Privacy

What we store. What we don't. What you own.

Technical specifics about your data, no vague promises, no boilerplate. Last updated May 2026.

Innerholm privacy practices at a glance
Practice Innerholm
Content scanning for adsNever
AI training on your entriesNever (without explicit consent)
Selling data to third partiesNever
End-to-end encryptionNot currently, server can read for sync/search
Account deletionImmediate, complete, irreversible
Data exportPlanned (Markdown, PDF, Day One ZIP)
Optional data features defaultOff by default, you opt in

What data does Innerholm store?

Innerholm stores your journal entry text, timestamps (created and updated), any tags you apply, and your account email address. Search queries are logged with result counts for performance monitoring, query text only, no entry content is stored in logs.

Optional data stored only when you enable specific features in Settings:

Optional, off by default:
  • Weather at time of writing (temperature, conditions), requires you to enable Weather Capture
  • Mood rating (1-5), requires you to enable Mood Tracking
  • Photo attachments, stored only when you upload photos
  • Usage telemetry (verbs only: entry created, search performed, etc.), requires you to enable Usage Analytics

We do not store: keystroke timing, draft history, scroll behavior, mouse movements, IP address (not retained after request processing), or any content you have not explicitly written into an entry.

Can Innerholm read my journal entries?

Technically: yes, the server infrastructure can read entries because they are stored server-side to enable sync and full-text search. Innerholm is not end-to-end encrypted. What we commit to: no human at Innerholm reads your entries; no automated system scans your content for advertising, AI training, or behavioral profiling. Your content is never used to train machine learning models.

Full-text search runs against your own data on our servers and returns results only to you. The search index is per-user, no cross-user matching occurs. Search query logs store the query text and result count for latency monitoring; they do not store which entries matched.

What "no content scanning" means technically:
  • No NLP pipeline runs against your text
  • No keyword extraction for advertising or recommendation
  • No sentiment analysis
  • No content moderation scan (journal entries are not public, moderation does not apply)
  • Full-text search is the only automated process that reads your content, and it returns results only to you

If end-to-end encryption is implemented in a future version, we will update this page with technical specifics including key management approach.

What happens to my data if I cancel?

If you delete your account via Settings > Account > Delete account, Innerholm hard-deletes all your data in a single database transaction: journal entries, tags, settings, search logs, and your account record. Deletion is immediate and irreversible, there is no grace period and no recovery path. Backups that contain your data rotate out on a 30-day cycle, after which your data is gone from all systems.

There is no "deactivation" option that preserves your data. Account deletion is the only exit path, and it is complete.

What gets deleted:
  • All journal entries (including soft-deleted entries)
  • All tags and tag associations
  • All photo attachments
  • Your user settings and consent flags
  • Your search query logs
  • Your account record (email, password hash)
Backup retention: Server backups that pre-date your deletion are rotated out within 30 days. We do not have a mechanism to surgically remove one user from an encrypted backup, the 30-day window is the technical reality.

Before deleting, consider exporting your data (Settings > Export, or contact support during early access). Once deleted, we cannot help you recover anything.

Does Innerholm use my data to train AI?

No. Innerholm does not use journal content to train machine learning models. If AI features are ever introduced that require sending content to a third-party model, that feature will be opt-in, clearly disclosed before any data is sent, and gated by a consent toggle in Settings. The default for every data-touching feature is off.

This applies to all current and future features unless we explicitly update this page and notify existing users before any change takes effect.

Does Innerholm share my data with third parties?

No. Innerholm does not sell, license, or share journal content with advertisers, data brokers, or analytics companies. Infrastructure providers (cloud hosting, database) process data as subprocessors under data processing agreements, they do not receive access to your content for their own purposes.

Current infrastructure subprocessors:
  • Cloud hosting provider, stores encrypted database backups and application files
  • Email provider, used only for account-related transactional email (password reset, account confirmation); no journal content is sent via email

How do I export my data?

Export is on the roadmap as an Innerholm+ feature. Planned formats: Markdown ZIP (one file per entry with YAML frontmatter), PDF, and Day One-compatible ZIP. During early access, contact support for a manual data export. You are never locked in, your words are yours to take.

The principle: Innerholm should never be the reason you stay. If export is not yet available in the app, email us and we will provide your data within 7 days.