Legal
Privacy Policy
Effective date: March 12, 2026. This Privacy Policy explains what we collect, what we do not collect, and how we handle your information.
Summary
- Your memory content is encrypted on your device before upload.
- We do not store your encryption keys.
- We do not store plaintext audio, video, or photo memory content on our servers.
- We do store the minimum account, delivery, and encrypted metadata needed to operate the product.
Information We Collect
Information you provide
- Email address
- Password
- Optional delivery email for future reminders
- Optional child name, which is stored encrypted
Information generated by the app
- Encrypted metadata about a memory, such as title, duration, and whether media is attached
- Delivery date and delivery status
- Blob references for encrypted files stored in object storage
- Account creation and update timestamps
Information we do not collect in plaintext
- Voice recordings
- Attached video or photo memory content
- Encryption keys
- Plaintext memory metadata, where the product is designed to store it encrypted
How Flat Circle Works
Flat Circle is designed so that memory content is encrypted client-side before it is uploaded. Our servers receive encrypted blobs, encrypted metadata, account information, and delivery scheduling information. Your iCloud export is written into your own storage account, not ours.
How We Use Information
We use information to:
- create and manage your account
- authenticate you
- store and retrieve encrypted memory blobs
- support timeline display using encrypted metadata
- schedule and send future delivery reminder emails
- generate encrypted exports to your own cloud storage
- operate, secure, debug, and improve the service
Sharing
We do not sell your personal information.
We share limited information with infrastructure providers only as needed to operate the service, such as:
- Cloudflare for Workers, D1, and R2
- Apple for iCloud Drive export on your device
- Resend for delivery reminder emails, if you choose to use future delivery
Those providers may process account or delivery data on our behalf. Encrypted memory content stored in R2 remains encrypted.
Data Retention
We retain account and service data for as long as your account remains active or as needed to operate the service. If you delete a memory, we intend to remove the associated metadata and encrypted storage object. Some logs, backups, or infrastructure records may persist for a limited period.
Because Flat Circle is designed around data portability, your exported bundles in your own storage remain under your control until you remove them.
Security
We use a privacy-by-architecture model:
- client-side encryption for memory content
- no server-side key escrow
- password hashing for account credentials
- access controls and hosted infrastructure security measures
No system is perfectly secure, but the product is intentionally designed to minimize our access to your memory content.
Your Choices
You may:
- update your account information
- set or clear optional delivery information
- export memories to your own storage
- delete memories
- stop using the service
If you lose the password or local key material required to decrypt your memories, we may not be able to recover your encrypted content for you.
Children
Flat Circle is intended for adults, primarily parents or guardians. The service is not intended for children to create accounts directly. We ask users not to provide unnecessary personal information about children. Where child-related information is supported, the product is designed to store it encrypted or locally where possible.
International Processing
Your information may be processed in jurisdictions where our infrastructure providers operate.
Changes
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and, where appropriate, provide additional notice.
Contact
For privacy questions, contact: `privacy@flatcircle.app`