😎

Memex Privacy Policy

Last edit: 24.01.22

Plain-Language Summary

Your data is not our business model.

We want to provide services valuable enough so they are worth paying for without the need to trade-off your data ownership & privacy.

We don't take venture capital funding and offer investors and team capped returns

We do this to remove the economic incentives for profit-at-all-costs that usually lead to exploitations of user privacy & freedom to move providers. Instead we choose the harder route of funding our company through own revenue, grants and an alternative investment model called "Steward Ownership". You can read more about our approach in this post.

We highly value your data ownership & privacy.

Your data is stored on your computer by default and exportable there. To provide sync, collaboration features and the automatic backup, Memex data is also synced to our Firebase servers. You can export your data at any time on your local machine and ask us to delete your account.

We operate with a strong ethos for valuing data ownership and data privacy, which may not always be feasible to achieve via technological means, but better via economic incentives or organisational safeguards. Especially in a multi-peer collaborative environment, a zero knowledge privacy system is hard to build and maintain, which is out of our budget right now.

We vouch that we have never and will never look at your personal data without consent even if it is right now technically possible. As we mature as a service we will attempt to further improve your privacy.

We only receive anonymous error logs and usage statistics. We only track what's absolutely necessary to understand statistical usage of features and the Memex software, as well as error logs to improve the stability of the product. No personal data, like content you save or search for, will be in those logs or be part of the analysis.

FAQs

Why does Memex need so many permissions?

The requested permissions are necessary for Memex to function properly. However the phrasing of those permissions is very vague and out of our control. (They are determined by Chrome and Firefox). Here is a list of things that are requested and what Memex uses them for.

Read and change all your data on websites that you visit

Reads: Memex reads the HTML code when the page has finished loading in order to index its content. No text and password fields are indexed.

Change: In order to show the sidebar and the Highlighter tooltip, Memex adds code to the HTML of the website you are on

Read and change your browsing history

Memex only Reads: In order to import your existing browsing history, and log changes in your tabs, Memex needs to have access to this permission set

Read and change your bookmarks

Memex only Reads: In order to import your bookmarks and automatically add a "star" to items you bookmark on the fly, it needs to have access to this permission

What kinds of data is sent from my Memex? How do I verify this?

All personal data stays safely stored on your computer as a copy so you can freely export it.

The backup, sync and collaboration infrastructure sends your data in full with our Firebase servers. Your email address is shared with Firebase.com and Chargebee.com, our payment provider, to manage your account and subscription status. Chargebee.com also manages your payment details. Your data sent to those services is subject to their privacy policy.

This data transfer is solely used to provide you the services you signed up for and are never sold to 3rd parties without explicit consent by users.

Worldbrain.io may receive anonymous metrics on how you use the software. (e.g. which buttons you click/features you use) so we can improve the user experience and feature maturity, and error logs (Sentry.io). This data does not contain any personal data like the terms you search, websites you visit or annotations you make. If you feel uncomfortable with this, you can opt-out and become a ghost for us. To opt-out to your Memex' settings > privacy. To collect usage data we use Google Big Query, which is arguable a suboptimal choice. We tried 3 different options to do cross device analytics that are more privacy sensitive, but they all didn't work in such a unique setup of extension, mobile app and web. At this point we need to pick our battles and focus on providing valuable services to our users which then would allow us to use more privacy focused alternatives.

Want to check if that is true?

Go to your extension's background page and open the tab "Network". Once your computer is idle for 20 seconds Memex will send a ping with the latest activities to our analytics servers. You can see all data that is sent there.

How can I trust that Memex does not send personal data somewhere I don't agree with?

Our code is open source and can be inspected on GitHub. Our whole build script is there too. It's an automatic program that is triggered once we release a new version. It compiles the code and uploads it to the Chrome Web Store and Firefox Add-ons. The Mozilla (Firefox) team even checks if the source code and the uploaded code match to prevent people from uploading a different versions. Further you can observe the network traffic of the extension to see what data is sent to our analytics servers (which is only anonymous data about your interactions with Memex, no personal data like history, annotations, tags etc)

How do I check if that is true?

Go to your extension's background page and open the tab "Network". Once your computer is idle for 20 seconds Memex will send a ping with the latest activities to our analytics servers. You can see all data that is sent there.

If I do backups to any cloud provider can the Memex team see my data?

No. The connection is made from your extension to the server directly. If you have a premium subscription Memex only checks with worldbrain.io's servers if those subscriptions are valid and then proceeds to make the direct connection.

Subprocessors

To facilitate onboarding of new users and paying subscribers we also use Airtable, Zapier, Stripe and Chargebee. Those services will receive email addresses, names and handle payment details.

To automate sending transactional emails we use Sendgrid, which receives names, email addresses and information needed to enable those transaction.

Click on the names of the services to see their individual privacy notes.

Anonymous Data that is collected

If you don't sign up for having an account, the only data worldbrain.io receives are anonymous error logs and metrics on how you use the software. (e.g. which buttons you click/features you use) so we can improve the user experience and feature maturity. This data does not contain any personal data like the terms you search, websites you visit or annotations you make. If you feel uncomfortable with this, you can opt-out and become a ghost for us. To see a complete list of everything that is tracked or opt-out, go to your Memex' settings > privacy.

Legalese Version of the Privacy Policy

Click to Show

Your personal data is yours

All your personal data is stored locally on your computer and to provide sync, collaboration and backup functionality, it is sent to Firebase servers operated by Google LLC.

We operate with a strict ethos for protecting privacy, which may not always be feasible to achieve technologically. Especially in a multi-peer collabororative environment, a zero knowledge privacy system is hard to build and maintain, which is certainly out of our budget right now.

To provide you the service of creating hyperlinks to highlights with Memex.Link, we need to store the url on which the link has been created and the highlighted text on our servers. We do use Amazon S3 and Lambda functions for that and do not store or process any personally identifiable information about users sending or requesting those links (like IP addresses). We do however collect statistics about usage, in order to optimise our infrastructure and to identify misuse of the service. You can ensure yourself about this fact in our GitHub repository.

Anonymous Usage Statistics

WorldBrain.io may collect crash reports and anonymous statistics about how users use our website, the Memex software and its features.This data will not contain any personal data (e.g. terms you search, the urls you visit/bookmark or the pages you blacklist). The data is solely used to improve Memex stability, usability and features & never sold to any 3rd party.

To collect usage data we use Google Analytics, which is, arguable a suboptimal choice. We tried 3 different options to do cross device analytics that are more privacy sensitive, but they all didn't work in such a unique setup of extension, mobile app and web. At this point we need to pick our battles and focus on providing valuable services to our users which then would allow us to use more privacy focused alternatives.

Opting-out of Usage Statistics

We respect your wish of opting out either through the “do-not-track”-feature of the browser. We also offer a separate opt-out feature in our software.

Backup to Google Drive, or any other provider.

If you choose a cloud provider to backup your data there, these providers will currently have access to your unencrypted data. Be aware of this before you choose one. Currently you can backup your data to any cloud provider that has a local sync folder (e.g. dropbox) or directly to Google Drive.

Google Drive Integration special note: Memex opens up a hidden folder on Google Drive that only the Memex app can read. We do this so that the Memex app cannot access any other folder in your Drive, and thus might be a security vulnerability. We know it's not ideal for people who want to access this data externally.

Privacy Policy Changes

Although most changes are likely to be minor, WorldBrain.io may change its Privacy Policy from time to time, and in WorldBrain.io’s sole discretion. WorldBrain.io encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Date of last change: 22.01.22

Protection of Certain Personally-Identifying Information

WorldBrain.io, the company operating Memex will not rent or sell any of the gathered statistical, potentially personally-identifying and personally-identifying information to anyone. If you are a registered user of a WorldBrain.io newsletter and have supplied your email address, WorldBrain.io may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with WorldBrain.io and our products. We primarily use our blog to communicate this type of information, so we expect to keep this type of email to a minimum. WorldBrain.io takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of potentially personally-identifying and personally-identifying information.

Scope of Privacy Policy

This Privacy Policy applies to the information that we obtain through your use of WorldBrain.io services via a device or when you otherwise interact with WorldBrain.io, Memex and WorldBrain UG. WorldBrain.io services include our:

Websites: (memex.garden, memex.social, worldbrain.io and subdomains *.worldbrain.io *.memex.garden, *.memex.social)

Downloadable Products: (Memex Browser Extensions, Memex mobile apps for iOS and Android).