Security & Technical Overview
MemoryLane by SenseFlow, Inc.
Core Principle
You only share what you choose to share.
Your data stays on your device. Screenshots are captured, processed locally or via secure AI, and then cleaned up after processing. A background sweep every 10 minutes removes screenshot files older than 1 hour. The semantic insights extracted are stored only on your machine. Nothing leaves your device unless you explicitly choose to share it, with the following exceptions: (1) if using Scenario A, the app contacts api.trymemorylane.com on startup to validate your subscription using a device identifier; (2) on first use, the local embedding model is downloaded from huggingface.co.
How MemoryLane Works
Screenshot Lifecycle
- Capture — Screenshots are taken at approximately 1-second intervals during active activity sessions. Sessions are bounded by application switches, 5-second inactivity gaps, and a 5-minute maximum duration.
- Prepare — Depending on the capture mode:
- Auto mode (default): Attempts video first and falls back to image mode if video processing is unavailable or fails.
- Video mode: Captured frames are stitched into a 1 FPS video via FFmpeg. The video is sent alongside activity metadata for AI summarization.
- Image mode: Up to 6 key screenshots are sampled based on visual difference and interaction timing, then fed as images into a vision model.
- Process — AI extracts semantic meaning (what you were doing, context). Local OCR (macOS Vision framework / Windows native OCR) also extracts on-screen text. Local embeddings are generated for semantic search using the
@huggingface/transformerslibrary with the all-MiniLM-L6-v2 model. On first use, the embedding model (~100 MB) is downloaded fromhuggingface.coand cached locally for subsequent use. - Store — Semantic data, OCR text, and embeddings are saved to a local SQLite database on your device.
- Clean Up — Screenshot and video files are cleaned up after processing. A background sweep runs every 10 minutes and removes any screenshot or video files older than 1 hour.
Local Storage
- macOS:
~/Library/Application Support/MemoryLane/ - Windows:
%APPDATA%\MemoryLane\ - Logs (macOS):
~/Library/Logs/MemoryLane/ - Logs (Windows):
%APPDATA%\MemoryLane\logs\ - Format: SQLite database
- Ownership: You control your data completely
AI Processing Options
MemoryLane offers three deployment scenarios for AI processing:
Scenario A: OpenRouter (Default)
How it works:
- Data goes directly from your device to OpenRouter — SenseFlow does not proxy or route your data
- OpenRouter load-balances and geo-balances across AI providers:
- Video mode: A stitched 1 FPS video is sent alongside activity metadata to AI models (e.g., Gemini 2.5 Flash Lite, Gemini 3 Flash, Molmo 2 8B) via ZDR-compliant endpoints
- Image mode: Up to 6 sampled screenshots are fed into AI models (e.g., Mistral Small 3.2, Gemini 2.5 Flash Lite) via ZDR-compliant endpoints
- Pattern detection (Pro): Kimi K2.5 via ZDR-compliant endpoint — receives activity metadata including text summaries, window titles, app names, domain names, and timestamps (no images or screenshots)
- Zero Data Retention (ZDR) is enabled at the OpenRouter account level for managed API keys — see ZDR section below
- Only semantic data (text describing what was on screen) returns to your device
- Screenshots are cleaned up after processing (background sweep removes files >1 hour old)
- Local OCR and embeddings are computed entirely on-device
Scenario B: Your Cloud AI Endpoint
How it works:
- Configure MemoryLane to use your own AI endpoint
- You control the AI provider and data handling
- MemoryLane never sends your data to us
- Self-setup or paid monthly support available
Scenario C: Fully Local Models
How it works:
- AI model runs entirely on your device
- No data ever leaves your machine
- Complete privacy and air-gap capability
- Self-setup or paid monthly support available
Technical Details
What Installs
| Component | Description |
|---|---|
| MemoryLane App | Desktop application (macOS Apple Silicon, Windows x64) |
| Local SQLite DB | Stores semantic data, OCR text, and embeddings (unencrypted; protected by OS-level file permissions) |
| FFmpeg | Bundled for video stitching of screenshot sequences |
| @huggingface/transformers | Local embedding generation (all-MiniLM-L6-v2 model, downloaded from huggingface.co on first use) |
| Native sidecar binaries | Swift (macOS) and Rust (Windows) binaries for active window detection and browser URL extraction |
| Config files | User preferences, AI endpoint settings |
What It Captures
- Screenshots at ~1-second intervals during activity sessions (bounded by app switches, 5-second inactivity gaps, and 5-minute maximum duration)
