Last updated: February 7, 2026

Privacy Policy

Momento is desktop-first. Most of your library lives on your device. This policy explains what we collect when you use our website and optional Cloud API, and how we use it.

Our privacy commitments

We do not sell your personal information.

Most of your library stays on your device (desktop-first).

Cloud API features are opt-in and require Google sign-in.

We aim to collect the minimum data needed to operate and improve the product.

1. Information We Collect

Website usage

When you visit our website, our hosting provider (Cloudflare) may process basic request logs (for example: IP address, user-agent, and timestamps) to deliver the site and protect it from abuse.

Cloud API sign-in

If you sign in to use Cloud API features, we receive information from Google such as your Google account subject identifier and email address. We may also store your display name and avatar URL if provided by Google.

Cloud API usage & quotas

To enforce daily quotas and prevent abuse, we store basic usage counters (for example: number of extraction requests per day).

Extraction requests

If you use the Cloud API to extract metadata from a PDF, you may send limited text and up to two images (for example: selected pages). We process this input to produce citation metadata.

We do not intend to store the raw extraction payload (text/images) by default. However, we may temporarily process it in memory to fulfill your request.

Crash reports (optional)

If you (or the desktop app) submit a crash report to our Cloud API, we store the report to help us debug stability issues. Crash reports may include device/app details and logs, depending on what you provide.

2. How We Use Information

  • To provide and secure the website and Cloud API.
  • To authenticate you via Google sign-in for Cloud API features.
  • To enforce quotas and prevent abuse.
  • To process extraction requests and return citation metadata (CSL/BibTeX).
  • To investigate crashes and improve reliability (if crash reports are submitted).

3. Sharing

We do not sell your personal information. We may share data in these limited cases:

  • Infrastructure providers: We use Cloudflare (Pages/Workers/D1/R2) to host our web and Cloud API services.
  • Model providers: When you use Cloud API extraction, your provided text/images may be sent to a configured OpenAI-compatible model provider to generate metadata.
  • Legal: We may disclose information if required by law or to protect our rights and users.

4. Retention

We retain Cloud API account records and usage counters while you use the Cloud API. Crash reports may be retained longer to help diagnose recurring issues.

If we change our retention practices, we will update this policy and the "Last updated" date.

5. Security

We use HTTPS (TLS) for network communication and follow reasonable security practices appropriate for an early-stage product.

6. Your Choices

  • You can use Momento Desktop without signing in to the Cloud API.
  • You can choose whether to use Cloud API extraction and what content you send.
  • You can sign out on the website (which clears the session token stored in your browser's sessionStorage).

7. Contact

If you have questions about privacy, please contact us.

mail Help Center

For now, please reach out via the Help Center. Contact support.