What We Collect

We only collect what we need to make the platform work. Nothing extra.

• Email address — used as your login identity and to identify your account.
• Password — we never store your actual password. It is immediately hashed with bcrypt (a one-way algorithm). We literally cannot read it.
• Full name (optional) — only if you choose to provide it.
• Content you create in apps — notes, chat messages, journal entries, posts, saved passwords, game data, etc. Each app keeps its data separate. Your data in one app is not visible to another.

Cookies & Sessions

We use exactly two cookies. Both are functional — they keep you logged in and protect against cross-site attacks. That's it.

• mdb_auth_token — a JWT session token. It's httpOnly (JavaScript can't read it), and expires after 24 hours.
• csrf_token — a CSRF protection token. Prevents other websites from making requests on your behalf.

We do not use analytics cookies, advertising cookies, or tracking pixels. Zero.

Third-Party Services

Some apps on this platform use external services to provide specific features. We only send the minimum data needed. Here's the full list:

• • MongoDB Atlas — hosts our database. Your data is stored here. Their policy.
• • OpenAI / Azure OpenAI — powers AI features (chat, memory, summaries). Text you send to AI features is processed by their API. Their policy.
• • Google Gemini — alternative AI model for chat features. Their policy.
• • Cloudinary — hosts images you upload (my-Circles). Their policy.
• • Backblaze B2 — stores file attachments (Oblivious Notes). Their policy.
• • RapidAPI (YouTube Transcripts) — fetches video transcripts when you request them (Oblivious YouTube). Their policy.
• • Spotify API — playlist features (my-Circles). Only accessed when you use that feature. Their policy.
• • Firecrawl — scrapes web content for AI research features (FLUX, AI Chat). Only activated when you trigger those features. Their policy.

What We Do NOT Do

We want to be crystal clear about what we are not doing with your data:

• We do not sell your data to anyone. Ever.
• We do not run ads or share data with ad networks.
• We do not track you across websites. No analytics SDKs, no tracking pixels, no fingerprinting.
• We do not build profiles about you for marketing or any other purpose.
• We do not share your content between apps without your action. Each app's data is isolated.

Your Rights & Data Deletion

Your data is yours. You can request a copy of your data or ask us to delete your account and all associated data. Contact us and we'll handle it.

If you stop using the platform, your data just sits there — we don't do anything sneaky with inactive accounts. If you want it gone, tell us and we'll wipe it.

Changes to This Policy

If we change this policy, we'll update the date at the top. We won't silently change what we do with your data. If we ever make a major change, we'll make it obvious.