Privacy Policy

Last updated: April 2026

1. Data Controller

Deniz Erginos, Hauptstr 37, 76872 Steinweiler, Germany ("we", "us", or "our"), operating as AI Journal, is the data controller responsible for the processing of your personal data. If you have any questions about this privacy policy or our data practices, please contact us at privacy@aijournal.app.

2. Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Email address and platform preference (Android or iOS) provided when joining our waitlist or creating an account.
  • Journal Entries: Text and voice-to-text content you create within the app. Entries are stored locally on your device by default (SQLite database). Cloud sync is optional and available through Google Firestore, Google Drive, or iCloud, using end-to-end encryption.
  • Voice & Audio Data: When you use voice-first journaling, audio recordings are temporarily processed for speech-to-text transcription via a third-party AI provider. Audio is not permanently stored on our servers. The resulting text is cleaned and structured by AI before being saved as a journal entry.
  • Mood Data: Mood ratings you assign to journal entries (Bad, Neutral, or Good), used for mood tracking, calendar visualization, and pattern analysis.
  • AI-Generated Insights: Themes, emotional patterns, monthly recaps, and growth suggestions generated from your entries by AI analysis. These are derived data stored alongside your entries.
  • Streak & Activity Data: Journaling streak counts and consistency metrics tracked within the app.
  • Usage Data: Anonymous analytics about how you interact with the app, including page views and feature usage.
  • Device Information: Device type, operating system, and browser type for compatibility and debugging purposes.
  • Contact Information: Name, email, subject, and message content when you use our contact form.
  • Preferences: Theme preference (light/dark mode), language selection, dictation mode, AI suggestion settings, and biometric authentication preferences.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain the AI Journal service, including local-first storage and optional cloud synchronization.
  • To transcribe voice recordings into text using speech-to-text AI processing, and to clean and structure the resulting entries.
  • To generate AI-powered insights, including monthly recaps, theme detection, emotional pattern analysis, and personalized growth suggestions from your journal entries.
  • To track and display mood patterns, streaks, and calendar visualizations.
  • To send you service-related notifications (e.g., waitlist updates, beta invitations).
  • To respond to your support and contact inquiries.
  • To improve our service through anonymized, aggregated analytics.
  • To display API usage costs for AI-powered features with full transparency.

4. Third-Party Services

We use the following third-party services to operate AI Journal:

  • Vercel: Website hosting and edge delivery. Vercel processes request data (IP address, user agent) for serving content. See Vercel Privacy Policy.
  • Resend: Transactional email delivery for contact form submissions and waitlist notifications.
  • OpenRouter: AI model routing service used for voice-to-text transcription, entry text cleanup and structuring, theme detection, and monthly recap generation. Journal entry content is sent to AI models via OpenRouter for processing. See OpenRouter Privacy Policy.
  • Google Firebase / Firestore: Optional cloud storage and synchronization backend for journal entries. Only used if you enable cloud sync. See Firebase Privacy and Security.
  • Google Drive: Optional backup and synchronization backend for journal data. Only used if you select Google Drive as your storage option.
  • Apple iCloud: Optional backup and synchronization backend for journal data on iOS. Only used if you select iCloud as your storage option.

5. Cookies & Local Storage

Our website uses minimal cookies and local storage for essential functionality:

  • Theme Preference: We store your light/dark mode preference in local storage.
  • Locale Preference: Your language selection is stored to serve content in your preferred language.
  • Analytics: Vercel Analytics may set anonymous cookies for page view tracking. No personally identifiable information is collected through analytics.

We do not use advertising cookies or tracking pixels. We do not sell your data to third parties.

6. Local-First Architecture & Data Storage

AI Journal follows a local-first architecture. By default, all journal entries, mood data, and preferences are stored exclusively on your device using a local SQLite database. Your data never leaves your device unless you explicitly enable cloud synchronization.

If you choose to enable cloud sync, you can select from multiple storage backends (Google Firestore, Google Drive, or Apple iCloud). All cloud-synced data is protected with end-to-end encryption, meaning only you can read your journal entries.

7. Voice Data Processing

When you use voice-first journaling, your audio recording is sent to an AI service (via OpenRouter) for speech-to-text transcription. The audio is processed in real-time and is not permanently stored on our servers or by third-party AI providers beyond the duration needed for transcription. The resulting text may be further processed by AI to clean, structure, and enhance your entry. You can review and edit the result before saving.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You can request a copy of your personal data at any time.
  • Right to Rectification: You can request correction of inaccurate personal data.
  • Right to Erasure: You can request deletion of your personal data ("right to be forgotten").
  • Right to Restriction: You can request restriction of processing of your personal data.
  • Right to Data Portability: You can export all your journal entries and personal data at any time. AI Journal supports full data export functionality.
  • Right to Object: You can object to processing of your personal data.
  • Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@aijournal.app. We will respond to your request within 30 days.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

  • Waitlist Data: Email addresses and platform preferences are retained until you unsubscribe or the waitlist is closed.
  • Journal Entries: Stored locally on your device and retained until you delete them. Cloud-synced entries are retained until you delete them or your account.
  • Voice & Audio Data: Audio recordings are processed transiently for transcription and are not retained after processing is complete.
  • AI-Generated Data: Insights, recaps, and detected themes are retained as long as the associated journal entries exist.
  • Contact Form Submissions: Retained for up to 12 months after the inquiry is resolved.
  • Analytics Data: Anonymized analytics data is retained for up to 24 months.
  • API Cost Records: Usage cost tracking data is retained for transparency and billing purposes as long as your account is active.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Local-first storage with on-device SQLite database as the default, ensuring your data stays on your device.
  • End-to-end encryption for all cloud-synced journal entries.
  • Biometric authentication (fingerprint) and PIN-based fallback for app access.
  • TLS encryption for all data in transit, including AI API requests.
  • Encryption at rest for all stored data.
  • Regular security assessments and updates to our infrastructure.

11. Children's Privacy

AI Journal is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new privacy policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us: