Privacy Policy

InkFirst is a private journal that helps you build a writing habit by letting your phone unlock only after you write. This policy explains what data the app collects, what happens to it, and your choices. Plain English first; the longer-form details follow.

The short version

• Your journal lives in your iCloud, not ours. Entries are saved on your iPhone and synced privately to your iCloud account so you can restore them if you reinstall the app. We do not run a cloud server that stores your journal — we never see the contents.
• Some features call AI on a per-request basis. When you tap features like Daily Prompt, Weekly Mirror, Monthly Story, or the Life Book, the relevant journal text is sent through our secure server-side infrastructure, which forwards it to a third-party AI provider listed below for processing and returns the result. The data is processed in transit and is not retained by us beyond the lifetime of the request.
• We collect limited telemetry to improve the app. InkFirst records basic information about whether features work or fail so we can improve reliability and fix bugs. This telemetry does not include journal text, prompt text, names, Apple IDs, payment details, selected Screen Time apps, or raw AI provider error responses.
• We do not sell your data, ever. No advertising. No cross-app tracking. No third-party tracking SDKs. No data brokers.
• You can delete everything. Settings → Reset wipes every journal entry, theme preference, mention, and onboarding answer from your device.

What data exists in InkFirst

1. Data you create and store in the app

When you use InkFirst, the following data is created and stored on your phone. This is your app data, not journal content that we collect, receive, or store on our servers.

• Journal entries — the text you write, the prompt you wrote against, the date, and word count.
• Auto-derived metadata — when an AI feature analyzes an entry, the result (mood score, mood label, topic themes, summary, life-event tags) is saved alongside the entry.
• Organizational metadata — recurring themes or entities (like names or places) that help you cross-reference your writing.
• Settings & preferences — your writing tone choice, theme, notification preferences, lockout schedule, and other in-app settings.
• Onboarding answers — the responses you provided during setup (your name, age bracket, journaling goals, frequency, blockers, and the optional bio fields). These shape how the AI writes about you.
• Subscription status — whether you are a free or paid user, plus any active win-back offer.
• Streak and unlock history — counts and timestamps used to render your streak indicator.

2. Data we don't collect

• We do not collect your contacts, photos, calendar, or device identifiers used for advertising.
• If you enable the sunrise theme, iOS may provide your approximate device location so InkFirst can calculate local sunrise and sunset times. That location is used on your device for the theme and is not sent to us. Separately, you may type an optional "where I am writing from" bio field during onboarding; that text stays with your local app data unless you choose an AI feature that uses it.
• We do not embed third-party SDKs that track you across other apps.
• We do not store your Apple ID, payment details, or credit card number — Apple handles all subscription processing (see "Apple's role" below).
• Our telemetry does not include your journal entries, AI prompt text, names, receipt IDs, transaction IDs, selected Screen Time apps, advertising identifiers, or raw AI provider error responses.

3. Screen Time data

InkFirst uses Apple's FamilyControls and ManagedSettings frameworks to block and unlock apps you select. Per Apple's design, which apps you select stays on your device and is not visible to us — not even the developer can read the underlying selection. The app only sees an opaque token that lets it apply the block.

4. App telemetry

To improve InkFirst, the app and our AI proxy collect limited telemetry about whether features work or fail. This helps us fix bugs, improve reliability, prevent abuse, and understand when the app needs attention.

This telemetry is not used for advertising, data brokerage, or tracking you across other apps or websites. It does not include your journal entries, AI prompt text, names, Apple IDs, payment details, selected Screen Time apps, or raw AI provider error responses.

How AI features work

When you use an AI-powered feature — like Daily Prompt, Weekly Mirror, Monthly Story, or the Life Book — the relevant journal text is sent encrypted in transit through our secure server-side infrastructure to a third-party AI provider listed below for processing. The result comes back to your device and is saved locally with your entry. If we add or replace a provider, we will update this policy before the change takes effect.

Each provider has its own privacy policy and API data-handling terms. Our calls use paid or commercial API configurations. Based on those providers' applicable API terms, API inputs are not used to train their models. Where provider controls are available, we configure usage to minimize retention:

• Groq Privacy Policy
• OpenAI Privacy Policy · OpenAI Business Terms
• Google Privacy Policy · Gemini API Terms
• Cloudflare Privacy Policy (our hosting infrastructure)

We do not retain a copy of your request or response on any server we operate. Our infrastructure logs only limited telemetry for reliability, cost control, and abuse prevention. We do not log your entry text or prompt text.

Apple's role (subscriptions)

InkFirst sells subscriptions through Apple's App Store using StoreKit. When you subscribe:

• Your payment, billing address, and Apple ID are processed by Apple, not by us.
• We receive a confirmation that your account is active, plus the subscription expiration date.
• Manage or cancel anytime in Settings → [your name] → Subscriptions on your iPhone.

See Apple's Privacy Policy for how Apple handles your purchase data.

Where your data lives

• On your iPhone: all journal entries, organizational metadata, mood/theme metadata, onboarding answers, and settings.
• In your iCloud account: your data is privately synced to your iCloud so you can restore it if you reinstall the app or set up a new iPhone. We have no access to the contents. If you are signed out of iCloud, the journal stays local-only on that device.
• In transit, briefly: the text passed to AI providers during a feature use. Provider retention practices are governed by the API terms linked above.
• In our telemetry store: the limited app telemetry described above. This store is for improving app reliability; it is not a journal database and does not contain your journal text.
• No journal server copy. InkFirst does not run a cloud server that stores your journal.

Your rights

Access and deletion

You can read, export, and delete your data directly inside InkFirst:

• Access — your journal is visible in the Journal feed; your Life Book, Insights, and Glossary surface every piece of derived metadata we hold about you.
• Delete an entry — open the entry and tap delete.
• Delete everything — Settings → Reset wipes the entire journal database from your device. There is no server-side copy of your journal for us to delete; the local wipe is the journal deletion.

Washington "My Health My Data" Act notice

InkFirst is operated from Washington State. Your mood scores and the text of your journal entries may, under Washington's My Health My Data Act, qualify as "consumer health data." Where the Act applies:

• We do not sell consumer health data.
• We do not share consumer health data with third parties for cross-context behavioral advertising.
• We process consumer health data only for the in-app features you initiate (entry analysis, Weekly Mirror, Life Book, etc.).
• You can withdraw consent and delete your data at any time via Settings → Reset.
• You may file a complaint with the Washington Attorney General's office.

California (CCPA) and other state rights

If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, your state may grant you additional rights to access, correct, delete, or port your personal data, and to opt out of "sale" or "sharing" of personal data. We do not sell or share personal data, so the opt-out is moot — but the access and deletion rights are honored as described above.

Children's privacy

InkFirst is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has provided personal data to InkFirst, please contact us at the address below and we will delete it.

Security

Your journal sits inside iOS on-device storage. Data leaving your device is encrypted in transit to our secure server-side infrastructure and on to AI providers. Limited app telemetry is stored in Cloudflare-hosted infrastructure. We use app-level request checks, rate limits, and abuse controls to reduce unauthorized traffic. We continue to improve this protection as the app scales.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you via email or in-app alert as required by law.

Changes to this policy

We may update this Privacy Policy as InkFirst evolves. The "Last updated" date at the top of this page reflects the most recent change. If we make a material change to how we handle your data — for example, adding a new third-party AI provider — we will give you notice in-app and update this policy before the change takes effect.

Contact

Questions, requests, or concerns about your data?

• Email: [email protected]
• Operating jurisdiction: State of Washington, United States