What We Collect
The short version
Lithium is end-to-end encrypted. We can’t read your notes, todos, or any content you create. We collect minimal operational data to keep the service running and fix bugs — and you can opt out of most of it. There are no tracking cookies, no fingerprinting, and no third-party analytics.
What we always collect
These are collected automatically when you use Lithium. They’re essential for operating the service.
Authentication events
When you register, log in, or fail to log in, we record that event. Successful events include your user ID. Failed logins do not identify you.
Error reports
When something breaks in the app, we automatically capture:
- Error message and stack trace (truncated to 2,000 characters)
- The page you were on when the error happened
- Basic app state — block counts, storage usage, memory info
- Console logs (last 1,000 lines)
- A fingerprint for deduplication — same error within an hour is only logged once
Error reports are:
- Automatically purged after 90 days
- Rate-limited to 10 per minute per session
- Filtered to exclude browser extension errors and known noise (ResizeObserver, chunk loading)
What’s NOT in error reports
- No encrypted content (your notes, todos, pages — never)
- No passwords or encryption keys
- No personal information beyond what’s listed above
What we collect with your permission
These are off by default. You can opt in via Settings > Account > Improve Lithium.
Page views
Every time you navigate within the app, we record:
- The page path (e.g.,
/login,/browse) — not the content of any page - The referrer — what page linked you here (if any)
- A visitor hash — your IP address and browser user agent are hashed together (SHA-256, truncated to 16 characters). The original IP is never stored. This hash can’t be reversed to identify you.
- Device type — mobile, tablet, or desktop (detected from user agent)
- Country — looked up from IP on arrival, then the IP is discarded
Page views are deduplicated (same path within 2 seconds is counted once).
Feature usage
Which features you use and how (e.g., slash commands, block types). No content is captured — just the action.
View time
How long you spend in different sections of the app (Browse, Calendar, Search, Today). Measured in seconds.
Bug reports and feedback
When you use Report a Bug or Share Thoughts (both in Settings > Account), you’re submitting information directly and voluntarily. Bug reports include:
- Your title and description
- Diagnostic info (device, app state, console logs — the same data as automatic error reports)
- Your email, if you choose to include it
You can preview and copy the diagnostic bundle before sending. These submissions are filed as GitHub issues.
Feedback submissions (“Share Thoughts”) include only what you type, plus your email if offered.
What we never collect
To be explicit:
- Your encrypted content — notes, todos, pages, calendar entries. The server stores encrypted blobs. We can’t decrypt them. This is the whole point.
- Your password — it never leaves your device. The encryption key is derived locally.
- IP addresses — hashed on arrival, original discarded immediately
- Tracking cookies — we don’t use any
- Browser fingerprints — no canvas fingerprinting, no font detection, nothing
- Third-party analytics — no Google Analytics, no Mixpanel, no Segment, no Sentry. Everything is first-party.
- Cross-site tracking — we don’t track you anywhere outside lithium.ac
Data retention
| Data | Retention |
|---|---|
| Signals (auth events, optional page views) | Indefinite (aggregated into daily/hourly rollups) |
| Error reports | 90 days, then automatically deleted |
| Bug reports / feedback | Indefinite (GitHub issues) |
| Encrypted content | Until you delete it |
Who can access this data
All operational data (signals, errors) is protected by Row-Level Security in the database. Only admin accounts can query it. There is no public API for this data.
Changes to this document
If we start collecting something new, we’ll update this page.