Privacy Policy
- Your journal entries are stored on your device by default. We do not have a server-side copy of them.
- When you use Go Deeper, your journal entry text and current conversation context are sent to third-party AI services to generate questions. No names, no emails, and no Apple ID are included.
- We use Zero Data Retention processing settings intended to prevent retention of submitted journal content for storage or training. Limited technical metadata, such as timestamps and token counts, may still be retained.
- We use privacy-focused analytics to understand which features work. No journal content is included in analytics events.
- We don't sell data. We don't run ads. We're an indie app.
Sotie Journal ("Sotie", "we", "our") is a privacy-first AI journal built for people who want clarity without giving up the intimacy of private writing. We collect as little data as possible, do not sell your personal information, and only send limited data off-device when it is necessary to provide specific features you choose to use.
1. Data You Create
Your journal entries, AI conversations, and saved reflection questions are stored locally on your deviceusing Apple's on-device database (SwiftData). We do not have a server-side copy of your entries and do not receive them unless you choose to use an AI feature or attach information in a support request. If you delete the app, your locally stored data is permanently removed from your device unless you have exported a backup.
2. AI Processing ("Go Deeper")
When you choose to use the "Go Deeper" feature, the text of your current journal entry and conversation context is transmitted to one or more third-party AI inference providers through OpenRouter, which acts as a routing service for AI requests. Here is what happens:
- What is sent: The text of your journal entry and the conversation so far. No personal identifiers (name, email, device ID, or Apple ID) are included in the request.
- How it is processed: Requests are routed through Zero Data Retention (ZDR) processing settingsintended to prevent retention of submitted journal content for storage or model training by the downstream AI provider.
- What the provider may retain: Technical metadata such as request timestamps, model used, and token counts may be retained by the routing and AI provider for operational purposes (billing, abuse prevention). This metadata does not include your journal content.
- Real-time processing: Your content is processed in real-time to generate a response. As with any encrypted internet request, data passes through standard network infrastructure in transit, but this transit processing is not the same as storing your journal content.
We work with reputable AI service providers and reserve the right to change providers at our discretion. Any provider we use for Go Deeper must be subject to the same core commitments described here: Zero Data Retention processing settings, no direct personal identifiers in the request, and no training on your submitted journal content. If we make a material change to these data practices, we will notify you in-app before or when the change takes effect. You will be asked for explicit consent before your content is sent to an AI service for the first time.
3. Analytics
We use TelemetryDeck, a privacy-first analytics service, to understand aggregate app usage patterns (e.g., which features are popular, session counts, device types).
- Analytics events do not include your journal content, name, email address, or Apple ID.
- No journal content is ever included in analytics events.
- TelemetryDeck uses a pseudonymous installation-level identifier that is hashed on-device before transmission. No raw identifier leaves your device.
- Analytics may include privacy-focused usage events, device type, app version, and similar coarse diagnostic or product-interaction data needed to understand how the app is used.
- TelemetryDeck describes its service as privacy-focused. Their privacy policy.
4. Support & Diagnostics
If you contact us through the in-app support form (Settings → Contact Us), the following information is included in your message:
- Your message text (written by you).
- Basic device information: device model, iOS version, and app version.
- Optional diagnostic logs: If you choose to include logs (via an opt-in toggle), the last 24 hours of app logs are attached. These logs are intended to contain technical events (e.g., feature usage, errors) rather than the text of your journal entries.
This information is sent via your device's default email client or share sheet. We do not collect it automatically. Support messages and attachments are used only to respond to your request and troubleshoot the issue you reported.
5. In-App Purchases
Subscription purchases are handled entirely by Apple through StoreKit. We do not process, store, or have access to your payment card information. Apple may retain purchase, billing, and transaction records under its own policies.
6. Data We Do NOT Collect
- Names, email addresses, or account credentials (Sotie has no user accounts)
- Location or GPS data
- Photos, contacts, or calendar data
- Advertising identifiers or cross-app tracking data
- Health, fitness, or biometric data
- Your journal content on our servers (we have no server-side copy of your entries)
7. Data Export & Deletion
- Export: You can export all your data at any time from Settings → Export Data.
- Deletion: To delete all your data, simply delete the app from your device. All locally stored data is permanently removed.
- AI requests:Because AI requests use Zero Data Retention processing settings, we do not expect a persistent copy of your journal content to remain with the AI provider after the response is returned. Limited technical metadata retained by the routing or AI provider (see Section 2) is subject to those providers' own retention policies.
- Other service data: Deleting the app does not delete operational records that may be retained separately by Apple, TelemetryDeck, OpenRouter, or downstream AI providers under their own policies, although those records are not a server-side copy of your journal entries.
8. Third-Party Services
We use the following third-party services to operate the App:
| Service | Purpose | Data shared |
|---|---|---|
| OpenRouter + downstream AI provider(s) | Reflection question generation and AI request routing | Journal entry text + conversation context (no direct personal identifiers). ZDR processing settings are used for submitted content. |
| TelemetryDeck | Anonymous usage analytics | Hashed user ID, anonymous usage events, device type. No content. |
| Apple (StoreKit) | Subscription billing | Handled exclusively by Apple. |
Each service operates under its own privacy policy. We are not responsible for the data practices of third-party providers.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Effective date" at the top of this document. If we make material changes to how your data is processed (for example, changing AI providers, sending new categories of data off-device, or adding new data collection), we will take reasonable steps to notify you through an in-app notice before or when the change takes effect. Routine editorial updates may be posted without separate notice. To the extent permitted by applicable law, your continued use of the app after the updated policy becomes effective constitutes acceptance of the revised policy.
10. Contact
Questions about your privacy or this policy? Reach us at support@sotie.app.