Effective date: 1 May 2026
Last updated: 1 May 2026
DeskMemory is operated by rebelGlitch (“we”, “us”, “our”). This Privacy Policy explains how we collect, use, store, and share information when you use:
- the DeskMemory website at deskmemory.app (marketing pages, account dashboard, billing, and admin tools);
- the DeskMemory desktop application for Windows, macOS, and Linux; and
- the DeskMemory API gateway and related cloud services that power signed-in AI features.
Please read this policy carefully. By using DeskMemory, you agree to the practices described here. If you do not agree, please do not use our services.
For product questions unrelated to privacy, see our FAQ or contact us using the details at the end of this document.
1. Summary — the local-first idea
DeskMemory is designed so that your Markdown vault stays on your computer. Your notes, search index, and unsaved chat drafts are stored locally — not uploaded to us as a hosted “cloud drive”.
What does involve our servers:
- your account (email, plan, billing status, usage metering);
- AI requests you choose to send through your signed-in account (chat, summaries, web search, and vault context you attach to a message);
- website and dashboard activity needed to run the service; and
- optional marketing communications if you join our newsletter.
We do not sell your personal information. We do not use your private vault library for advertising profiling.
2. Who is responsible for your data?
Data controller: rebelGlitch (operator of DeskMemory)
Product website: https://deskmemory.app
Privacy contact: privacy@deskmemory.app
If you are in South Africa, we process personal information in line with the Protection of Personal Information Act (POPIA) where it applies. If you are in the European Economic Area or United Kingdom, we also aim to respect applicable GDPR / UK GDPR rights described in Section 14.
3. Information we collect
The information we collect depends on how you use DeskMemory.
3.1 Website visitors (no account)
When you browse public pages (home, features, pricing, FAQ, download, blog), we may process:
| Data | Purpose | Typical source |
|---|---|---|
| Server and security logs | Operate, protect, and debug the site | Netlify / hosting provider |
| Approximate location | Security, abuse prevention, and newsletter geo (see below) | IP address resolved at the edge to country / region / city (not stored as raw IP on our newsletter form) |
| Browser storage | Remember theme preference; skip repeat newsletter prompt after you subscribe | localStorage (e.g. theme, newsletter flag) |
| Essential cookies | Keep you signed in when you log into the dashboard | Supabase Auth session cookies |
We do not require an account to read marketing content or download the desktop app.
3.2 Newsletter subscribers (download gate)
If you join our mailing list before downloading (or through a future signup form), we collect:
- Full name
- Email address
- Subscription timestamp and consent text version
- Source (e.g. download page)
- Approximate location derived from your connection (ISO country code and, when available, city and region) — we do not store your raw IP address in the newsletter table
We use this information to send product updates, tips, and release notes when we enable email sending. You may unsubscribe when that feature is available; until then, contact privacy@deskmemory.app to opt out.
3.3 Account registration and authentication
When you create a DeskMemory account, we collect:
- Email address
- Password (stored by our auth provider as a secure hash — we do not store plain-text passwords)
- Account identifiers (internal user ID)
- Profile flags needed to operate the service (e.g. admin or blocked status where applicable)
We send transactional emails (confirmation, password reset, security notices) through our email delivery provider.
If you sign up with an email that already exists, we may send a notification that a sign-up was attempted — this protects existing accounts.
3.4 Dashboard, billing, and usage
When you use the signed-in dashboard at /app, we process:
| Data | Purpose |
|---|---|
| Plan and subscription status | Free, Pro, Elite; renewal dates; scheduled downgrades |
| Usage and quota | Message allowances, weighted usage, remaining balance |
| Usage logs | Request type, model/mode, token counts, web search counts, whether vault context was injected, estimated provider cost (for operations) |
| Billing records | Subscription and message-pack purchases via our payment processor |
| Support and admin actions | If you contact us or if authorised staff manage your account |
Payment details: Checkout and subscriptions are handled by Lemon Squeezy (or successor payment processor). We receive subscription status, customer references, and purchase metadata — not your full card number. Card data is processed by the payment provider under their privacy policy.
3.5 Desktop application — what stays local
On your device, DeskMemory typically stores:
- your Markdown vault (
.mdfiles in the folder you choose); - app data under
.rebel/(search embeddings index, taxonomy, local SQLite databases); - unsaved chat drafts in local SQLite until you save a thread to the vault;
- session tokens so you stay signed in;
- preferences (theme, layout, chat settings, templates, and similar).
We do not operate a cloud copy of your vault. We do not upload your entire library for hosting or training.
You are responsible for backups, disk encryption, and access control on your machine.
3.6 Desktop application — what is sent to our servers
When you are signed in and use AI features, the desktop app communicates with the DeskMemory API gateway using your account token. Depending on what you do, we may process:
| Data sent | When | Why |
|---|---|---|
| Chat messages and conversation context | You send a chat or research request | Provide AI replies |
| Vault note content you attach or inject | You select files for context or use features that include note bodies | Ground the AI in your chosen material (subject to product limits) |
| Summary / compress requests | You compress a thread or save to vault via AI | Generate summaries through the gateway |
| Web search queries | Web search is enabled (Auto / Always / Research) | Retrieve current information via search providers |
| Usage metadata | Each gateway request | Enforce plan limits, show usage in dashboard, operations and billing |
Important: Content you attach to chat is transmitted to our gateway and onward to AI and search providers for that request. Do not attach material you are not permitted to share. Remove sensitive attachments before sending.
The desktop app may also:
- check software updates (version manifest from our update service);
- download installers from GitHub Releases or our CDN/storage;
- fetch a public memory packs catalog (pack metadata and downloads — not your private notes).
