Privacy Policy
Last Updated: June 19, 2026
This Privacy Policy describes how FastProducts, LLC ("we," "us," or "our") handles information in connection with the Memfect website at https://memfect.com, the Memfect desktop application, and the Memfect Web Clipper browser extension (collectively, the "Service").
Plain-language summary (not a substitute for the policy below): Memfect is local-first. Your notes live on your own device. We do not operate user accounts. We use Google Analytics on the website (https://memfect.com) to understand aggregate traffic, but the desktop app and browser extension contain no analytics. The browser extension sends clipped content only to the desktop app on your own computer, and crash reports stay on your machine. The information that can reach us is the ordinary technical data involved in serving a website and software downloads, basic website analytics — plus your email address, if you choose to sign up for release updates.
1. Information We Collect
a. Information You Provide Directly
- Email signup (optional): If you choose to sign up for release updates on our download page, we collect your email address. Alongside it, we record the page the signup came from, your IP address, your browser's user-agent string, and a timestamp — used for abuse prevention, auditing, and segmenting communications.
- Communications: If you email us (for support or feedback), we receive your email address and the contents of your message.
- We do not offer user accounts, registration, or profiles, and we do not collect payment information (the Service is currently free).
b. Information Collected Automatically
- Website and download logs: Like virtually all websites, our web servers and infrastructure providers may log IP address, browser type and version, operating system, pages visited, referring/exit URLs, and access timestamps when you visit https://memfect.com or download the software.
- Website analytics: The website uses Google Analytics (GA4) to measure aggregate traffic, such as page views, approximate location (derived from IP, which Google truncates), device and browser type, referring sources, and on-page interactions. This is used in aggregate to understand how the website is used; it runs only on https://memfect.com and is not present in the desktop app or browser extension. See Sections 3 and 4 for details and opt-out options.
- Software updates: The desktop application periodically checks our distribution infrastructure (DigitalOcean Spaces) for updates. These requests include ordinary HTTP metadata such as your IP address and the app version being checked.
- Strictly local data (never transmitted to us): Your notes, atlas contents, clipped web pages, search indexes, configuration, third-party API keys (encrypted with your operating system's secure storage), and crash dumps/error logs are stored locally on your device. Crash reporting is configured to never upload; logs are accessible to you via Help → Reveal Logs.
c. Information from Third Parties
Our website analytics provider (Google Analytics) provides us with aggregated, statistical reports about website traffic, as described in Sections 1(b), 3, and 4. We do not receive information about you from advertising partners, payment processors, or social login providers — none are integrated with the Service. Our email delivery provider may provide us with standard delivery metadata about emails we send you (such as delivery, bounce, or unsubscribe status).
2. How We Use Your Information
We use the limited information described above to:
- Provide, operate, and maintain the Service (including serving downloads and software updates);
- Send you the communications you signed up for (such as release updates) and a welcome/confirmation email, and manage your subscription preferences;
- Send administrative communications, such as security alerts or notices about changes to the Service or these policies;
- Respond to inquiries and provide support;
- Monitor for and prevent fraudulent, abusive, or unauthorized activity (e.g., brute-force protection on our infrastructure, fake or automated signups);
- Comply with legal obligations;
- Enforce our Terms of Service;
- Improve the Service;
- For any other purpose disclosed at the time of collection or with your consent.
3. Cookies and Tracking Technologies
- Strictly Necessary Cookies: The website uses session and CSRF cookies required for security and essential functionality (primarily for administrative access and form submission protection). These are not used to track you across sites.
- Analytics Cookies: The website uses Google Analytics (GA4), which sets first-party cookies (such as
_ga) to distinguish visitors and measure aggregate website usage. We do not use advertising or cross-site behavioral-advertising trackers. You can opt out by installing Google's Analytics Opt-out Browser Add-on, by blocking cookies or scripts in your browser, or by using a browser that blocks trackers. Analytics does not run in the desktop app or browser extension. - The website loads fonts from Google Fonts; your browser's request to Google's servers discloses your IP address to Google, subject to Google's privacy policy.
- Do Not Track: The Service does not currently respond to browser "Do Not Track" signals, as there is no consistent industry standard for interpreting them.
- Global Privacy Control: Because we do not sell or share personal information for cross-context behavioral advertising (see Section 12), there is no such activity for an opt-out preference signal, such as Global Privacy Control (GPC), to stop. We still honor cookie and tracking choices you make through your browser.
By using the Service, you consent to the use of cookies and similar technologies as described in this section. You can configure your browser to refuse cookies, but some features may not function.
4. Third-Party Services
- DigitalOcean (infrastructure): hosts the website, database, and software-download/update distribution.
- Resend (email delivery): if you sign up for release updates, your email address is shared with Resend, which stores it as a contact on our behalf and delivers our emails to you, subject to Resend's privacy policy.
- Google Analytics (website analytics): when you visit https://memfect.com, your browser sends standard analytics data (such as IP address, which Google Analytics 4 does not log or store and uses only transiently to derive coarse, city-level geolocation; device and browser information; pages viewed; and on-page interactions) to Google, which processes it on our behalf to provide aggregated traffic reports, subject to Google's privacy policy. We do not enable Google Signals, advertising features, or ad personalization, and we do not use analytics data to serve advertising. Analytics runs only on the website, not in the desktop app or browser extension. See Section 3 for how to opt out.
- Google Fonts (website typography).
