Privacy

Last updated: 19 May 2026. Memfog is in public beta. This page reflects current behavior — when it changes, the date above moves and material changes will be announced.

The short version

• We store your email, an Argon2id hash of your password, and the events your Memfog hooks push. That is the entirety of what's on our servers.
• Your events are isolated per account at the database row level. Other Memfog users can never see them.
• We do not sell, share, or train models on your event content. Period.
• The desktop client is local-first; cloud sync is opt-in.
• You can delete your account and all associated data at any time by emailing hello@memfog.com. We'll comply within 7 days.

What we collect

When you create an account on memfog.com:

• Email address — required for sign-in and verification.
• Password hash — Argon2id with a per-user salt. The plaintext password is never written to disk and is dropped from memory immediately after hashing.
• Optional display name — only used in the dashboard header.

When your Memfog hooks push to /ingest:

• Event payloads — whatever your hook sends. For Claude Code that's the JSON body Claude itself emits (prompt text, tool inputs/outputs, file paths, terminal output excerpts, etc.). Memfog does not redact or sample — what your hook sends is what we store.
• An ISO-8601 timestamp, the working-directory string, and the event id you generated.

That's it. We do not run analytics scripts, fingerprint browsers, embed pixels, or load third-party JS on memfog.com or dashboard.memfog.com.

Where it lives

• The cloud database is PostgreSQL on a hardened VM. Network access is restricted to localhost; the public endpoint is fronted by Cloudflare Tunnel with TLS terminated at Cloudflare's edge.
• Nightly encrypted backups go to a Cloudflare R2 bucket in EU-Western region with a 14-day retention window.
• Transactional email (verification + reset links) is sent via mail.mailsetu.com on our behalf. The body contains a one-time token bound to your account; mailsetu has no other access to your data.

What we don't do

• We do not train any model on your event content.
• We do not share your events with any third party (commercial or otherwise) under any condition.
• We do not run ad-network trackers, session replay, or behavioural analytics on the marketing or dashboard sites.
• We do not log IP addresses beyond what Cloudflare records at the edge for abuse mitigation.

Your rights

• Access. Use GET /me and POST /sync/pull at any time to retrieve everything we have on you. The dashboard wraps both.
• Deletion. Email hello@memfog.com from the address on your account. We'll confirm, then wipe your row in users (which cascades to events, verification tokens, and reset tokens). Backups containing the data age out within 14 days.
• Correction. Email us. We don't have a self-serve "edit my email" flow yet — that ships in v0.2.
• Portability. Use POST /sync/pull with a large limit; the response is your data as JSON.

Children

Memfog is not intended for use by anyone under 16. If you believe a child has signed up, contact us and we'll delete the account.

Changes

If we materially change what we collect or how we use it, the "Last updated" date above moves and existing users get an email notification at least 14 days before the change takes effect.

Contact

Privacy questions: hello@memfog.com.