Persona 4: The Privacy Advocate

We build "Memory for the First User," not "Surveillance of Others." Our terms of service and UI emphasize consent. Audio recording has visual indicators. We are creating a tool for introspection, not espionage.

They get a pile of encrypted nonsense. Because we use client-side encryption, we do not possess the private keys. We cannot decrypt user data even under court order. This "Warrant Canary" architecture is fundamental to our trust model.

We do not record 24/7 by default. We use "VAD" (Voice Activity Detection) and geofencing. Users can whitelist specific locations (e.g., Office, Home) and blacklist others (e.g., Bedroom). The user is the ultimate gatekeeper of the microphone.

You do. The vectors are a derivative work of your personal data. Our EULA explicitly states that the user retains 100% ownership of both raw media and the generated semantic index.

This is the "WhatsApp Scenario." We are creating a "Poison Pill" in our data architecture. Because the keys are on user devices, an acquirer cannot perform a retroactive mass-scan of existing data without breaking the encryption—which requires user permission.

Yes. We will offer a "Self-Hosted Docker" option for the technical privacy extremists. They can run the synchronization server on their own NAS (Example: Synology or Raspberry Pi), bypassing our cloud entirely.

It would leak encrypted blobs associated with random UUIDs. Without the client-side keys (which are never on S3), the data is statistically indistinguishable from noise. PII is minimal.

Absolutely not. We do not use user data for "Global Model Training." Your data remains in your local inference sandbox. We improve our models using public datasets and paid, consenting testers.

Biometric lock (FaceID/Fingerprint) on app launch. Additionally, the encryption keys are in the Secure Enclave—even with physical access, extraction is nearly impossible without your biometric.

Only anonymized analytics ("User searched 5 times today"). Never the content of the query. Search queries are encrypted in transit to our cloud infrastructure and we don't log query contents.

No. We don't have ads. Our business model is subscription. Zero incentive to share data.

We use privacy-first analytics (PostHog self-hosted or Plausible). No third-party trackers. No cookies. Clean.

No. Even "anonymized" data can be de-anonymized. We don't touch that business model.

Stripe handles payment data, not memory data. They're PCI-DSS compliant. Even if breached, they don't have access to your memories.

Yes, we use cloud AI APIs for AI processing. Privacy protections: 1) Media stays local on device, 2) Only necessary metadata sent (encrypted), 3) Zero retention - providers don't train on our API usage, 4) We're contractually bound to privacy-preserving practices. Cloud AI enables better features while maintaining privacy through architectural design.

Yes. Right to access, rectification, erasure, portability—all built-in. We're also CCPA compliant for California.

One button: "Delete Account." All cloud data is cryptographically erased within 24 hours. We can't recover it even if we wanted to.

Only anonymous usage stats (for legal/tax purposes). Email hash (to prevent re-signup abuse). No personal content.

We don't operate in markets with invasive data localization requirements. If we enter China, it would be via a separate legal entity with explicit user consent.

Under-13 requires parental consent. The parent creates a "Family Vault" and controls the child's data until they turn 13.

None. We're pre-launch. Post-launch, we'll publish a transparency report annually.

Within 72 hours (GDPR requirement). Email + in-app notification. Full disclosure.

We're considering open-sourcing the encryption layer. For now, third-party security audits (published publicly) provide verification.

Yes. Plain English, 2 pages max. No legalese traps. If you can't understand it, we've failed.

We'll email 30 days in advance. You can export and delete before the change takes effect. No retroactive changes without consent.

Face analysis happens via Gemini Vision API with privacy protections: faces are detected and matched, but biometric templates are encrypted. Media stays on your device. You can disable face recognition entirely in settings.

We transcribe voice to text using Gemini's speech-to-text. The audio file is stored locally, encrypted. We don't extract voiceprints for identification (that's surveillance tech). Transcription happens via secure API, original audio never leaves device unencrypted.

Yes. Disable face recognition, use text-only search. It's less magical but fully functional.

GPS coordinates are stored locally. If you sync to cloud, they're encrypted. You can disable location tagging entirely in settings.

No. We store location per photo, not continuous tracking. We're not building a movement heatmap.

Technically yes, but it's unethical and potentially illegal (wiretap laws). We encourage transparency. The UI has visual indicators when recording.

You can "Mute" or "Delete" specific people from your index. Their faces/voices won't surface. It's your memory; you control it.

Not technically (it's your data), but ethically, yes. We provide "Blur Face" tools for sensitive cases.

