the settings screen

Camera and Photo Library Access

The App may request access to your camera and photo library for OCR (text recognition from images) functionality.

• Captured or selected images are used solely for text recognition processing
• Image text recognition is performed on your device (using on-device image text recognition technology)
• Temporary files are automatically deleted after processing
• Images are never uploaded to external servers

Remote Configuration-Based Feature Control

To maintain service stability and respond to critical issues, the App may display the following screens based on server-side configuration:

• Maintenance screen (notice of temporary service suspension)
• Force-update screen (restricting the use of older versions after critical bug fixes)
• Optional-update notification (announcements for new versions)

Only your current app version on the device is used for these checks; no personally identifiable information is transmitted to the server. The number of times these screens are displayed is aggregated as anonymous statistics.

Third-Party Data Sharing

We do not sell or share the data we collect with third parties. However, the App uses the following third-party services. Please also review each provider's privacy policy.

• Google LLC (Firebase services): Used for usage analytics (Firebase Analytics), crash reporting (Firebase Crashlytics), and remote configuration (Firebase Remote Config).
  • Google Privacy Policy
  • Firebase Privacy and Security
• Google LLC (Google Gemini API): When Cloud AI Mode is used, your input text is transmitted to the Google Gemini API (generative AI model: Gemini 2.5 Flash) for inference. Processing on the Google Gemini API is subject to Google's privacy policy and the Gemini API Terms of Service.
  • Google Gemini API Additional Terms of Service
  • Google Privacy Policy
• Supabase Inc. (backend proxy): Provides the backend Edge Function that forwards requests to the Google Gemini API described above. The Edge Function used by the App does not persist request content.
  • Supabase Privacy Policy

Data Retention

• Firebase Analytics data: Retained per Google's standard retention period (14 months)
• Firebase Crashlytics data: Retained for 90 days
• Input text transmitted in Cloud AI Mode: Not persistently retained by the App or its backend server (Supabase). Handling by the Google Gemini API is governed by Google LLC's policies
• Cloud AI consent state: Stored locally on the device until you uninstall the App or switch modes in Settings
• On-device data: Retained until the user deletes the App

Your Rights

• Data Deletion: Uninstalling the App deletes all data stored on your device (including the cloud AI consent flag)
• Stop Using Cloud AI Mode: Switching to On-Device Mode in the settings prevents any subsequent input text from being transmitted externally. The consent flag itself can be reset by reinstalling the App or clearing its data
• Disconnect Obsidian Integration: You can revoke the selected folder at any time from the settings screen
• Opt-out of Analytics: You can disable Firebase Analytics data collection through your device settings
• Access Permissions: Camera and photo library access can be revoked at any time through your device settings

Data Deletion Request

Users of MemofyAI (the "App") can request the deletion of data collected and retained by the App and its related backend services.

Data That Is Deleted / Retained

• On-device data (input text / generated Markdown / settings / downloaded AI models): All data is immediately deleted when the App is uninstalled. No additional request is needed.
• Firebase Analytics usage data (anonymized events and feature-usage statistics): Can be deleted upon request to the developer. Standard retention is 14 months, after which data is auto-deleted.
• Firebase Crashlytics crash reports: Can be deleted upon request to the developer. Standard retention is 90 days, after which data is auto-deleted.
• Input text transmitted in Cloud AI Mode: Neither the App nor its backend server (Supabase) persistently stores this data, so no retained data exists to delete. For data handled by the Google Gemini API, please contact Google LLC's support.

Deletion Request Procedure

1. Send an email to the address below with the subject "MemofyAI Data Deletion Request".
2. In the body, please provide any available identifying information such as Firebase Instance ID, OS, app version, and approximate first-use date (complete identification may not be possible due to the anonymized aggregation).
3. The developer will process the Firebase-side data deletion within 30 days of receipt and send a confirmation email upon completion.

Send to: studioapp.develop@gmail.com

Children's Privacy

This App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Privacy Policy

This Privacy Policy may be updated as needed. If significant changes are made, we will notify users within the App.

Contact Us

If you have any questions or concerns about privacy, please contact us at:

Email: studioapp.develop@gmail.com