Home › Privacy

Privacy and lifelogging: who owns your memory?

A lifelog is the most intimate database that has ever existed about you. The 2025 acquisitions of Limitless and Bee showed exactly what happens when that database belongs to a company instead of to you. Here's how to keep ownership.

The 2025 lesson, in plain terms

Limitless made the most popular memory pendant in the world. Its users trusted it with years of conversations — doctors' visits, work meetings, arguments, bedtime talks. In December 2025, Meta acquired the company. Within weeks: device sales stopped; remaining users had to accept an updated privacy policy and terms of service to keep using the product; the service shut down entirely on December 19, 2025 for users in the EU, UK, Brazil, China, Israel, South Korea, and Turkey; and the company's Rewind app disabled all recording the same day. Continued support was promised for "at least a year." Earlier in 2025, Amazon had acquired Bee, whose ~$50 wristband transcribes nearly everything its wearer — and everyone within earshot — says.

Nobody using those products did anything wrong. They simply learned the structural truth of cloud lifelogging: your memories sit under someone else's terms of service, and those terms travel with the company, not with you. To their credit, Limitless shipped export and deletion tools during the transition — users who acted got their data out. That is the difference an export path makes, and it's the single most important thing to verify before you ever need it.

Cloud vs. local-first, honestly compared

Cloud lifelogging (Plaud, Omi, Bee…)Local-first (the Keeper, DIY setups)
Where audio & transcripts liveVendor's serversEquipment in your own home
Who sets the rulesTerms of service — changeable at acquisition, policy update, or shutdownYou; nothing to accept, nothing to sunset
AI featuresStrong and improving fast — big cloud modelsGood and improving — local transcription and search run well on modest home hardware in 2026
Ongoing costSubscription tiers for transcription/searchHardware you own; no monthly gate on your own memories
If the company disappearsExport window if you're lucky (Limitless offered one); bricked service if notNothing changes — the archive is already yours
Breach exposureOne vendor breach exposes many users' most intimate dataYour risk is your own home network — smaller target, your responsibility

Neither column is 'wrong.' Cloud is convenient and capable; local-first is sovereign. The mistake is choosing cloud without an exit plan.

What "local-first" actually means

Local-first lifelogging keeps the pipeline — recording, transcription, storage, search — on hardware you control: a home computer, a small server, or the device itself. In 2026 this stopped being exotic: open-source speech-to-text models transcribe accurately on an ordinary consumer GPU or even a recent laptop, and searching years of text is trivial for any home machine. The pieces exist; what's been missing is a product that assembles them for non-technical families. That is precisely the premise of the Keeper: the pendant records, your home equipment remembers, and the answer to "where is my data?" is pointing at a box in your own house.

Local-first has real obligations, too — honesty requires saying so. You own backups (two copies, one off-site, or a fire takes your memories with your house). You own the household's security basics. And you own deletion: a lifelog you control should still be one you prune, because some conversations don't deserve to be permanent.

A lifelog is also about other people

Your recordings contain other people's words. Data ownership means you also hold their privacy in your hands: guests who spoke candidly in your kitchen, a friend's medical news, a child's meltdown. The consent rules are in our recording-laws guide; the ethics go one step further — store other people's moments as carefully as you'd want yours stored, and delete on request without being asked twice.

Ten questions to ask any lifelogging vendor

Privacy questions, answered straight

Is cloud lifelogging just a bad idea, then?
No — it's a trade. Cloud products are polished and their AI is excellent, and for many people that convenience wins. The bad idea is entering the trade blind: no export tested, no thought about acquisition risk, other people recorded without consent. Take the trade knowingly or take the local-first path — both beat sleepwalking.
What should former Limitless users do right now?
Export everything while the tools exist — support was promised for at least a year from the December 2025 acquisition, and several regions have already lost service. Then decide your next platform with this page's checklist in hand. Our Limitless alternative page walks through the options, including ours.
How is the Keeper different on privacy, concretely?
Transcripts and search live on equipment in your own home — there is no company cloud copy to be acquired, subpoenaed en masse, or sunset. No subscription stands between you and your own past. The trade-off is honest too: you (or a family member) own backups and the home setup. Details on the Keeper page and our FAQ.
Does deleting from the app really delete it?
Only the vendor knows, which is why the retention question is on the checklist. Reputable vendors describe deletion windows and backup purge timelines in their privacy policies; if a policy is silent on what happens after you hit delete, assume copies persist and choose accordingly.

Memory that answers to you

The Keeper writes your day down at home, on your own equipment. No terms-of-service surprise can take it away.

Meet the Keeper Wearable buyer's guide