We actively discourage this. Our TOS prohibits coercive use. Dzikra is for personal empowerment, not corporate control.

Yes. On first launch, you accept terms. You can toggle specific AI features (face recognition, voice transcription) individually.

Our architecture protects you regardless. Even in a jurisdiction with no privacy laws, the encryption prevents local access.

We'd refuse and exit that market. We won't compromise the global architecture for one region.

We'd comply with providing metadata ("User X exists") but cannot decrypt content. We'd challenge gag orders legally.

Yes. We use EU-based cloud regions for EU users (data residency). Full GDPR compliance.

We use Standard Contractual Clauses (SCCs) and encryption. EU data stays in EU data centers where possible.

Yes. We audit for bias regularly (facial recognition accuracy across races, genders). We publish bias reports annually.

Users can correct. Each correction improves the personal model. We show confidence scores to signal uncertainty.

Absolutely not. We only recognize faces you have photographed. No external databases.

We design against dark patterns. No "infinite scroll," no manipulative notifications. The goal is utility, not addiction.

We always cite sources. If Dzikra says "You said X," it shows the timestamp and audio snippet. Verification is built-in.

No. You share specific "Memory Capsules," not your entire vault. Granular control.

That's a relationship issue, not a tech one. We don't facilitate spousal surveillance. Your vault is yours.

No joint accounts (security risk). But you can share "Family Memories" where both contribute and both have access.

Your contributions are removed from the shared space. Others' copies remain (they own their perspective).

Until age 13 (COPPA), yes. After 13, the child gains full control and can revoke parental access.

You designate a "Legacy Contact" (like Apple). They can access your vault after death with legal proof (death certificate).

Yes. "Digital Will" feature. Set policies: delete all, transfer to family, or archive publicly (with consent).

After 2 years of inactivity, we send warnings. After 3 years, account is frozen. After 5 years, deleted (per GDPR).

Yes. You own your data. You can legally transfer ownership via a will.

Yes, but they'll get encrypted data. Only the deceased's legacy contact has the keys. We can't decrypt.

We use C2PA digital signatures. Memories captured via Dzikra are cryptographically signed. Tampered data is flagged.

Not without a court order. We fight overbroad requests. Your memories aren't for sale to insurers.

Possible. We comply with lawful subpoenas. But again: encrypted data. The spouse needs your key.

This is why consent is critical. Elderly users must actively consent. Coercive installations violate TOS.

We have abuse detection (unusual access patterns). Victims can lock accounts immediately. We work with safety orgs.

We'll migrate to post-quantum encryption. Your data is re-encrypted with new standards transparently.

Your local data remains intact. Cloud data can be exported before shutdown. We'll give 90 days notice.

We can't. The architecture doesn't support it (data is encrypted). Pivoting to ads would require rebuilding from scratch.

No. It's in our founding charter. If the company is acquired, this clause remains binding.

Third-party audits (published), open-source encryption library, bug bounty program. Trust, but verify.

Because we designed the system to not require trust. Even if we turn evil, the encryption protects you. Trustless by design.

For most companies, yes. For us, it's the foundation. Without privacy, Dzikra is just surveillance. We can't afford to compromise.

We oppose mass surveillance. We support targeted, lawful investigations. We fight overbroad warrants in court.

Yes. We support strong privacy regulation (GDPR-style globally). Good regulation helps users and ethical companies.

Privacy isn't about hiding. It's about control. You own your story; no one else should profit from it without consent.

They'd get encrypted blobs. Without user keys (device-side), the data is useless. Our bounty is low compared to centralized systems.

Role-based access control. No single employee can access user data. Even admins see only anonymized metadata.

Then we have bigger problems than Dzikra. But seriously: the AI processes locally. It doesn't "know" you beyond your device.

We'd emergency-patch with post-quantum algorithms. It's a race, but we're monitoring NIST standards closely.

Your local data remains accessible. Dzikra is "offline-first." The cloud is a luxury, not a dependency.

We'll publish technical whitepapers and invite cryptographers to audit. "Prove" is hard, but we'll get as close as possible.

Google Photos: D (monetizes data). Apple Photos: B (closed ecosystem). Dzikra: A (zero-access, open about tradeoffs).

Our TOS is a contract. If we violate it, you can sue. We're happy to include specific privacy SLAs for enterprise customers.

Catastrophic key management bug exposes a user's keys. We'd disclose immediately, offer forensics support, and compensate affected users.

Don't. Verify. Check our architecture. Read the audits. Test the export tools. We designed Dzikra so you don't have to trust us. That's the point.