Privacy Policy

InkFirst is a private journal that helps you build a writing habit by letting your phone unlock only after you write. This policy explains what data the app collects, what happens to it, and your choices. Plain English first; the longer-form details follow.

The short version

• Your journal stays on your device. Entries are saved locally in iOS's on-device database. We do not run a cloud server that stores your journal.
• Some features call AI on a per-request basis. When you tap features like Daily Prompt, Weekly Mirror, Monthly Story, or the Life Book, the relevant journal text is sent to a Cloudflare Worker we operate, which forwards it to an AI provider (Groq, OpenAI, or Google) for processing and returns the result. The data is processed in transit and is not retained by us beyond the lifetime of the request.
• We do not sell your data, ever. No advertising. No analytics that track you across other apps. No data brokers.
• You can delete everything. Settings → Reset wipes every journal entry, theme preference, mention, and onboarding answer from your device.

What we collect

1. Data you create inside the app

When you use InkFirst, the following data is created on your device and stored locally in your phone's encrypted database:

• Journal entries — the text you write, the prompt you wrote against, the date, and word count.
• Auto-derived metadata — when an AI feature analyzes an entry, the result (mood score, mood label, topic themes, summary, life-event tags) is saved alongside the entry.
• Glossary mentions — names of people and places that the app extracts from your entries to help cross-reference your writing.
• Settings & preferences — your writing tone choice, theme, notification preferences, lockout schedule, and other in-app settings.
• Onboarding answers — the responses you provided during setup (your name, age bracket, journaling goals, frequency, blockers, and the optional bio fields). These shape how the AI writes about you.
• Subscription status — whether you are a free or paid user, plus any active win-back offer.
• Streak and unlock history — counts and timestamps used to render your streak indicator.

2. Data we don't collect

• We do not collect your contacts, photos, calendar, location (other than the optional "where I am writing from" field you might fill in during onboarding), or device identifiers used for advertising.
• We do not embed third-party SDKs that track you across other apps.
• We do not store your Apple ID, payment details, or credit card number — Apple handles all subscription processing (see "Apple's role" below).

3. Screen Time data

InkFirst uses Apple's FamilyControls and ManagedSettings frameworks to block and unlock apps you select. Per Apple's design, which apps you select stays on your device and is not visible to us — not even the developer can read the underlying selection. The app only sees an opaque token that lets it apply the block.

How AI features work

When you use an AI-powered feature — like Daily Prompt, Weekly Mirror, Monthly Story, or the Life Book — the relevant journal text is sent over HTTPS through our infrastructure to a third-party AI provider for processing. The result comes back to your device and is saved locally with your entry. Currently we route to Groq, OpenAI, or Google Gemini; if we add or replace a provider, we will update this policy before the change takes effect.

Each provider has its own privacy policy and API data-handling terms. Our calls use their commercial API tiers, which do not train on your data and process it ephemerally:

• Groq Privacy Policy
• OpenAI Privacy Policy · OpenAI Business Terms
• Google Privacy Policy · Gemini API Terms
• Cloudflare Privacy Policy (our hosting infrastructure)

We do not retain a copy of your request or response on any server we operate. Our infrastructure logs only minimal metadata — timestamps, HTTP status codes, and token counts — for cost control and abuse prevention. We do not log your entry text.

Apple's role (subscriptions)

InkFirst sells subscriptions through Apple's App Store using StoreKit. When you subscribe:

• Your payment, billing address, and Apple ID are processed by Apple, not by us.
• We receive a confirmation that your account is active, plus the subscription expiration date.
• Manage or cancel anytime in Settings → [your name] → Subscriptions on your iPhone.

See Apple's Privacy Policy for how Apple handles your purchase data.

Where your data lives

• On your iPhone: all journal entries, glossary mentions, mood/theme metadata, onboarding answers, and settings.
• In transit, briefly: the text passed to AI providers during a feature use, then released.
• Not on a server we control. InkFirst does not currently offer cloud sync. If you delete the app from your phone, your journal goes with it. We strongly recommend backing up via iCloud Backup if your journal matters to you.

Your rights

Access and deletion

You can read, export, and delete your data directly inside InkFirst:

• Access — your journal is visible in the Journal feed; your Life Book, Insights, and Glossary surface every piece of derived metadata we hold about you.
• Delete an entry — open the entry and tap delete.
• Delete everything — Settings → Reset wipes the entire database from your device. There is no copy on a server for us to delete; the local wipe is the deletion.

Washington "My Health My Data" Act notice

InkFirst is operated from Washington State. Your mood scores and the text of your journal entries may, under Washington's My Health My Data Act, qualify as "consumer health data." Where the Act applies:

• We do not sell consumer health data.
• We do not share consumer health data with third parties for cross-context behavioral advertising.
• We process consumer health data only for the in-app features you initiate (entry analysis, Weekly Mirror, Life Book, etc.).
• You can withdraw consent and delete your data at any time via Settings → Reset.
• You may file a complaint with the Washington Attorney General's office.

California (CCPA) and other state rights

If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, your state may grant you additional rights to access, correct, delete, or port your personal data, and to opt out of "sale" or "sharing" of personal data. We do not sell or share personal data, so the opt-out is moot — but the access and deletion rights are honored as described above.

Children's privacy

InkFirst is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has provided personal data to InkFirst, please contact us at the address below and we will delete it.

Security

Your journal sits inside iOS's on-device, file-system-encrypted SwiftData database. Data leaving your device travels over HTTPS (TLS 1.2+) to Cloudflare and on to AI providers. The Cloudflare Worker authenticates every request via a shared secret to prevent abuse.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you via email or in-app alert as required by law.

Changes to this policy

We may update this Privacy Policy as InkFirst evolves. The "Last updated" date at the top of this page reflects the most recent change. If we make a material change to how we handle your data — for example, adding a new third-party AI provider — we will give you notice in-app and update this policy before the change takes effect.

Contact

Questions, requests, or concerns about your data?

• Email: [email protected]
• Operating jurisdiction: State of Washington, United States