Trust
Security & your data
Memfect is a local-first knowledge base. Your notes live on your machine, not on our servers. Here is exactly how that works, and how to reach us if you find a security issue.
Your notes stay on your device
The Memfect desktop app stores your notes as plain Markdown files on your own computer. We do not host, sync, or back up your notes, and we cannot read them. Because they are open Markdown files, you are never locked in — your data is portable and yours for the long term.
What the website collects
We believe in saying plainly what we collect rather than burying it. On memfect.com:
- Email signups — only if you choose to give us your address for release updates. You can unsubscribe from any email in one click.
- Privacy-respecting analytics — aggregate page-view stats (Google Analytics) so we know which pages help people. No analytics run during development.
- Basic request metadata — short-lived IP/user-agent on signup as an abuse signal, automatically purged after 90 days.
Full details are in our Privacy Policy. The desktop app itself sends no usage telemetry.
How we protect the site
- HTTPS everywhere with HSTS (preloaded), and a Content-Security-Policy to contain injection.
- Brute-force lockout on login, short-lived admin tokens, and least-privilege database roles.
- Hardened, read-only production containers and an automated deploy pipeline with health-gated rollback.
- Desktop releases are code-signed and notarized (macOS) / signed (Windows) so you can trust what you install.
Reporting a vulnerability
If you believe you have found a security vulnerability in Memfect, please report it to us privately so we can fix it before it is disclosed. We welcome good-faith research and will not pursue action against researchers who follow responsible disclosure.
Contact: info@fastproducts.io
Machine-readable: /.well-known/security.txt
Please include steps to reproduce, the affected URL or component, and the impact you observed. We aim to acknowledge reports promptly.