Privacy Policy
1. The short version
- Your bookmarks (URLs, titles, thumbnails, tags, collections, notes, reminders, read state, and AI summaries) are stored locally on your device.
- On-device AI processing keeps the content of the pages you save on your phone.
- Optional cloud backup is end-to-end encrypted and saved to your own Google Drive, not to any MaybeLater server.
- To enrich and check your links, the app contacts the websites you save.
- The app sends anonymous, content-free usage analytics and crash reports via Google Firebase, never your URLs, titles, notes, bookmark content, or account email — and you can turn both off in Settings → Privacy.
- There is no MaybeLater account and no MaybeLater backend storing your data, and I have no access to your bookmarks.
2. Information collected
2.1 Content you create
When you save or edit a bookmark, the app stores the information that makes it up: the URL, title, thumbnail, description, your tags and collection, any note, the reminder time, read/unread state, the AI-generated summary, and the last link-check status. This content is created and kept by you in the app's on-device database. It is never received or stored on any server of mine, because there are none.
2.2 Information collected automatically
The app integrates Google Firebase to help keep it reliable:
- Firebase Analytics: anonymous, aggregate usage events (for example, which features are used and whether an action succeeded or failed). By design these events contain no URLs, titles, bookmark content, or personal information.
- Firebase Crashlytics: crash and diagnostic reports used to find and fix stability problems.
Firebase may process limited technical identifiers (such as an app-instance ID and general device/OS information) as described in Google's privacy documentation. You control this in Settings → Privacy with separate Send anonymous usage analytics and Send crash reports switches; see §9 for details.
3. When data leaves your device
MaybeLater is offline-first. Network connections are made only in these situations:
- Fetching page metadata: when you save a link, the app contacts that website (via oEmbed for supported hosts, or by reading its Open Graph tags) to retrieve the title, thumbnail, and description. This is a normal request to the site you chose to save.
- Link-health checks: on the schedule you choose, the app contacts your saved links to see whether they still resolve, marking each Healthy, Broken, or Unknown.
- Analytics & crash reporting: the anonymous data in §2.2 is sent to Google Firebase.
- Cloud backup: only if you enable it (see §5), encrypted backup files are uploaded to your own Google Drive.
4. On-device AI
Auto-tagging and page summaries are produced by on-device AI (Gemini Nano via Google's ML Kit GenAI). The content of the pages you save is processed locally on your device and is not sent to any AI cloud service. These features are optional and can be turned off in Settings. On devices that don't support on-device Nano, summaries are not offered and tagging falls back to a local heuristic.
5. Cloud backup & encryption
Cloud backup is off by default and requires you to connect a Google account. When enabled:
- Backups are written to your own private Google Drive storage, not to a MaybeLater server. MaybeLater uses Google's App Data folder scope, so it can only see the backup files it creates in a hidden, app-specific folder — it cannot see, read, or modify any of your other Google Drive files.
- Backups are end-to-end encrypted before they leave your device, using a key derived from your app passcode (PBKDF2-HMAC-SHA256 with 120,000 iterations, producing an AES-256-GCM key). Because the key is derived from your passcode, enabling backup requires setting the app lock.
- You control the schedule (Daily, Weekly, Biweekly, or Monthly) and can back up or restore on demand. The app shows your connected account and the last backup/restore time and status.
- Removing your passcode automatically disables cloud sync, since the encryption key depends on it.
Because the encryption key stays on your device, a forgotten passcode cannot be recovered and the backup cannot be decrypted by me or anyone else. Your use of Google Drive is also governed by Google's terms and privacy policy.
6. Google API Services — Limited Use
MaybeLater's access to and use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- MaybeLater requests only the
drive.appdatascope, which grants access solely to a hidden, application-specific folder that MaybeLater creates in your Google Drive. It cannot access, read, or modify any other files in your Drive. - Data obtained through this scope is used only to provide the cloud backup and restore feature you explicitly enable.
- MaybeLater does not transfer or sell this data, and does not use it for advertising.
- No human reads your backup data — it is end-to-end encrypted on your device before upload (see §5) — and it is never used to train AI/ML models.
7. Storage & retention
Your bookmarks are stored in the app's local database on your device and remain until you delete them or uninstall the app. Uninstalling removes the app's local data from your device. Any encrypted backups you created in your Google Drive remain there until you delete them from your Drive. You can also export your bookmarks to a file (plain or password-encrypted JSON) and import them again later.
8. Third-party services
The app relies on the following third parties, each governed by its own privacy policy:
- Google Firebase (Analytics & Crashlytics): anonymous usage analytics and crash reporting. See Firebase privacy and the Google Privacy Policy.
- Google Drive: only if you enable cloud backup; stores your encrypted backup files in your own account.
- The websites you bookmark: contacted directly to fetch metadata and to run link-health checks. Those sites may log the request as they would any visit.
There is no first-party MaybeLater backend that stores your bookmarks. I am not responsible for the practices of these third-party services.
9. Device permissions
- Internet / network: to fetch page metadata, run link checks, send anonymous analytics, and perform optional cloud backup.
- Notifications: to deliver the reminders you schedule.
- Alarms / scheduled work: to run reminders and background link checks reliably, including after a reboot.
- Biometrics: only if you enable biometric unlock for the app lock; used solely to unlock the app on your device.
10. Analytics & children
Analytics. The anonymous analytics and crash reporting described in §2.2 are on by default, but you can turn either one off at any time in Settings → Privacy using the Send anonymous usage analytics and Send crash reports switches. You can also limit some device-level analytics identifiers through your Android and Google account settings.
Children. The app is not directed to children under 13 (or the minimum age of digital consent in your jurisdiction), and I do not knowingly collect personal information from them.
11. Your rights
Because your bookmarks live on your device, you control them directly: edit or delete any item at any time, and uninstall the app to remove its local data. Depending on where you live (for example under the GDPR or CCPA), you may have additional rights regarding the limited analytics/diagnostic data processed by Google Firebase, such as the right to access, object to, or request deletion of it. To make such a request, or if you have any privacy question, contact me using the details below and I will respond as reasonably practicable and as required by applicable law.
12. Changes to this policy
I may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, through an in-app notice. Continued use of the app after changes take effect constitutes acceptance of the updated policy.
13. Contact
Questions about this policy or your data? Email jaxvy@yahoo.com. This policy describes the app's data practices in good faith but is not legal advice.