Quiet by design.
Last updated: May 12, 2026
The short version: Memkeep is end-to-end encrypted by default. Your memories are encrypted on your device before they leave it. The sync server stores ciphertext only — even we can't read your data. We don't run ads, sell your data, or use advertising trackers. We do collect anonymous crash reports and pseudonymous product analytics (counts and events only — never your titles, content, photos, or names) so we can fix bugs and understand how the app is used. You can delete everything at any time, from inside the app.
What Memkeep is
Memkeep is a local-first, end-to-end encrypted shared journal for couples, families, and close friend groups. The app is built on Jazz, a CRDT (conflict-free replicated data type) framework that lets your devices sync data without exposing it to anyone in the middle — including us.
Data we collect
On your device. The content you create — notebook entries, photos, comments, your profile, your spaces and members — lives on your device first. Memkeep is local-first, so the app works offline and stores a full copy locally for instant access.
On our sync server. When your device is online, Memkeep syncs your data to other devices in your shared spaces. The sync server only ever sees:
- Encrypted ciphertext of your content (we cannot decrypt it)
- Minimal account metadata: your account ID, last-seen timestamp, and the encrypted membership graph used to route updates between devices in the same space
Crash reports. We use Sentry to collect anonymous crash reports so we can fix bugs and improve app stability. Crash reports are not linked to your account: we do not attach your Jazz account ID, your name, your profile, or any user identifier. They never contain memory content, photos, or personal information — they only describe the technical state of the app when it crashed (e.g. "the home screen crashed when scrolling on iOS 18.2").
Product analytics. We use Vexo to collect pseudonymous product analytics so we can understand how the app is used and where it can be improved. What this includes:
- Technical context automatically collected by the SDK: app version, operating system version, device model, screen views, and approximate session information.
- Lifecycle events we explicitly send at key moments — for example, that a memory was created, a comment was added, a notebook was created, a purchase succeeded, a setting was changed, or onboarding was completed. We only send counts, booleans, and enum values. We never send memory titles, memory content, comment text, profile names, photos, or anything else you typed.
- A pseudonymous identifier: events are associated with your Jazz account ID, which is an opaque, app-generated identifier. It is not your name, email, or phone number, and we do not link it to any real-world identity. We use it to deduplicate per-user counts (for example, to know whether 10 events came from 1 user or 10 users).
What we do NOT collect. No advertising IDs (IDFA/AAID). No ad networks. No location pings. We do not sell or share analytics data with third parties beyond the Sentry and Vexo processors that store it on our behalf.
End-to-end encryption
Every notebook entry, every photo, every comment is encrypted on your device before it is sent anywhere. The encryption keys are generated and stored on your device — they never leave it in plaintext. Members of a shared space exchange keys through the same end-to-end encrypted channel, so only invited members can decrypt the content.
Our sync server sees only ciphertext. Even we, the developers of Memkeep, cannot read your memories. There is no backdoor and no recovery key on our side. If you lose all your devices and have not paired a new one, your data is unrecoverable — that's a feature, not a bug.
Permissions
- Camera & Photo Library — used when you attach a photo to a memory. Photos are encrypted on-device before they leave it.
- Location (optional) — used only if you tag a memory with a place. Location stays on your device and inside your encrypted sync data.
- Notifications (optional) — used for memory reminders you opt into. Notification content is generated on your device.
In-App Purchases
Memkeep offers a single consumable in-app purchase that unlocks an additional notebook or extends a notebook's photo capacity. Purchases are processed entirely by Apple App Store or Google Play. We do not see your payment details, and we do not store transaction records on our server — your entitlement is granted on your device after the store confirms the purchase.
Sharing
We do not sell, rent, or share your data with anyone. Shared notebooks are visible only to the people you invite using end-to-end encrypted invite links. We have no way to access the contents of those notebooks.
Your rights
You have the right to access, correct, and delete your data. Because Memkeep is end-to-end encrypted and local-first, you can do all of this directly from inside the app at any time, without contacting us — your data is on your device and you control it. We respect your rights under applicable data protection laws.
Contact
Questions about this policy? Reach us at [email protected].
Changes
If we make material changes to this policy, we'll update the date at the top of this page and, for significant changes, mention them in the app's release notes.