We’ve designed the applications in the Moleskine Digital Studio suite to respect your privacy and secure your data. Our apps are supported by our user’s memberships - we don’t believe in selling your data, showing you ads/special offers, or annoying you with tricks or pop-ups.
All three apps use our membership service, which is a way to allow you to log in securely and allow the apps access to your preferences, content and memberships across iOS, Android and the web. There are currently three different ways to login: Google, Apple, or via email and password. We request only the minimum permissions from Google - your email address, your name and profile picture. Sign in with Apple allows you to choose to hide your email address, by generating a random anonymous email that looks like email@example.com. This data is encrypted in transit and at rest, and your password is hashed using Scrypt - an industry standard method for securing passwords.
In March 2021 we removed the Facebook SDK from our iOS apps. Our accounts site still has the Facebook SDK, to allow users who currently can only log in via Facebook to set a password for their account.
The first time you sign in, we’ll ask you if you’d like to opt-in to receive emails from us. If you dismiss the prompt or choose no then we’ll never ask you again. If you grant us permission to send you emails then we’ll securely transmit your name, email, language and information about which app memberships you have to our email service. We use a 3rd party service called Customer.io for this - you can read about their security here.
When Timepage is first opened you are asked for permission to access your calendar and contacts. Timepage will then sync with your iOS calendar locally - we never transmit or store your events, contacts and calendar data.
In order to provide weather information, rain, transit time to events and time to leave alerts, Timepage asks for permission for your location while you’re using the app. If you grant this permission then Timepage will periodically request up to date weather data from our API. Our API anonymises your location by rounding the latitude and longitude to the nearest ~10km for your privacy. We use a weather service called Aeris Weather, who receives only your anonymised location.
There is an option in Timepage to sync your Actions and Flow data in order to show your Actions and Flow documents on your timeline.
- Actions securely transmits and stores your Actions, lists and notes in the cloud using Firebase, a Google Cloud Platform product. (The terms of service for Firebase limit Google’s data usage to provide the services and other functionality stated in the ToS - so your data won’t be read by Google and used to show you ads!) We use Firebase to provide realtime syncing across devices and platforms, and security and permissions features that allow for sharing Actions/Lists between users.
Flow documents, pens and collections are securely transmitted and stored using Firebase. We use Firebase to provide realtime syncing across devices and platforms, and security and permissions features that allow for sharing documents between users.
Document thumbnails are securely transmitted and stored using Google’s Cloud Storage.
In order to support, maintain and improve our apps we use Google Analytics, Firebase Analytics, Firebase Performance Monitoring, and Fabric (all Google services). We send anonymised tracking events to these services to help us understand general trends in usage and performance of various features in the apps. We don’t send anything personally identifiable - none of your Actions, Flow or Timepage data is transmitted.
Here are some of the kinds of questions that these tools help us answer:
- Are new users discovering how to create Actions? (or do we need to improve how we explain this in onboarding?)
- How often do users start creating an event in Timepage and then cancel? (Is there something that people find confusing? How can we make this clearer?)
- How long does syncing calendar data in Timepage take? Has this improved with the latest update?
We also use Crashlytics (another Google service) for tracking crashes and app stability. This lets us see anonymised data about the number and type of errors so we can fix them - e.g. if the app is using too much memory on older devices, or if there’s a bug that only shows up on the new version of iOS.
— The MDS Team