Privacy Policy

Last updated: March 2026

Inkhorn is a personal journaling application. Your privacy is not a feature we bolt on — it is the foundation. We collect only what is necessary to provide the service, we never sell or share your data, and we never use your content to train AI models.

What We Collect

• Account information: email address, name (optional), and hashed password. If you sign in with GitHub, we receive your GitHub profile name and email.
• Journal content: entries, mood ratings, emotion labels, people, events, media attachments, tags, and version history.
• Contacts: names, photos, email addresses, phone numbers, birthdays, relationship types, and notes you choose to store.
• Behavioral features: aliveness mapping conditions, aspirations, spaced repetition review state, and evening prompt preferences.
• Session data: IP address and user agent string, stored for active sessions only.

How Your Data Is Stored

Your data is stored in a SQLite database hosted by Turso (libsql). Media attachments and contact photos are currently stored as base64-encoded text within the database. Data is transmitted over HTTPS but is not encrypted at rest beyond the hosting provider's infrastructure-level encryption.

What We Do Not Do

• We do not process your journal content with AI or machine learning.
• We do not serve advertisements.
• We do not use analytics or tracking scripts.
• We do not sell, rent, or share your data with third parties for marketing.
• We do not use your writing to train any model.

Third-Party Services

• Turso (database hosting) — stores all application data.
• Cloudflare (hosting, CDN) — serves the application.
• Resend (email delivery) — sends password reset emails. Receives your email address only when you request a password reset.
• LaunchDarkly (feature flags) — receives your anonymized user ID to determine which features are enabled. No email, name, or journal content is sent.
• GitHub (OAuth) — used only if you choose to sign in with GitHub. We receive your profile name and email.
• Google (OAuth) — used only if you choose to sign in with Google. We receive your profile name and email.
• Google (contacts import) — used only if you choose to import contacts from Google. Access is requested once and not stored.

Cookies & Local Storage

We use a session cookie for authentication. We use localStorage to store your theme preference and UI settings. We do not use tracking cookies or third-party cookies.

Your Rights

• Export: You can download all your journal entries as JSON or Markdown from the Settings page at any time.
• Delete: You can request permanent deletion of your account and all associated data from the Settings page. After requesting deletion, there is a 7-day grace period during which you can cancel. After the grace period, deletion is irreversible.
• Access & Correction: You can view and edit all your data directly within the application.

If you are in the EU, you have additional rights under the GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority. If you are in California, you have rights under the CCPA including the right to know what data is collected and the right to request deletion.

Data Retention

Your data is retained for as long as your account exists. When you delete your account, all data is permanently removed from our database. We do not retain backups of deleted accounts.

Contact

For privacy-related questions or requests, email privacy@inkhorn.app.