Privacy Policy
Last updated: 2026-07-13
Summary
- Many retained personal text fields are encrypted on your device and stored as ciphertext.
- The service cannot decrypt that ciphertext without the key held on your device. Some account, relationship, timing, completion, preference, and delivery data remains readable so the service can function.
- If you ask for an optional AI response, the moment you submit is sent over TLS for that response. When Memory context is on, a small selection of recent, active things you chose to retain is sent with it. Nothing new is added to your vault unless you choose Keep.
- Voice capture, provider-backed playback, and journal summaries are separate, optional actions. The app shows what will be sent before a user-authored recording or text leaves your device for one of those requests.
- No data brokerage—we don’t sell or rent your personal content.
- Account deletion removes active service data; residual backup copies expire through the service's rolling retention process.
Data We Process
Account basics: email, password hash (never your passphrase), subscription status.
Operational service data: timestamps, relationships between records, completion events, preferences, push-delivery state, subscription state, and minimal security and reliability logs.
Client-encrypted content: many user-authored note, focus, memory, and pattern text fields are encrypted on your device before storage. The operational fields described above are not all client-encrypted.
Optional AI response content: when you deliberately submit a moment for a response, we process that text in readable form. If Memory context is on, we also process a small selection of your recent active Direction, Chapter, Threads, Memories, or Patterns. You can turn Memory context off. This processing is separate from your encrypted vault, and the response remains transient unless you choose Keep.
Optional voice and summary content: when you start provider-backed voice capture, microphone audio is processed for transcription. When you deliberately generate a journal summary, that entry text is processed in readable form for that request. Provider-backed speech may also process the text selected for playback. These actions are separate from saving or opening a note, journal entry, room, or Wisdom card.
How We Use Data
- Provide and secure the service (account creation, auth, billing, support).
- Maintain security and reliability using minimal operational logs, without sending in-app pageviews or what you write to marketing analytics.
- Run aggregate analytics on public pages only after you allow it; the analytics container is not loaded before that choice and is excluded from the authenticated app.
- Compose an optional, finite AI response when you deliberately ask for one.
- Transcribe, summarize, or speak selected content when you deliberately start the corresponding optional action.
Storage & Retention
Account and service data is retained while your account is active and as needed to provide the service. Account deletion removes active records associated with your account. Residual copies in protected backups expire through rolling retention windows, subject to security, fraud-prevention, and legal obligations.
Third-Party Processors
We use trusted providers for infrastructure, analytics, and payments (e.g., hosting, error tracking, Stripe). We also use AI and voice providers only for actions you deliberately start, such as an optional companion response, voice transcription, journal summary, or provider-backed playback. Processors receive only the information needed for their role. For a companion response, the AI provider receives the submitted moment and, when Memory context is on, a small selection of recent active things you chose to retain—not your encrypted vault as a whole.
Security
- Client-side encryption for covered personal text fields; key custody remains with you and lost keys cannot be recovered by the service.
- TLS in transit and infrastructure encryption at rest, in addition to client-side ciphertext for covered fields.
- Strict access controls, logging, and regular security updates.
Your Choices
- Delete your account and associated active service data from Settings.
- Use the rooms and encrypted memory without asking for an AI response.
- Turn Memory context off to exclude retained records from future AI responses while leaving those records encrypted in your vault.
- Choose whether an AI response is kept in encrypted memory.
- Use text entry and original journal entries without starting voice transcription, provider-backed playback, or an AI summary.
- Keep optional public-site analytics off, allow it, or change that choice later from the site footer.
Contact
For privacy questions or requests: [email protected]
