Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address — for account identification, login, and transactional emails
• First and last name — for personalization within the app
• Authentication credentials — managed securely through our authentication provider (Supabase Auth). We never see or store your password directly.
• Sign in with Google (optional) — if you choose to sign up or log in with Google, we receive basic profile information (your name and email address) from Google to create or match your account. We do not receive your Google password.

1.2 Journal Content

The core of our Service involves your journal entries. We collect and store:

• Journal text — the content you write in each entry, stored as structured editor data
• Entry metadata — date, word count, writing metrics (time spent, typing activity)
• AI-generated analysis — summaries, key insights, identified themes, feelings, people, and topics derived from your entries (see Section 3 for details on AI processing)

1.3 Location Data

If you grant permission, we may collect:

• Geolocation data — latitude, longitude, and approximate address associated with journal entries
• Weather preferences — a saved location for weather data displayed alongside your entries

Location data is optional and only collected with your explicit consent through your device's location permissions. When you use the weather feature, we send the relevant coordinates to our weather provider (WeatherAPI.com) to retrieve conditions for that place and date; we do not send your journal content to the weather provider. You can turn this off at any time by revoking location permission or clearing your saved weather location.

1.4 Calendar Data

If you choose to connect a Google Calendar account, we collect:

• Calendar events — event titles, start/end times, and calendar metadata for dates you journal about
• OAuth tokens — securely stored access and refresh tokens to maintain the connection

You can disconnect your calendar at any time through your account settings.

1.5 Payment Information

We use Stripe to process payments on the web, and RevenueCat to manage subscriptions purchased through the Apple App Store on our iOS app. We do not store your credit card number, CVV, or full payment details on our servers. We retain:

• Stripe Customer ID — a reference linking your account to Stripe's payment system (web purchases)
• RevenueCat / App Store subscriber identifiers — references used to validate and restore subscriptions purchased in the iOS app
• Subscription status — whether your account is trialing, active, canceled, or past due
• Trial end date — to manage your 14-day free trial

When you purchase through the Apple App Store, Apple handles the payment and shares only the information needed to validate your subscription. For how these providers handle your data, see Stripe's Privacy Policy and RevenueCat's Privacy Policy.

1.6 Usage Data

We automatically collect:

• Device and browser information — IP address, browser type and version, device identifiers
• Usage patterns — pages visited, features used, time spent, and interaction data
• Diagnostic data — error reports and performance metrics

1.7 Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Session cookies — maintain your logged-in state and operate the Service
• Preference cookies — remember your settings (theme, timezone, date format, etc.)
• Security cookies — protect against unauthorized access
• Analytics cookies — understand how the Service is used so we can improve it

We use PostHog for product analytics and diagnostic error monitoring. Product analytics help us understand how users interact with the Service, and diagnostic error reports help us keep the Service reliable. You can learn more at PostHog's Privacy Policy.

You can turn optional analytics cookies on or off at any time using our cookie settings page. Diagnostic error monitoring may remain active to operate and protect the Service. Region-based prompts in the app may differ, but that page is always available if you use a VPN, travel, or want to change your choice.

You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, some portions of the Service may not function properly without cookies.

1.8 Voice Dictation (Audio)

If you use the optional voice dictation feature to speak an entry instead of typing it, your device records a short audio clip and sends it to our server, which forwards it to our third-party speech-to-text provider (OpenAI) for transcription. We use the resulting text to populate your entry. We do not store the audio recording after it has been transcribed — only the transcribed text becomes part of your journal, under the same protections as anything else you write. Dictation only runs when you actively start it, and is never always-listening. See Section 3 for how transcribed text is then handled.