3.7 Information we do not intentionally collect
- We do not require access to your contacts, photos, or unrelated files outside the vault folder you configure.
- We do not perform OCR on scanned PDFs beyond what the desktop app does locally; we do not promise cloud OCR.
- We do not use your private vault for advertising or sell email lists to third parties.
4. How we use information
We use personal information to:
- Provide the service — accounts, authentication, desktop AI features, quota enforcement, and dashboard visibility.
- Process payments — subscriptions and message packs through Lemon Squeezy.
- Communicate with you — auth emails, service notices, and (with consent) newsletter updates.
- Improve and secure DeskMemory — debugging, abuse prevention, rate limiting, and aggregated analytics.
- Comply with law — respond to lawful requests and enforce our terms.
We do not use your vault contents to train public foundation models for unrelated products. AI processing is performed to deliver your requested features through contracted providers.
5. Legal bases for processing (EEA / UK)
Where GDPR applies, we rely on:
| Processing | Legal basis |
|---|---|
| Account and service delivery | Contract — necessary to provide DeskMemory |
| Billing | Contract and legal obligation (tax/records) |
| Security, fraud prevention, rate limits | Legitimate interests — keeping users and systems safe |
| Newsletter | Consent — you submit the form voluntarily |
| Optional product analytics | Legitimate interests — improve reliability (minimised data) |
You may withdraw consent for marketing without affecting core account features.
6. Third-party service providers
We use trusted processors to run DeskMemory. They access data only as needed to perform their role:
| Provider | Role | Typical data |
|---|---|---|
| Supabase | Authentication, database, file storage for releases/catalogs | Account, usage, billing metadata, newsletter rows |
| Netlify | Website hosting | Request logs, edge geo headers |
| Lemon Squeezy | Payments and subscriptions | Billing identity, purchase events |
| Resend (or similar) | Transactional email | Email address, message content |
| GitHub | Public release hosting for installers | Download requests (see GitHub privacy policy) |
| AI providers (e.g. DeepSeek) | Chat and summaries | Prompts and attached context for your requests |
| Search providers (e.g. Linkup, Brave) | Web search in chat | Search queries |
We choose providers with appropriate security commitments. Their privacy policies govern how they handle data on their systems.
7. International transfers
DeskMemory is operated from South Africa. Our service providers may process data in the United States, European Union, or other countries. Where required, we use appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for cross-border transfers.
8. Data retention
We keep information only as long as needed:
| Category | Retention approach |
|---|---|
| Account data | While your account is active, plus a reasonable period after deletion for backups and legal needs |
| Usage logs | For billing periods and operational history; older rows may be purged per admin retention settings |
| Billing records | As required for tax, accounting, and dispute resolution |
| Newsletter | Until you unsubscribe or ask for deletion |
| Local desktop data | Under your control on your device until you delete the app or vault |
You may request deletion of your account — see Section 14. Local vault files remain on your machine unless you delete them.
9. Security
We implement technical and organisational measures appropriate to the risk, including:
- encrypted connections (HTTPS/TLS);
- hashed passwords via our auth provider;
- row-level security and role separation in our database;
- service-role keys restricted to server-side operations;
- rate limiting on sensitive public actions (e.g. newsletter signup).
No system is perfectly secure. Please use a strong unique password and keep your device updated.
10. Cookies and similar technologies
| Technology | Purpose |
|---|---|
| Authentication cookies | Keep you signed in to the dashboard |
| Theme preference | Remember light/dark mode (localStorage) |
| Newsletter convenience flag | Skip repeat download modal after you subscribe (localStorage) |
You can clear browser storage at any time; you may need to sign in again or see the newsletter prompt again.
We do not use third-party advertising cookies on the marketing site as of this policy date.
11. Children’s privacy
DeskMemory is not directed at children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact privacy@deskmemory.app and we will take appropriate steps.
12. Automated decision-making
DeskMemory uses automated systems to enforce usage quotas and prevent abuse. These do not produce legal effects about you beyond service limits (e.g. pausing AI when your message allowance is exhausted). You can view usage and upgrade or purchase packs in the dashboard.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version on deskmemory.app/privacy and update the “Last updated” date. Material changes may also be notified by email or in-app notice where appropriate.
Continued use after changes take effect constitutes acceptance of the updated policy.
14. Your rights and choices
Depending on where you live, you may have the right to:
- Access personal information we hold about you;
- Correct inaccurate data;
- Delete your account and associated cloud records;
- Object or restrict certain processing;
- Withdraw consent for marketing;
- Port certain data in a usable format;
- Lodge a complaint with a supervisory authority (e.g. the Information Regulator in South Africa or your local data protection authority).
Account settings: Use the dashboard Account page for profile-related actions where available.
Marketing opt-out: Email privacy@deskmemory.app with the address you subscribed with.
Local data: To remove vault or chat draft data, delete files or the app on your device.
We will respond to verified requests within reasonable timeframes required by law.
15. California privacy notice (summary)
If you are a California resident, you may have additional rights under the CCPA/CPRA, including knowing what categories of personal information we collect, requesting deletion, and not receiving discriminatory treatment for exercising rights. We do not sell personal information as defined by California law.
16. Contact us
Privacy enquiries: privacy@deskmemory.app
General support: via your dashboard or the contact method listed on deskmemory.app
Operator: rebelGlitch — DeskMemory
Website: https://deskmemory.app
This document describes DeskMemory’s privacy practices for the web dashboard and desktop application ecosystem. It is provided for transparency and does not constitute legal advice.
