Dear Thoughts
Join waitlist

Legal

Privacy Policy

Last updated: January 2026

This Privacy Policy explains how Dear Thoughts ("we", "us", "our") collects, uses, and protects your information when you use our mobile application and website.

We have written this in plain language wherever possible. If anything here is unclear, email us at privacy@dearthoughts.com.

1. What we collect

1.1 Account information

When you create an account, we collect your email address for authentication, and any display name you choose to set. We do not collect your phone number, address, or government ID.

1.2 Journal content

Your journal entries, voice notes, mood selections, and Foundation check-in responses are encrypted on your device before being transmitted to our servers. We cannot read your entries. Our staff cannot read your entries. Database administrators cannot read your entries.

1.3 Usage data

We collect minimal, anonymised usage signals to keep the app working:

  • App version, device platform (iOS or Android), preferred language
  • Crash reports and error logs (without entry content)
  • Feature usage counts (e.g. "user opened Foundation 4 times this week")

1.4 Optional features

If you opt-in to AI features (Ask your journal, Future Self letter, Body signal, etc.), the specific text you submit for that request is sent to Anthropic for processing, then discarded. It is not stored on our servers beyond the duration of the request, and is never used to train any AI model.

2. How we use your data

  • To provide and operate the app (sync entries, send notifications you enabled)
  • To improve reliability (crash reports, anonymised diagnostics)
  • To respond to your support requests
  • To comply with legal obligations where applicable

3. What we do NOT do

  • We do not sell your data to anyone. Ever.
  • We do not use your journal entries to train AI models.
  • We do not show you ads.
  • We do not share your entries with third parties (except encrypted backups via Supabase, see below).

4. Third-party services

We use a small set of trusted providers to run the service:

  • Supabase — encrypted database hosting and authentication. supabase.com/privacy
  • Anthropic — AI processing for opt-in features only. anthropic.com/privacy
  • Expo — push notification delivery (if you enabled notifications). expo.dev/privacy
  • Sentry — anonymised crash reporting (entry text never included).

5. Data retention

Your journal entries are retained until you delete them or delete your account. When you delete your account, we permanently remove all your data from our servers within 30 days, and from backup archives within 90 days.

6. Your rights

Under GDPR (if you are in the EU/EEA/UK) and similar laws elsewhere, you have the right to:

  • Access — request a copy of all data we hold about you
  • Export — full export of your entries in plain text and Markdown, directly from the app
  • Correction — update or correct any inaccurate information
  • Deletion — delete your account and all associated data
  • Portability — take your data with you in a standard format
  • Object — to certain processing activities

To exercise any of these rights, email privacy@dearthoughts.com. We respond within 30 days.

7. Children

Dear Thoughts is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will remove the account.

8. Security

We use end-to-end encryption for journal content, TLS for all data in transit, biometric locks for app access, and a one-tap panic wipe to remove all local data. No system is perfectly secure, but we have designed for the threat model of a personal journal.

9. International transfers

Our infrastructure is hosted in the European Union (Supabase EU region). When AI features are used, encrypted prompts may transit to Anthropic's infrastructure in the United States, processed under Standard Contractual Clauses.

10. Changes to this policy

We will notify you via the app and email of any material changes at least 30 days before they take effect. Your continued use after the change indicates acceptance.

11. Contact

Privacy questions: privacy@dearthoughts.com
General support: support@dearthoughts.com

Data controller: Dear Thoughts, Romania.