Privacy

Journaling only works if it feels safe. Here's plainly how we handle what you write.

Double-blind logging. Our operational logs are built so that the people running this service can read them to fix problems without seeing who you are or what you wrote.

What we never put in logs

Your journal entries. The text you write is never written to our application or system logs.
Your IP address. Where an IP is needed (e.g. to stop brute-force logins), it is stored only as a one-way pseudonym, never the raw address.
Your name. Logs reference accounts by a pseudonymous tag (user#…), not your username.

What we do store

Your account (username plus a securely hashed password) and your journal entries, so you can log back in and find your writing.
Lightweight activity markers (e.g. "logged in", "entry saved") tied to your account id, with no content and no raw IP.
A small kernel memory: a few durable notes about you that the kernel keeps up to date after you save entries. You can view, edit, or clear it on your Home page.

How memory affects suggestions

Across-entries memory is on by default, and you can turn it off for any entry from the toggle in the editor. When it is on, a suggestion request includes your curated memory notes plus brief one-line gists of your recent entries, so a little more of your past writing reaches the model provider than a single isolated entry would. When it is off, only the entry in front of you is used.

One honest limit (for now). The reflective suggestions are generated by an AI model. Today, to produce a suggestion, the text of your current entry is sent to our model provider (OpenRouter) at the moment you ask for one. It is used only to generate your suggestion, never to train models on your writing, but it does leave our server for that request. If you'd rather not share a passage, simply don't trigger a suggestion on it.

Where this is going: we intend to move suggestion generation to a locally-run / self-hosted model in a future version, so your writing never leaves the server at all.

Your control

You can delete any entry at any time, which removes it from the database. Accounts are invite-only while we develop the platform, keeping it a small, deliberate space in these early days.

This is a prototype and this statement may evolve as the product does.

← Back to home