Effective Date: July 14, 2026
Operator: Common Practice LLC
Contact: contact@seewhatswithin.com
Within is a private journaling and self-reflection app. What you write and feel belongs to you. This policy explains what we collect, how it is protected, and who, if anyone, can see it.
Information We Collect
- Account information. Your name and email address when you sign in with Apple, Google, or email and password. If you use Apple's Hide My Email, we receive only the private relay address.
- Your journal content. Journal entries, emotion selections, and any photos you attach to an entry. This content is encrypted on your device before storage.
- Voice input. If you use voice entry, audio is transcribed entirely on your device using an on-device speech model. Your audio is not recorded, stored, or transmitted off your device.
- Non-sensitive metadata. To support search, sorting, and charts, we store entry timestamps, emotion labels, word counts, and bookmarks. This metadata does not include your written reflections.
- Usage analytics. We collect anonymous product-usage events, such as features used and screens viewed, through Mixpanel. These events never include journal content or personally identifying text.
- Diagnostics. We collect anonymous crash reports through Firebase Crashlytics to fix bugs. These reports are not associated with your identity and do not include journal content.
- Notifications. If you enable notifications, we store a device push token to deliver reminders and reflections.
How Your Content Is Protected
Your journal entries and photo attachments are encrypted on your device using AES-256-GCM before they are sent to the cloud. Your encryption key is derived uniquely for you and stored only in your iOS Keychain, where it can sync across your own devices through iCloud Keychain. The key never leaves your devices or reaches our servers, which means we cannot read your entries or view your photos. Only the salt used to re-derive your key on a new device is stored in the cloud.
AI-Powered Reflection
Within uses AI to generate emotional insights and reflections from your entries. Before text is sent for analysis, personal identifiers such as names and places are removed on your device. Only the redacted text is sent through a secure proxy to Anthropic for primary emotional analysis and OpenAI for supporting tasks. The response is re-personalized on your device. Your photos are never sent for AI analysis; image text recognition happens on your device.
We do not use your journal content to train AI models.
Service Providers
We use a small number of trusted providers to operate Within. We do not sell your data or share it with advertisers or data brokers.
- Google Firebase. Authentication, encrypted content storage through Firestore and Cloud Storage, our AI proxy through Cloud Functions, notifications through Cloud Messaging, crash diagnostics through Crashlytics, and abuse prevention through App Check. Firebase stores your content only as encrypted data it cannot read.
- Anthropic and OpenAI. Receive redacted journal text solely to generate reflections.
- Mixpanel. Anonymous product-usage analytics only.
- Apple and Google Sign-In. Account authentication.
What We Don't Do
- We do not track you across other apps or websites, and we do not use advertising identifiers.
- We do not sell or rent your personal data.
- We do not read your journal entries or view your photos. They are encrypted with a key only you hold.
Data Retention and Deletion
You can delete individual entries at any time. Deleted entries remain in Recently Deleted for 30 days so you can restore them before they are permanently removed. You may request full account deletion at any time. We remove your account and associated data within 30 days of processing your request.
Your Rights
You can access and delete your content, and request account deletion, from within the app or by emailing us. Depending on where you live, you may have additional rights.
- California residents. Under the CCPA and CPRA, you may have rights to know, access, and delete your personal information, and the right not to be discriminated against for exercising those rights. We do not sell personal information.
- Analytics. You can opt out of usage analytics in the app's Settings or by contacting us.
Children
Within is rated 13+ and is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us information, contact us and we will delete it.
Changes to This Policy
We may update this policy as the app evolves. We will revise the effective date above and, for material changes, notify you in the app.
Contact
Questions about this policy or your data can be sent to contact@seewhatswithin.com.