Privacy Policy
The core promise: miLife is a zero-knowledge, offline-first application. Your memories, moments, and personal data are encrypted with AES-256-GCM on your device. We never have access to your data. It does not leave your device without your explicit action.
This is not a marketing claim — it is the architectural guarantee. We cannot read your memories because your data is encrypted with a key derived only from your password, which we never receive.
01 Scope of This Policy
This Privacy Policy applies to the milife.lpagesapplabs.com marketing website and the miLife application (Android, iOS, Windows, macOS) when it becomes available. As of the effective date, the app is in Phase 0 development and has not been publicly released.
02 Design Principles
03 Marketing Website Data
The milife.lpagesapplabs.com marketing website:
- Sets no cookies
- Runs no analytics scripts
- Stores no user data on our servers
- Requires no account creation
The "Notify Me" form opens your email client locally. No data is submitted to our servers — you control what is sent.
04 App Data: What We Collect
Your content (memories, moments, attachments): Stored exclusively on your device, encrypted with AES-256-GCM. We have zero access to this data.
Crash reports (opt-in): If you choose to share anonymous crash reports, these will contain system information (OS version, app version, stack trace — no personal content) and will be sent to a crash reporting service. This feature is opt-in; off by default.
No usage analytics by default. If we add any telemetry, it will be strictly opt-in, disclosed clearly, and will never include personal content.
No account system is planned. You do not need to create an account to use miLife.
Sync (future): If end-to-end-encrypted cloud sync is added in a future phase, it will be optional, and your encryption keys will never leave your device — only ciphertext travels to any server.
05 Encryption Architecture
Understanding the encryption model is key to understanding what is possible for us to access:
- Your password is processed through Argon2id (memory-hard KDF) on-device to derive an encryption key
- All data is encrypted with AES-256-GCM before being written to storage
- Your password and encryption keys are never transmitted anywhere
- Without your password, your data is cryptographically inaccessible — to us, to anyone
- The .life archive format preserves this encryption when you export
06 Third-Party Services (Website)
The marketing website loads fonts from Bunny Fonts (fonts.bunny.net), a privacy-respecting font CDN operated in the EU. Bunny Fonts sets no cookies, collects no personal data, and is not affiliated with Google. We use no analytics, advertising, or tracking services on this website or in the app.
07 Data Portability & Deletion
Your data belongs to you:
- Export: Export your entire life archive as a
.lifefile at any time from within the app - Delete: Uninstalling the app removes all locally stored data. There is no cloud backup to delete because no cloud backup exists by default
- Transfer: Your
.lifearchive can be opened on any device running miLife
08 Your Rights (GDPR)
Under the GDPR (for EEA residents), you have the following rights:
For any residual data we hold (email correspondence), email contact@lpagesapplabs.com and we will act within 30 days.
09 Children
miLife is designed for adults who want to document their life story. It is not directed at children under 13. We do not knowingly collect data from children. If you are a parent or guardian and have concerns, contact us at contact@lpagesapplabs.com.
10 Changes to This Policy
We will update this policy when app features change meaningfully. The effective date will be updated. We will notify users of material changes through the app itself when possible.
11 Contact & Data Controller
Data Controller: LPagesAppLabs / D.Badi
Email: contact@lpagesapplabs.com
You also have the right to lodge a complaint with your national data protection supervisory authority.