Privacy

Did I Forget is designed so the smallest possible amount of your data ever touches our backend. Here's exactly what we store and what we don't.

What we store on the backend

• Your PropelAuth user account (email, plan tier, account metadata).
• One bearer token per device you've paired, stored as a SHA-256 hash so we can't recover the plaintext.
• Your encrypted Slack OAuth user token, if you've connected Slack. Encrypted with AES-256-GCM at rest.
• One timestamp per integration: the most recent message we've already given to the LLM. We use this to avoid re-reading the same message twice.
• Daily LLM and Slack-fetch usage counters for rate limiting and billing.

What we never store

• The contents of your Gmail messages. They're scraped from your local Gmail tab, sent to the LLM, and dropped.
• The contents of your Slack messages. Same: fetched on the fly, used once, dropped.
• Your task list. Tasks live in your extension's local storage and never leave your device.
• Plaintext device tokens or plaintext Slack tokens.

OpenAI

We send Gmail/Slack message text to OpenAI to compute task changes. We do not send any task history. OpenAI's data-retention terms apply to that traffic.