Privacy Policy

Last updated: April 3, 2026

1. Who We Are

Quiet Pages ("we," "us," "our") is a private digital journal application. We are the data controller responsible for your personal data. If you have questions about this policy or your data, you can reach us at support@quietpages.ai.

2. What Data We Collect

We collect and process the following categories of personal data:

• Account information: Your name, email address, and profile image, provided through your authentication provider (Google, GitHub, or email).
• Journal entries: The text you write in your journal, including mood selections and timestamps.
• AI responses: The responses generated by our AI companion in reply to your entries.
• Payment information: If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We store only your Stripe customer ID and subscription ID — never your card number or payment details.
• Support messages: If you contact us, we store your message, subject, and email address.
• Technical data: Session information necessary to keep you logged in.

3. Legal Basis for Processing (GDPR Article 6)

We process your data based on the following legal grounds:

• Contract performance: Processing your journal entries and generating AI responses is necessary to provide the service you signed up for.
• Legitimate interest: Maintaining security, preventing abuse, and improving the service.
• Consent: Where required, such as optional features and communications. You may withdraw consent at any time.
• Legal obligation: Where we are required to retain data by law.

4. How We Use Your Data

Your data is used exclusively to:

• Provide and maintain the journal service, including AI-generated responses
• Remember your past entries so the AI can maintain conversational context
• Generate pattern insights and mood analytics from your entries
• Process payments for premium subscriptions
• Respond to your support inquiries
• Protect against misuse of the service

We do not use your data for advertising, profiling, or marketing purposes. We do not sell your data to third parties.

Your entries are never used to train AI models. When our AI generates a response, your entry is sent to the Anthropic API for that single request. Anthropic does not use API data to train their models.

5. Data Encryption

Journal entries and AI responses are encrypted at rest using AES-256-GCM encryption before being stored in our database. Your data is also encrypted in transit using HTTPS (TLS).

The AI companion feature requires server-side access to your entries to generate responses and recognise patterns. Your entries are never read by any person, never shared, never sold, and never used for training.

6. Data Sharing and Third Parties

We share data only with the following service providers, each acting as a data processor on our behalf:

• Anthropic (Claude AI): Your journal entry text is sent to Anthropic's API to generate AI responses. Anthropic does not use API inputs to train their models.
• Stripe: Handles payment processing for paid subscriptions.
• Replit / Neon: Our hosting and database infrastructure provider.
• Microsoft Edge TTS: Text of AI responses may be sent to Microsoft's text-to-speech service if you use the voice reading feature.
• SendGrid: Handles transactional email delivery (welcome emails, reminders, trial notifications).

We do not share your journal content with any other third parties.

7. Data Retention

We retain your data as follows:

• Journal entries and AI responses: Stored for as long as your account exists. You may delete individual entries at any time from within the app.
• Account data (name, email, preferences): Retained until you request account deletion.
• AI memory profile: A summary of your writing patterns built by the AI companion. Retained while your account exists and deleted immediately when you delete your account.
• Payment records: Managed by Stripe and retained as required by tax and financial regulations (typically 7 years). We cannot delete these as they are held by Stripe.
• Support messages: Retained for up to 2 years after the inquiry is resolved.
• Server logs: Automatically purged after 30 days.
• Database backups: Encrypted backups are automatically deleted after 30 days.

8. How to Delete Your Data

You can delete your account and all associated data at any time:

• Open the Quiet Pages app or visit quietpages.ai
• Sign in to your account
• Open Settings (gear icon)
• Scroll to Danger Zone
• Tap Delete My Account and confirm

When you delete your account, the following data is permanently and immediately deleted from our servers:

• Account profile (name, email, preferences)
• All journal entries and AI responses
• Mood tracking history
• AI memory and personalisation profile
• Notification and reminder preferences
• Referral codes and history
• Shared entry links (revoked)
• Email log and session data

After deletion, no trace of your data remains on our systems within 30 days (allowing for backup rotation). Stripe may retain payment records independently.

If you cannot access your account, email support@quietpages.ai and we will process the deletion within 30 days.

You can also delete individual journal entries at any time without deleting your entire account. Open any entry in the Timeline view, tap the delete icon, and confirm.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure ("right to be forgotten"): Request deletion of your account and all associated data.
• Right to data portability: Export your data in a machine-readable format (JSON or CSV) from the Settings page.
• Right to restrict processing: Request that we limit how we use your data.
• Right to object: Object to processing based on legitimate interest.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint: You have the right to file a complaint with your local data protection authority.

To exercise any of these rights, email support@quietpages.ai. We will respond within 30 days.

10. Data Security

• All data is transmitted over HTTPS (TLS-secured connections)
• Journal entries are encrypted at rest using AES-256-GCM
• Database access is restricted and authenticated
• User data is isolated — each user can only access their own entries
• API keys and secrets are stored securely and never exposed to the frontend
• Parameterized database queries prevent SQL injection
• Rate limiting protects against abuse

11. International Data Transfers

Your data may be processed in the United States by our service providers (Anthropic, Stripe, Replit). Each provider relies on EU Standard Contractual Clauses (SCCs) to ensure GDPR-compliant international data transfers.

12. Cookies

We use only strictly necessary cookies — specifically, a session cookie to keep you logged in. We do not use analytics cookies, advertising cookies, or any third-party tracking.

13. Children's Privacy

Quiet Pages is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by displaying a notice in the app. The "Last updated" date at the top indicates when the policy was last revised.

15. Contact

For any questions about this privacy policy or to exercise your data rights, email support@quietpages.ai.