malem is a prototype travel-planning website. It is a static site that runs entirely in your browser. This page describes exactly what it does and does not do with your information.
malem does not run a server that collects your data. Everything you type, save, and connect stays inside your browser's local storage on your own device. When you use an optional integration (OpenAI, Anthropic, Pinterest), your browser talks directly to that provider using a key or token that you provide — that data is subject to their privacy policy, not ours.
The following are saved in this browser's localStorage and are never sent anywhere by malem itself:
Clearing your browser's site data for this domain permanently deletes everything above.
If you paste an OpenAI API key in Settings, your chat prompts are sent directly from your browser to api.openai.com using that key. malem is not a proxy — the request bypasses us entirely. See OpenAI's privacy policy.
If you paste an Anthropic API key, your chat prompts are sent directly from your browser to api.anthropic.com using that key. See Anthropic's privacy policy.
The Outfit inspiration page fetches Pinterest's public search page for a query built from your trip context (destination, season, modesty preference, day vs. evening, plus any keywords you add in Settings). The request goes through a public CORS proxy — the exact same result you would see by typing that query into pinterest.com in your own browser. No Pinterest account, login, or board is involved, and no personal Pinterest data is read. Pin images shown on the page are hosted by Pinterest's own CDN (i.pinimg.com) and remain subject to Pinterest's privacy policy. Any extra keywords you enter in Settings are stored only in this browser.
The community journal page displays a set of seeded example entries plus any journal entries you have marked as "Publish publicly" in this browser. Because malem has no backend, "publish publicly" only means that other accounts on this same browser can see the entry through the community view. Your entries do not leave your device unless you explicitly share them elsewhere.
malem's account and password system is a prototype and is not a secure authentication mechanism. Do not reuse a password you use anywhere else. The password hash stored locally is not cryptographic and is intended only to keep multiple accounts on the same browser separated.
API keys and OAuth tokens stored in localStorage can be read by any JavaScript that runs on this domain. Only paste keys you understand and can revoke.
malem is not directed at children under 13. Trip planning features include fields for children's ages and family constraints so an adult traveler can plan for their family, but children should not create accounts.
If this policy changes, the updated date at the top of this page will change and the new version will be visible at this URL.
malem is an open-source prototype maintained at github.com/kikhiamasahcollege-ai/malem. Questions and issues can be filed there.