Memoir is a client-side web application. All processing occurs locally
in your browser. No data is transmitted to or stored on any Memoir
server, because no Memoir server exists.
Local Files
When you select images from your local device, those files are accessed
directly by your browser using standard web APIs. They are never
uploaded anywhere. They exist only in your browser's memory for the
duration of your session.
Google Drive & Google Photos
When you connect Google Drive or Google Photos, Memoir accesses your
files solely to display them within the app. Memoir follows a
client-side-only architecture:
User-Directed Access: For Google Drive, Memoir only
requests access to the specific files or folders you explicitly select
via the Google Picker. If a folder is selected, Memoir accesses the
images within that folder to include them in your slideshow. If the
user selects the sub-folder option, Memoir repeats this process for
all sub-folders within the selected folder. Memoir cannot see, read,
or search any other files or folders in your Drive.
Browser-Only Processing: Memoir requests an OAuth
access token from Google using your browser directly. This token is
stored only in your browser's temporary memory and is never sent to,
or stored on, any Memoir server.
No Persistent Storage: Memoir does not save your
access tokens, file metadata, or image data to permanent storage (such
as your hard drive, cookies, or local storage). Google OAuth tokens
are stored exclusively in temporary browser memory (RAM). While your
browser may cache images for performance, Memoir does not retain any
access to your files once the session ends, the browser tab is closed,
or the page is refreshed.
Read-Only Intent: Although Google Drive's technical
permissions may allow for broader actions, Memoir is designed to be
read-only. It does not modify, create, or delete any of your files or
photos. Google Photos enforces read-only access.
Automatic Cleanup: Session data and temporary
authentication tokens are intended to exist only for the duration of
your active browser session and are discarded when the page is
refreshed or closed.
Data Retention and Deletion
Because Memoir operates entirely within your browser (i.e.,
client-side), we do not collect or store any personal data, Google user
data, or OAuth tokens on our servers, as we have no servers. Our data
retention practices are as follows:
No Persistent Storage: Memoir operates entirely
within your browser and does not maintain server-side storage.
Consistent with our data retention policy, any personal information or
Google user data processed by Memoir exists only for the duration
needed to provide functionality during your active session and is not
retained after the session ends.
Automatic Deletion: Any data retrieved from Google
services (such as file metadata or images) is held only in your
browser’s temporary memory (RAM). This data exists only in temporary
browser memory and is discarded when your browser tab is closed or the
page is refreshed.
User Control: Since Memoir does not retain user data
on any server, session data used by Memoir exists only during your
active session and is discarded when the page is refreshed or closed.
If you have questions about data handling or believe any information
associated with Memoir should be removed, you may contact us at the
email address listed below.
Memoir's use of information received from Google APIs will adhere to the
Google API Services User Data Policy, including the Limited Use requirements.
Microsoft OneDrive
When you connect OneDrive, Memoir uses Microsoft's MSAL library to
authenticate. The access token is stored in your browser's temporary
memory (RAM) and is never sent to any Memoir server. Images are fetched
directly from OneDrive to your browser for display only. OneDrive
enforces read-only access.
Unsplash Demo Images
Demo slideshows use images from
Unsplash. When you view a demo, your browser makes requests directly to
Unsplash's CDN. Unsplash's own privacy policy applies to those requests.
Attribution links include UTM parameters identifying Memoir as the
referrer, as required by Unsplash's guidelines.
What Memoir Does Not Do
Does not collect, store, or transmit any personal data
Does not use cookies or tracking technologies
Does not display advertisements
Does not share any information with third parties beyond what is
necessary to authenticate with Google or Microsoft
Does not retain any OAuth tokens between sessions
Data Security
We prioritize protection of Google user data and any information
processed through Memoir. Although Memoir does not transmit your data to
any external server, we implement the following security procedures to
protect your interaction with Google services:
Encryption in Transit:
We use encrypted HTTPS/TLS connections to protect information
exchanged between your browser and Google APIs. These security
procedures are designed to protect the confidentiality and integrity
of Google user data during transit.
Client-Side Isolation: By using a client-side only
architecture, we eliminate the risks associated with server-side data
breaches. Your Google credentials and data never touch a Memoir
server.
Standard Web Security: Memoir relies on modern
browser security features and follows standard web application
security practices designed to protect authentication tokens and user
interactions.
Contact
Memoir is designed and maintained by Greg Stitt at
StittHub. For questions about this privacy policy, please
send an email here.