Your Privacy Matters

Your journal is deeply personal. We built Hush Pages with privacy at its core.

Last updated: February 2025

The Short Version

Your memories belong to you. We never sell your data. We never share your journal entries. We use encryption to keep your content safe.

Our Privacy Promise

When you trust us with your thoughts, memories, and reflections, protecting that trust is our highest priority.

We never sell or share your personal data with advertisers
We will never access your data without your explicit consent
We never use your content to train AI models
Your data is encrypted in transit and at rest

Information We Collect

πŸ‘€

Account Information

Email address, name, and profile details you provide during registration. If you sign in with Apple or Google, we receive your email and name from those services.

πŸ“

Your Content

Journal entries, memories, photos, voice notes, and any other content you create in Hush Pages. This content is stored securely and is only accessible to you.

πŸ“±

Device & Usage Data

Device type, operating system, app version, and general usage patterns. This helps us fix bugs and improve the app. We don't track which specific entries you view.

πŸ”

Optional Permissions

Location (for weather-based prompts), microphone (for voice journaling), camera and photos (for adding images). These are optional and you control each permission.

How We Use Your Data

☁️

Provide the Service

Store and sync your journal across devices

πŸ”§

Improve the App

Fix bugs and develop new features based on aggregated usage patterns

✨

Personalization

Provide relevant journaling prompts and insights based on your preferences

πŸ›‘οΈ

Security

Protect your account and detect suspicious activity

πŸ“§

Communication

Send important updates about your account or the service (never marketing without consent)

AI Features & Your Privacy

When you use AI features like Ask My Journal, Smart Prompts, or chat with Aeslar:

Your content is sent to our AI providers (Google Gemini, xAI Grok) to generate responses
We send only the minimum context needed for each request
AI does not have access to your photos or videos
AI providers do not store your data or use it for training their models
AI conversations are stored in your account for continuity
You can delete AI chat history at any time

How We Protect Your Data

πŸ”

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256)

☁️

Secure Infrastructure

SOC 2 Type II certified cloud infrastructure

🚫

Access Controls

Employee access is restricted and logged β€” no one reads your entries unless you contact support and explicitly authorize it

πŸ‘†

Biometric Lock

Optional Face ID/Touch ID protection β€” biometric data is processed on your device only and never sent to our servers

Why server-side encryption? We use industry-standard server-side encryption (TLS in transit + AES-256 at rest via Google Cloud) rather than device-side encryption. This ensures you never lose access to your memories if you lose your device, forget a passphrase, or switch phones. Your data is protected by Google Cloud's security infrastructure, and access is tightly controlled and audited.

Third-Party Services

We work with trusted partners to provide our services:

Secure Cloud Infrastructure

Authentication, database, and secure storage

Google Gemini

AI features and content analysis

xAI Grok

AI conversation and journaling assistance

RevenueCat

Subscription management (no access to journal content)

Apple/Google

Sign-in authentication (if you choose to use it)

All third-party providers are contractually bound to protect your data and not use it for their own purposes.

Your Rights & Control

You have full control over your data:

πŸ‘οΈ

Access

View all data we have about you

πŸ“₯

Export

Download your journal entries

✏️

Correct

Update any inaccurate info

πŸ—‘οΈ

Delete

Permanently delete your account

🚫

Object

Object to data processing

πŸ“€

Portability

Transfer to another service

To exercise any of these rights, go to Settings β†’ Account or contact support@hushpages.com

Data Retention

We keep your data only as long as you have an active account.

Account Active

All your data is securely stored and accessible

Account Deleted

30-day recovery window begins

After 30 Days

Personal data permanently deleted

After 90 Days

Backups completely purged

Legal Compliance

πŸ‡ͺπŸ‡Ί

GDPR (European Union)

If you're in the EU, you have rights to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal basis for processing is your consent and legitimate interests.

πŸ‡ΊπŸ‡Έ

CCPA (California)

California residents have the right to know what data we collect, request deletion, and opt-out of data sales. We do not sell your personal information.

πŸ‘Ά

COPPA (Children's Privacy)

Hush Pages is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from children.

International Data Transfers

Your data may be processed in the United States where our servers are located. We ensure appropriate safeguards are in place:

Standard Contractual Clauses with all service providers
Encryption of all data in transit and at rest
Compliance with EU-US Data Privacy Framework where applicable

Questions About Privacy?

We're happy to answer any questions about how we handle your data.

support@hushpages.com