- Interaction metadata (used ephemerally for session windowing, not stored in the database): keyboard session durations and key counts, mouse click positions (x, y coordinates), scroll events — no keystroke content is recorded
- Window context: active window titles, process names, bundle identifiers, and browser URLs (for categorization). Browser URLs are extracted via the macOS Accessibility API or equivalent for supported browsers (Chrome, Safari, Edge, Brave, Arc, Vivaldi, Opera)
- OCR text: on-screen text extracted locally via macOS Vision framework or Windows native OCR
- Video clips: screenshot sequences stitched locally via FFmpeg
- Embeddings: semantic vectors generated locally via @huggingface/transformers (all-MiniLM-L6-v2)
- User can pause capture anytime directly in the app
- Screenshots are captured from all visible windows, including incognito/private browser windows, when they are the active window during a capture interval
What Gets Transmitted
| Scenario | What's Sent | Where |
|---|---|---|
| A (OpenRouter — Video mode) | Stitched 1 FPS MP4 video + activity metadata | Direct to OpenRouter → ZDR-compliant provider endpoints |
| A (OpenRouter — Image mode) | Up to 6 compressed screenshots | Direct to OpenRouter → ZDR-compliant provider endpoints |
| A (Pattern Detection) | Activity metadata: text summaries, window titles, app names, domain names, timestamps | Direct to OpenRouter → ZDR-compliant provider endpoints |
| A (Subscription/Auth) | Device identifier | api.trymemorylane.com (automatic on startup) |
| A (Payments) | Payment info | Stripe (via browser redirect) |
| First run (all scenarios) | Model download request | huggingface.co (embedding model, ~100 MB, one-time) |
| B (Your Endpoint) | Per your config | Your infrastructure |
| C (Local) | Nothing | Stays on device |
Network Requirements (Scenario A)
| Endpoint | Port | Purpose |
|---|---|---|
api.openrouter.ai | 443 (HTTPS) | AI processing |
api.trymemorylane.com | 443 (HTTPS) | Subscription validation, licensing (device ID sent automatically on startup) |
github.com | 443 (HTTPS) | Application updates |
huggingface.co | 443 (HTTPS) | One-time embedding model download on first use |
System Requirements
| Platform | Minimum |
|---|---|
| macOS | Apple Silicon (ARM64), 4GB RAM, 500MB disk |
| Windows | Windows 10+ (x64), 4GB RAM, 500MB disk |
Security Controls
Encryption
| Context | Method |
|---|---|
| In transit | HTTPS/TLS for all API communications (TLS version negotiated by the OS and server) |
| Credentials at rest | API keys and device ID encrypted via Electron safeStorage (uses macOS Keychain / Windows DPAPI to derive encryption keys; encrypted data stored in local config files) |
| Local database | SQLite — unencrypted; protected by OS-level file permissions and user account access controls. Any process running as the same OS user can access the database. |
Zero Data Retention (Scenario A)
When using Scenario A, screenshots and video are sent directly from your device to OpenRouter (SenseFlow never sees or proxies this data). OpenRouter load-balances and geo-balances requests across AI providers.
Managed API keys: SenseFlow provisions OpenRouter API keys with Zero Data Retention (ZDR) enabled at the account level. When ZDR is enabled, OpenRouter only routes requests to endpoints it classifies as ZDR-compliant. Requests that cannot be routed to a ZDR-compliant endpoint will fail rather than fall back to a non-ZDR provider.
Bring Your Own Key (BYOK): If you use your own OpenRouter API key, ZDR depends on your own OpenRouter account settings. You are responsible for enabling ZDR in your OpenRouter account if desired.
OpenRouter's ZDR is a routing-level control — it determines which provider endpoints your requests can be sent to. Individual AI providers may have their own data retention policies independent of OpenRouter. Customers with specific compliance requirements should review provider policies directly.
Interaction Monitoring
MemoryLane monitors user interaction to detect activity sessions and provide productivity context. Here is what is and is not recorded:
| Input Type | What IS Recorded | What is NOT Recorded |
|---|---|---|
| Keyboard | Session duration, key count, active window title | Keystroke content (what you type) |
| Mouse | Click position (x, y coordinates) | Click count (not persisted), what was clicked on (content) |
| Scroll | Cumulative scroll amount, direction (vertical/horizontal) | Scroll content |
| Window focus | Window title, process name, bundle ID, browser URL, previous window | Window content (captured separately via screenshots) |
Interaction data is collected via uiohook-napi (keyboard, mouse, scroll) and native sidecar binaries (window/app changes, browser URLs). Interaction metadata is used ephemerally for session windowing and is not durably stored in the database. It is never transmitted to SenseFlow or any third party.
