Linger is a personal diary app. Your diary entries are stored in your own Google Drive. The app uses Cloudflare Pages Functions as a thin backend layer to handle OAuth authentication and to proxy Google Drive API requests — it does not store or process your diary content.
The app accesses the following via OAuth:
linger_diary/ folder)The refresh token is stored server-side in Cloudflare KV (a key-value store provided by Cloudflare) and is used only to obtain fresh access tokens when needed. The browser never receives the access token or refresh token directly.
OAuth tokens are used exclusively to create, read, update, and delete your diary entries in Google Drive on your behalf. They are not used for any other purpose.
The Cloudflare Pages Functions backend acts as a proxy: your browser sends requests to
/api/drive/… endpoints, which add the appropriate Google authorization header and
forward the request to the Google Drive API. Diary content passes through Cloudflare's network
in transit but is not stored there.
When you sign in, a session is created and stored in Cloudflare KV with a 30-day expiry.
The session record contains your Google refresh token and a cached access token.
Your browser receives a session identifier as an HttpOnly, Secure,
SameSite=Strict cookie (linger_session). The cookie contains only the
session ID — no tokens or diary content.
This app uses localStorage to persist non-sensitive preferences only:
linger_autosave — whether auto-save is enabledlinger_theme — theme preference (light / dark / system)linger_font — font preferencelinger_language — language preference (en / ja)linger_had_session — a true/false flag indicating whether the user was previously signed in, used to show a "continue with your previous session" prompt on the login screenlinger_session_user — the email address of the last signed-in user, used to detect account switches and clear locally cached diary data before another user signs inlinger_fontsize — font size preferencegp-save-timings — the last 10 save durations (in milliseconds), used to animate the save progress bar; contains no diary contentNone of these contain diary content or authentication tokens.
To enable instant startup, this app caches diary entry metadata and content in your browser's
IndexedDB under the key linger_diary_cache. This data is stored locally on your
device and is never transmitted anywhere. It is cleared automatically when you sign out.
You can also clear it manually via your browser's developer tools or by clearing site data.
We do not share, sell, or transmit your data to any third party. Diary entries reside entirely within your own Google Drive account. Session data (OAuth tokens) is held in Cloudflare KV solely to operate the service and is not disclosed to any other party.
This app requests only the https://www.googleapis.com/auth/drive.file scope.
This scope grants access only to files created by this app — it does not
provide access to the rest of your Google Drive.
This app uses Cloudflare Web Analytics to collect basic, aggregated traffic data. It is cookie-free and does not track individual users. No personal data is collected or stored. The data collected includes page views, referrers, country, device/browser type, and Core Web Vitals. This data is processed by Cloudflare, Inc. (a US company) and is retained for up to 6 months. For details, see Cloudflare's Privacy Policy.
This app uses no advertising or behavioural tracking of any kind.
All diary content is stored in the linger_diary/ folder in your Google Drive.
You can delete it at any time by removing that folder.
To delete your server-side session, sign out from within the app or revoke access via
Google Account → Apps & services.
Revoking access also invalidates the stored refresh token.
Diary content is stored and protected by Google Drive's security infrastructure. Server-side session data is stored in Cloudflare KV, which is isolated per account. OAuth tokens are never exposed to the browser; the browser only holds an opaque session cookie. All communication between the browser, Cloudflare, and Google uses HTTPS.
For privacy-related questions, please contact:
europeanplaice@gmail.com