- Optional, user-configured AI providers (desktop app): if you choose to enable AI features and supply your own API key, the note content you select for those features is sent directly from your device to your chosen provider (e.g., OpenAI, Google, Anthropic, or a local Ollama instance). We never see this traffic, and it does not pass through our servers. If you use a local model (Ollama), nothing leaves your machine.
- Browser extension: the Memfect Web Clipper sends clipped page content only to the Memfect desktop application on your own computer via the browser's native messaging mechanism. It does not transmit page content, browsing history, or any other data to us or to any remote server.
These third-party services have their own privacy policies governing their use of your information. We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you interact with through our Service.
5. Data Sharing and Disclosure
We may share the limited information we hold in these circumstances:
- Service Providers: Third parties that perform services on our behalf (e.g., infrastructure hosting and email delivery);
- Legal Compliance: When required by law, regulation, legal process, or governmental request;
- Protection of Rights: To enforce our Terms, or to protect our rights, privacy, safety, or property, and that of our users or the public;
- Business Transfers: In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy;
- With Consent: When you have given explicit consent;
- Aggregated/Anonymized Data: We may share aggregated or de-identified information that cannot reasonably identify you.
We do not sell personal information.
6. Data Retention
We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Server logs are retained on a short rotating basis. Email signup records are retained while your subscription is active; if you unsubscribe, we may retain a minimal suppression record (your email address and unsubscribe status) so we do not email you again. After any deletion request, we may retain certain information as required by law, to resolve disputes, enforce agreements, or for legitimate business purposes. We may retain aggregated or anonymized data indefinitely. Data stored locally on your device is under your control and is deleted by you.
7. Data Security
We implement commercially reasonable technical and organizational security measures designed to protect personal information, including TLS encryption for the website, OS-level encryption for locally stored API keys, and hardened infrastructure. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security. Any information you transmit to us is transmitted at your own risk. We are not responsible for unauthorized access that occurs despite our reasonable security measures, and we shall not be liable for any loss, corruption, or compromise of data to the maximum extent permitted by law. You are responsible for the security of your own devices and credentials.
8. Children's Privacy
The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at info@fastproducts.io.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to such countries. We will take reasonable steps to ensure your information is treated securely and in accordance with this Privacy Policy.
10. Email Communications and Your Choices
Signing up for updates is optional and is not required to download or use the Service. If you sign up, we send a welcome/confirmation email and occasional release updates. Every marketing or update email we send includes an unsubscribe link; you can also opt out at any time by contacting info@fastproducts.io. Unsubscribing stops marketing and update emails, but we may still send you non-promotional administrative or legal notices where necessary (for example, security notifications or material changes to these policies).
11. Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of personal information we hold about you;
- Correction: Request correction of inaccurate information;
- Deletion: Request deletion of personal information (including your email signup record);
- Portability: Request transfer of information in a machine-readable format;
- Objection: Object to certain processing activities, including direct marketing.
To exercise any of these rights, contact us at info@fastproducts.io. We may need to verify your identity before processing your request. We reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests. Note that for most users, the personal data we hold is limited to any email signup record, support correspondence, and short-lived server logs; your notes and app data are on your own device and were never in our possession.
12. California Privacy Rights (CCPA/CPRA)
California residents may have additional rights under the CCPA/CPRA, including the right to know, right to delete, right to correct, right to opt out of sale/sharing, and right to non-discrimination. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined by the CCPA/CPRA. The categories of personal information we collect are described in Section 1 (identifiers such as email address and IP address, and internet activity such as server logs and analytics data); the purposes are described in Section 2; the categories of recipients are described in Sections 4 and 5. We disclose personal information only to the service providers described in Sections 4 and 5, who are contractually limited to processing it on our behalf. We retain each category for the periods described in Section 6.
Sensitive personal information. We do not collect or process "sensitive personal information" as defined by the CCPA/CPRA (such as government identifiers, precise geolocation, racial or ethnic origin, health, biometric, or financial-account information), and we do not use any information to infer characteristics about you.
No financial incentives. We do not offer financial incentives or price or service differences in exchange for the collection, sale, or sharing of personal information.
How to exercise your rights. To exercise your California privacy rights, contact us at info@fastproducts.io. You may use an authorized agent to submit a request on your behalf; we may require the agent to provide proof of authorization and may require you to verify your own identity directly with us. We will not discriminate against you for exercising any of these rights.
13. European Privacy Rights (GDPR)
If you are in the EEA, UK, or Switzerland, you may have additional rights under the GDPR (and equivalent laws). For this processing, the data controller is FastProducts, LLC. Our legal bases for processing are: performance of a contract (providing the Service); consent (sending you the email updates you signed up for — withdrawable at any time via the unsubscribe link, and the use of analytics cookies as described in Section 3); legitimate interests (security, abuse prevention, service operation, and improvement, balanced against your rights); and legal obligation.
Subject to applicable law, you have the rights of access, rectification, erasure, restriction of processing, data portability, and objection (including objection to processing based on legitimate interests and to direct marketing), as well as the right to withdraw consent at any time without affecting processing carried out before withdrawal. We do not engage in automated decision-making or profiling that produces legal or similarly significant effects concerning you.
Because we operate from the United States, your information is transferred there and to our service providers (see Sections 4 and 9). Where required, such transfers rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or a recognized adequacy mechanism. You have the right to lodge a complaint with your local supervisory authority, though we encourage you to contact us first. To exercise your GDPR rights, contact us at info@fastproducts.io.
14. Changes to This Privacy Policy
We may update this Privacy Policy at any time. Changes are effective when posted on this page. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.
15. Contact
If you have any questions about this Privacy Policy, please contact us at info@fastproducts.io.