2. How We Use Your Data

We use collected data for the following purposes:

• Provide and maintain the Service — storing your journals, syncing across sessions, and delivering core features
• AI-powered journaling features — analyzing your entries to surface insights, themes, and reflections (see Section 3)
• Personalization — applying your preferences for timezone, date format, weather location, and other settings
• Communication — sending transactional emails (account verification, password resets), optional daily journal reminders, product updates, and blog notifications based on your email preferences
• Payment processing — managing subscriptions, trials, and billing through Stripe (web) and RevenueCat with the Apple App Store (iOS)
• Streak and engagement features — calculating your journaling streak and related statistics
• Service improvement — analyzing aggregate usage patterns to improve features and fix bugs
• Security — detecting and preventing fraud, abuse, and technical issues
• Legal compliance — fulfilling legal obligations and responding to lawful requests

3. AI Processing of Your Journal Entries

This is important, so we want to be transparent about it.

When you write a journal entry that meets the minimum word count, our Service uses artificial intelligence to generate a structured analysis of your writing. We access these AI providers through their commercial APIs, under enterprise data-processing terms — not consumer chatbot products. Here is how it works:

• Analysis providers: To generate summaries, key insights, identified feelings, people, places, topics, and a highlight quote from your entry, we send your entry text to one or more third-party AI providers — currently Anthropic, Google, and/or OpenAI — which process it solely to return your analysis. We may change which of these providers we use to maintain quality and reliability; we will keep this policy current as our providers change.
• Embeddings provider: We create a numerical representation (an "embedding") of your analysis to enable semantic search across your journals. This is generated by one of our AI providers (currently OpenAI or Google). An embedding is a list of numbers and cannot be read back as your original text.
• Voice transcription: If you use voice dictation, your audio clip is sent to our speech-to-text provider (OpenAI) to convert speech to text, as described in Section 1.8.
• Purpose: These AI features exist solely to help you reflect on and search through your own writing. They are never used to advertise to you or to build a profile of you for anyone else.
• No training on your data: We do not use your entries to train AI models, and we do not permit our AI providers to do so. Anthropic, Google, and OpenAI process API inputs under their respective data-processing agreements, which exclude API content from model training by default.
• Intelligent search: If you ask a question about your journal history, your question and the most relevant excerpts from your own entries are sent to the analysis provider to produce a source-grounded answer drawn only from your writing.
• Your control: AI analysis is a core feature of the Service. If you prefer not to have a given entry analyzed, you may keep it below the minimum word count threshold, skip voice dictation, or contact us to discuss your options.

For more information, see Anthropic's Privacy Policy, Google's Privacy Policy, and OpenAI's API Data Usage Policy.

4. How We Share Your Data

We do not sell your personal data. We share data only in the following circumstances:

4.1 Service Providers

We use third-party service providers to operate the Service. These providers access your data only to perform tasks on our behalf and are contractually obligated not to disclose or use it for other purposes:

Provider	Purpose	Data Shared
Supabase	Authentication, database, and backend infrastructure	Email, name, login credentials, all stored data (encrypted at rest)
Stripe	Payment processing (web)	Email, subscription data, payment method (handled by Stripe directly)
RevenueCat / Apple	Subscription management and payment processing (iOS)	Subscription identifiers and status
Anthropic (Claude)	Journal analysis and intelligent search	Journal entry text and your search questions
Google (Gemini)	Journal analysis, embeddings, and intelligent search	Journal entry text and your search questions
OpenAI	Search embeddings and voice transcription	Journal analysis text; dictation audio (not retained after transcription)
WeatherAPI.com	Historical weather for your entries	Location coordinates and date only (no journal content)
Google Calendar	Optional calendar context (only if you connect it)	Calendar event details and OAuth tokens you authorize
PostHog	Product analytics and error monitoring	Anonymized usage and diagnostic data
Resend	Transactional and reminder emails	Email address, name

4.2 Legal Requirements

We may disclose your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of Where Was I
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

4.3 Business Transfers

If Where Was I is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5. Data Retention

• Journal content and analyses — retained for as long as your account is active, or until you delete specific entries or your account.
• Account data — retained for as long as your account is active. Upon account deletion, we schedule permanent removal of all your data (see Section 7).
• Payment records — retained as required by tax and financial regulations (typically 7 years for transaction records).
• Usage/analytics data — retained in aggregate, anonymized form; identifiable usage data is retained for up to 12 months.
• Backup copies — may persist in encrypted backups for up to 30 days after deletion from production systems.

