Privacy Policy

Last updated: April 1, 2026

forgott is a personal data intelligence app. It connects to services you already use, pulls your data to your device, and generates insights locally. Your data stays on your phone. We don't see it, store it, or sell it.

What forgott does

forgott connects to your accounts on third-party services (Google, Spotify, Firefox, TikTok) using secure OAuth authentication. It downloads your activity data — things like search history, listening history, browsing history — directly to your device. An on-device AI model then processes this data locally to generate personalized insight cards.

No data leaves your device after it arrives. There is no cloud processing. There is no server-side analytics. There is no profile building on our end.

Data we access and how it's stored

You choose which services to connect. You can disconnect any at any time. When connected, forgott accesses:

Google (via Data Portability API): Search activity, YouTube watch history, Maps location history, Chrome browsing history.

Spotify: Listening history, top tracks, top artists.

Firefox (via Firefox Sync): Browsing history and bookmarks. This data is end-to-end encrypted by Mozilla — forgott decrypts it on your device. Decryption keys never leave your device.

TikTok: Watch history and activity data.

All data is stored in a local database on your phone. OAuth tokens are stored in your device's secure storage (iOS Keychain). All AI processing runs on-device — nothing is sent to external AI services. We do not operate servers that store your personal data.

What we do operate

Google, Spotify, and Firefox authentication happens entirely on your device using local OAuth callbacks. No server is involved in these flows.

TikTok requires a server-side OAuth callback due to how their API works. forgott operates a minimal server component solely to handle this redirect during TikTok authentication. This server processes the authentication handshake only — it does not receive, store, or log any of your personal data. No user activity data passes through this server.

Third-party services

Your data flows directly from each service to your device. Each service has its own privacy policy:

• Google
• Spotify
• Mozilla (Firefox)
• TikTok

You can revoke forgott's access at any time through each service's account settings.

Data we collect about you

None. We do not collect your data and do not use any analytics SDKs, tracking pixels, or telemetry tools.

Data sharing

We do not share your data with anyone. There are no advertising partners, no data brokers, no analytics providers. Your data exists only on your device.

Deletion

Delete the app and all data is gone — activity data, insight cards, OAuth tokens, everything. There is nothing to delete on our servers because we don't store anything.

Your rights under GDPR

All your data is on your device. You already have full access to it, and deleting the app removes everything. There is no server-side data to request deletion of. You can disconnect any service or stop using the app at any time. You have the right to file a complaint with your local data protection authority.

Children

forgott is not intended for users under 16.

Future changes

If we introduce features that change how your data is handled — such as optional end-to-end encrypted cloud sync or device-to-device sync — we will update this policy and notify you within the app before any change takes effect. Any new feature involving data leaving your device will require your explicit opt-in consent.

Contact

Questions about this policy or your data? Email us at hey@forgott.net.