MCP Server Integration
MemoryLane includes an optional Model Context Protocol (MCP) server that allows compatible AI assistants (e.g., Claude, Cursor) to query your local activity data.
- Protocol: Local stdio-based MCP server. On first use, the embedding model is downloaded from
huggingface.coif not already cached; all subsequent communication is local only - Configuration: User must explicitly configure their AI assistant to connect to the MCP server
- Data scope: AI assistants can query semantic data, activity summaries, raw OCR text, and search your local history
- No data sent to SenseFlow: The MCP server operates entirely locally. SenseFlow has no access to MCP queries or responses
- User control: The MCP server can be disabled at any time in app settings
Pattern Detection (Pro Feature)
MemoryLane Pro includes pattern detection that identifies recurring work patterns and provides productivity insights.
- Input: Activity metadata including text summaries, window titles, app names, domain names, and timestamps for the day's sessions (no images or screenshots)
- Processing: Activity metadata is sent to Kimi K2.5 via OpenRouter once per day (routed to a ZDR-compliant endpoint)
- Output: Text-based pattern descriptions and productivity insights
- Storage: Pattern data stored locally in the SQLite database
- No images transmitted: Pattern detection receives only text — never screenshots or video
Supported AI Models (Scenario A)
| Capture Mode | Models Used | Input |
|---|---|---|
| Auto mode (default) | Attempts video models first, falls back to image models | See below |
| Video mode | Gemini 2.5 Flash Lite (preview), Gemini 3 Flash (preview), Molmo 2 8B — via OpenRouter ZDR-compliant endpoints | 1 FPS stitched video + activity metadata |
| Image mode | Mistral Small 3.2, Gemini 2.5 Flash Lite — via OpenRouter ZDR-compliant endpoints | Up to 6 sampled screenshots (as images) |
| Pattern detection (Pro) | Kimi K2.5 — via OpenRouter ZDR-compliant endpoints | Activity metadata: summaries, window titles, app names, domains, timestamps |
All models are accessed via OpenRouter API. The specific models used may be updated over time; current defaults are listed above.
User Controls
| Control | Description |
|---|---|
| Pause | Stop all capture with one click |
| View data | See all semantic data stored locally |
| Export data | Export the local database as a ZIP file containing the SQLite database |
| Uninstall | Remove the application. User data directories must be manually deleted (see Uninstallation section) |
Audit Trail
- Local logs available at:
- macOS:
~/Library/Logs/MemoryLane/ - Windows:
%APPDATA%\MemoryLane\logs\
- macOS:
- Logs contain: capture events, AI calls (without content), errors
- No screenshots or semantic content in logs
Open Source
The MemoryLane desktop client is open source.
- Repository: [https://github.com/deusXmachina-dev/memorylane]
- Anyone can audit exactly what code runs on your machine
- The managed backend service (
api.trymemorylane.com) used for subscription validation and key provisioning is proprietary
GDPR / Privacy Regulations
- Data minimization: Only semantic data retained long-term; screenshots cleaned up after processing
- Local storage: Data stays on user's device
- User rights: Access and portability supported via in-app export; deletion requires manual removal of the database file (see Uninstallation section for paths)
- Lawful basis: Legitimate interest or consent (via employer)
APP (Australian Privacy Principles)
- APP 5 compliance: Employee notification template provided upon request
- Sample 'Employee Information Document' provided upon request
Employee Notification
Before deploying MemoryLane, employers must notify employees.
Uninstallation
Application Removal
- macOS: Drag MemoryLane to Trash
- Windows: Control Panel → Uninstall a program → MemoryLane
Data Deletion
Standard application removal removes the application binary but does not automatically delete user data. To completely remove all data, you must manually delete the following directories:
- macOS:
~/Library/Application Support/MemoryLane/and~/Library/Logs/MemoryLane/ - Windows:
%APPDATA%\MemoryLane\
These directories contain:
- Local SQLite database (semantic data, OCR text, embeddings)
- Configuration files (encrypted API keys, device identity)
- Cached embedding model
- Application logs
Contact
For security inquiries or audits:
Email: founders@trymemorylane.com
SenseFlow, Inc. 131 Continental Dr, Suite 305 Newark, DE 19713 United States