6. Data Security

We implement commercially reasonable technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) and at rest
• Authentication through Supabase Auth's secure identity platform
• Server-side authorization — user identity is always derived server-side, never from client-provided data
• Optional PIN lock — if you enable an inactivity PIN, journal data cached locally in your browser for offline use is encrypted at rest using strong, industry-standard encryption (AES-256) with a key derived from your PIN. That key is held only in memory and is discarded when you lock the app, sign out, or change your PIN, so your local entries cannot be read without it.
• Regular security reviews of our infrastructure and dependencies

That said, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your Personal Data, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 All Users

Regardless of your location, you have the right to:

• Access your data — view your journal entries, analyses, and account information within the app
• Export your data — request a copy of your data in a portable format by contacting us
• Delete your account — initiate account deletion through Settings, which schedules permanent removal of all associated data
• Manage email preferences — control daily reminders, product updates, and blog post notifications in your account settings
• Disconnect integrations — remove Google Calendar or other connected services at any time
• Optional analytics cookies — manage PostHog analytics cookies on our cookie settings page

7.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to delete — request deletion of your personal information
• Right to correct — request correction of inaccurate personal information
• Right to opt-out of sale/sharing — we do not sell or share your personal information for cross-context behavioral advertising
• Global Privacy Control — if your browser sends a Global Privacy Control (GPC) signal, we treat it as a request to opt out of optional product analytics (PostHog) for that browser, consistent with applicable California regulations. You can also use our cookie settings page.
• Non-discrimination — we will not discriminate against you for exercising any of these rights

To exercise these rights, contact us at hi@wherewasi.org. We will verify your identity and respond within 45 calendar days (extendable by an additional 45 days with notice).

7.3 Rights for EEA/UK Residents (GDPR/UK GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights:

• Legal basis for processing — we process your data based on: (a) contract performance (providing the Service, including AI analysis of your entries), (b) legitimate interests (improving the Service, security, and fraud prevention), and (c) consent (optional features such as location data, voice dictation, calendar integration, and optional analytics cookies). Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Right of access — obtain a copy of your personal data
• Right to rectification — correct inaccurate personal data
• Right to erasure — request deletion of your personal data
• Right to restriction — request restricted processing under certain conditions
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — withdraw consent at any time for consent-based processing

To exercise these rights, contact us at hi@wherewasi.org. We will respond within 30 days (extendable by 60 days for complex requests). You also have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

Your information, including Personal Data, may be transferred to and maintained on servers located in the United States, where data protection laws may differ from those in your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer data to the United States for processing. Where required by applicable law (such as GDPR), we rely on appropriate transfer mechanisms, including Standard Contractual Clauses, to ensure your data is adequately protected.

Your continued use of the Service following submission of your information represents your agreement to such transfer.

9. Children's Privacy

Our Service is not directed to anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and you become aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers.

10. Global Privacy Control and Do Not Track

Global Privacy Control (GPC)

Some browsers and extensions can send a Global Privacy Control signal indicating a preference to opt out of certain uses of personal data, including some forms of “sale” or “sharing” under U.S. state privacy laws. When we detect a GPC signal, we disable optional product analytics (PostHog) for that browser by storing an essential-only analytics preference. This is in addition to any choices you make on our cookie settings page.

Do Not Track (DNT)

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no consistent industry standard for responding to DNT signals, our Service does not currently respond to them. We will update this policy if a uniform standard is established.

11. Links to Other Sites

Our Service may contain links to other sites not operated by us. If you click a third-party link, you will be directed to that party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and, where appropriate, via email. The "Effective Date" at the top of this policy will be updated accordingly.

We encourage you to review this Privacy Policy periodically. Changes are effective when posted on this page.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us:

Email: hi@wherewasi.org

For data-related requests, please include "Privacy Request" in the subject line so we can route your inquiry appropriately.