Local Core
No required hosted account
Memorall's core local-first workflows can run without forcing a hosted account, hosted database, or remote model API.
Privacy Policy
Local first when possible. Explicit when data leaves the browser.
Memorall is designed so core capture, storage, retrieval, and many model workflows can stay in the browser. Optional remote providers, authentication, and sync features are user-controlled choices rather than mandatory parts of the core experience.
Core data can stay local
Remote providers are opt-in
Optional auth and sync
User-controlled deletion
Quick Summary
The short version before the detailed breakdown.
This page explains what Memorall may store, how local-first processing works, when network requests can happen, and what browser permissions support those flows.
Stored Context
Work stays attached to your project
Saved pages, chat context, graph data, notes, and imported documents can remain in browser-local storage and related local surfaces.
Optional Services
Remote providers are a separate choice
If you connect external AI providers or optional auth and sync services, data sent through those services follows that specific integration path rather than the local-only path.
Controls
You can remove local data
Stored data can be removed inside the product, by clearing extension storage, or by uninstalling the extension from the browser.
Policy Details
What gets stored, processed, and optionally sent out.
The details below are organized around the actual product shape in this repository: local-first storage and model paths, plus optional remote providers and optional authentication or sync layers.
Overview
Overview
Memorall is built around a local-first browser workflow. The core experience can capture pages, manage documents, store chats, and build memory context without requiring every workflow to pass through a remote server.
Some features are optional rather than mandatory. That includes remote AI providers and optional authentication or cloud-sync style integrations when they are configured for a deployment.
Stored Data
What Memorall may store
- Captured web content: pages, selected text, screenshots, page metadata, and other context you explicitly choose to save.
- Chat and memory data: conversations, drafts, summaries, graph relationships, and workspace context created while using Memorall.
- Documents and files: PDFs, Markdown, spreadsheets, notes, and workspace files you import, create, or attach.
- Model assets and caches: local model files, embeddings, and related cached artifacts when you choose workflows that need them.
- Configuration data: model settings, provider configuration state, and other product preferences needed to restore your setup.
Local Handling
Local storage and processing
- Browser-local storage: Memorall uses browser storage surfaces such as IndexedDB, OPFS, and related local mechanisms to keep memory and document data close to the browser environment.
- Local inference paths: some workflows can run with browser-hosted runtimes or locally configured model servers such as LM Studio or Ollama instead of remote APIs.
- No mandatory sign-in for the core path: the local-first core does not require every user to create an account before using the product.
Network Requests
When network requests and third parties can be involved
- Model downloads: Memorall may connect to Hugging Face hosts when you choose a local model workflow that needs downloadable model assets.
- Remote AI providers: if you explicitly configure and use a remote AI provider, the prompts, files, and related context you send through that provider may leave the browser and be processed by that provider.
- Optional auth or sync: if a deployment enables optional authentication or cloud features, related account or sync traffic may go to the configured backend for that deployment.
Remote providers and optional cloud services are not the same as the local-only path. If you turn them on, you should review the privacy terms of those services separately.
Data Sharing
How data is shared with third parties
Memorall does not sell, rent, trade, or otherwise transfer your personal information to third parties. Data sharing only occurs in the following limited circumstances, all of which are entirely under your control:
- Remote AI providers (user-configured): if you explicitly configure an external AI provider such as OpenAI, Anthropic, Google, or another API-compatible service, the prompts, files, and context you submit through that provider are sent to and processed by that provider under their own terms of service and privacy policy. Memorall does not control how those providers handle your data.
- Model asset hosts (on demand): when you select a local-model workflow that requires downloadable assets, Memorall may connect to Hugging Face servers to fetch those files. No personal data beyond standard network request headers is sent in those requests.
- Optional authentication or sync (deployment-specific): if a deployment of Memorall enables optional cloud authentication or sync features and you choose to use them, account-related data may be transmitted to the configured backend for that deployment. This integration is disabled in default builds.
- No other sharing: outside the user-initiated paths above, Memorall does not share data with advertisers, analytics networks, data brokers, or any other third party.
When you use a remote provider you are subject to that provider's own privacy policy. Review the privacy terms of any provider you configure before sending sensitive information through it.
Data Security
How data is protected
Because Memorall's core data path is local-first, most sensitive data never leaves your device and is therefore not exposed to server-side breaches. The following practices apply:
- Browser security model: locally stored data is kept inside browser-managed storage (IndexedDB, OPFS, extension storage) which is isolated to the extension's origin and protected by the browser's built-in security sandbox.
- No Memorall-operated server storage: Memorall does not operate servers that store copies of your captured pages, chat history, documents, or memory objects. Data you store in the local-first path remains on your device.
- Transit security for remote paths: when data is sent to remote providers or optional cloud services that you have configured, those requests use HTTPS/TLS encryption in transit. The security posture of the remote endpoint is governed by that provider.
- API key handling: provider API keys and credentials you configure are stored locally in extension storage and are not transmitted to Memorall-operated infrastructure.
- No guarantees for remote providers: Memorall cannot guarantee the security practices of third-party AI providers or other external services you choose to connect.
Control
Deletion and retention control
- Inside Memorall: remove saved context, files, or memory objects directly from the product where those controls are available.
- Browser-level clearing: clear extension or site data using browser controls to remove locally stored records.
- Uninstall: uninstalling the extension removes the extension from the browser and typically removes its locally stored data, subject to browser behavior.
- External services: if data was sent to a remote provider or optional cloud service, retention on that service is governed by that service rather than by local browser storage alone.
Children's Privacy
Children's privacy
Memorall is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). Memorall does not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided personal information through Memorall, please contact us using the details in the section below so we can take appropriate action.
Updates & Contact
Changes and contact
Effective date: April 14, 2025. This policy was last updated on April 14, 2026.
This privacy policy may be updated as the product evolves. When material changes are made, the effective date above will be updated so the public page stays aligned with the current product architecture. Continued use of the extension after an update constitutes acceptance of the revised policy.
For privacy questions, data-handling inquiries, or suspected inaccuracies, you can reach us by:
- GitHub Issues: open an issue at github.com/zrg-team/memorall/issues — this is the primary support and contact channel.
- Source review: the full extension source is publicly available at github.com/zrg-team/memorall so you can verify data-handling claims against the actual code.
Extension Permissions
Why the extension asks for browser access.
Permissions support page capture, document handling, local storage, background work, and the browser-aware workflows described on the landing page.
Read the current page when you ask
Used to inspect or capture the active tab when you explicitly trigger a page-aware workflow.
Work across browser surfaces
Supports tab-aware actions, workspace flows, and browser context handling across extension features.
Respond to page navigation state
Helps the extension react to navigation events that matter for content capture and page-aware tools.
Persist memory and settings locally
Used to keep chats, graph data, saved context, configuration, and other local-first product state.
Capture from the right-click menu
Adds shortcut actions so you can send page or selection context into Memorall from the browser UI.
Show status and background feedback
Used for save confirmations, progress updates, and other workflow signals from the extension.
Run background tasks and fetch required assets
Offscreen processing supports heavier background work, while host access covers PDF handling and Hugging Face model downloads when those workflows are enabled.
Questions
Need clarification on a privacy or data-flow detail?
The public site, source code, and issue tracker should stay aligned. If something here looks stale or ambiguous, open an issue so the policy and product copy can be corrected together.