Last Updated: March 21, 2026
Within ("the App") is operated by Common Practice ("we," "us," or "our"). This Privacy Policy explains how we collect, use, and protect your information when you use Within.
By using the App, you agree to the collection and use of information as described in this policy.
1. Information We Collect
Information You Provide
- Account Information. When you sign in using Apple Sign-In or Google Sign-In, we receive your name (if you choose to share it) and email address. We do not offer email/password registration.
- Journal Entries. The text content you write in journal entries and quick reflections, including any notes you add.
- Emotion Selections. The emotions you select during journaling and quick reflections, including optional energy level selections.
- Voice Input. If you use the voice-to-text feature, your speech is processed on your device using Apple's built-in Speech framework. Audio is not recorded, stored, or transmitted to our servers or any third party. Only the resulting text transcription is saved as part of your journal entry.
Information Generated by the App
- AI-Generated Analysis. When you write a full journal entry, the App sends a redacted version of your text (with personally identifiable information removed — see Section 4) to third-party AI services to generate emotional insights, behavioral tone analysis, and reflection depth assessments. These results are stored with your entry.
- Derived Metrics. The App computes emotion blend data, patterns, themes, streaks, and other insight metrics locally on your device from your existing entries.
Information Collected Automatically
- Usage Analytics. We collect behavioral analytics through Mixpanel, including: which features you use, button taps, screen views, entry counts, and session frequency. We never send your journal content, AI-generated responses, emotion selections, or any personally identifiable information to Mixpanel. Analytics data consists only of event names, counts, booleans, and category labels.
- Device and Technical Information. Standard technical information such as device type, operating system version, and app version may be collected as part of analytics and crash reporting.
2. How We Use Your Information
We use your information to:
- Provide the core journaling and self-reflection experience
- Generate personalized emotional insights and pattern analysis
- Display your historical trends, streaks, and progress
- Improve app performance and fix bugs through aggregated, anonymous analytics
- Send you optional local notifications (reminders you configure — these are processed entirely on your device)
We do not use your information to:
- Sell or rent your data to third parties
- Display advertisements
- Build advertising profiles
- Train AI models on your journal content
3. Encryption and Data Security
Your privacy is central to Within's design. We use end-to-end encryption for all sensitive content:
- Journal entries, images, and profile data are encrypted on your device using AES-256-GCM (via Apple's CryptoKit framework) before being transmitted to or stored in our cloud database. Our servers never receive or store your content in plaintext.
- Encryption keys are derived per-user using HKDF-SHA256 and stored in your iOS Keychain. Keys sync across your Apple devices via iCloud Keychain, which is end-to-end encrypted by Apple. We never have access to your encryption keys.
- Unencrypted metadata — such as timestamps, emotion labels, word counts, and favorite markers — is stored without encryption to support app functionality like sorting, filtering, and syncing. This metadata does not contain the content of your reflections.
4. Third-Party Services
Cloud Infrastructure — Google Firebase
We use Google Firebase for:
- Authentication (Apple Sign-In and Google Sign-In processing)
- Cloud Firestore (encrypted data storage and cross-device sync)
Firebase processes your authentication credentials and stores your encrypted journal data. Firebase's privacy policy is available at firebase.google.com/support/privacy.
AI Analysis — OpenAI and Anthropic
When you write a full journal entry, the App sends your entry text to OpenAI and/or Anthropic for emotional and behavioral analysis. Before sending:
- Personally identifiable information is automatically redacted on your device. Names, locations, dates, and other identifying details are replaced with anonymous tags (e.g., "[PERSON_1]", "[LOCATION_1]").
- The AI service processes the redacted text and returns structured analysis (emotions, tone, themes).
- Identifying details are restored on your device after the response is received. The AI service never sees your actual personal information.
Quick reflections (emotion-only check-ins) are never sent to AI services. They are processed entirely on your device.
OpenAI's privacy policy: openai.com/privacy
Anthropic's privacy policy: anthropic.com/privacy
Analytics — Mixpanel
We use Mixpanel for anonymous behavioral analytics. Mixpanel receives only event names and metadata (e.g., "entry_saved," "emotions_selected: 3"). It never receives journal content, AI responses, emotion labels, or any text you write.
Mixpanel's privacy policy: mixpanel.com/legal/privacy-policy
Apple Speech Framework
Voice-to-text processing uses Apple's on-device Speech framework. Audio data is processed locally and is not sent to our servers. Apple's handling of speech data is governed by Apple's privacy policy at apple.com/privacy.
5. Data Retention
- Your journal data is retained as long as you maintain an active account. You can delete individual entries at any time from within the App.
- Account deletion. You may request full account deletion by contacting us at contact@seewhatswithin.com. Upon request, we will delete your account, all associated encrypted data, and all metadata from our servers within 30 days.
- Analytics data is retained in aggregated, anonymous form and cannot be traced back to individual users.
6. Data Sharing
We do not sell, rent, or trade your personal information.
We share data only with the third-party services described in Section 4, and only to the extent necessary to provide the App's functionality. We may also disclose information if required by law, legal process, or to protect the rights and safety of our users.
7. Your Rights
All Users
You have the right to:
- Access your data at any time through the App
- Delete individual journal entries within the App
- Request account deletion and removal of all associated data
- Opt out of analytics (contact us at the email below)
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know. You may request a copy of the personal information we have collected about you in the preceding 12 months.
- Right to Delete. You may request deletion of your personal information, subject to certain exceptions.
- Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.
- No Sale of Personal Information. We do not sell your personal information as defined by the CCPA.
To exercise these rights, contact us at contact@seewhatswithin.com. We will verify your identity and respond within 45 days.
8. Children's Privacy
Within is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at contact@seewhatswithin.com.
9. Cross-Device Sync
If you sign in to Within on multiple devices using the same account, your encrypted journal data will sync across those devices via Cloud Firestore. The data remains encrypted during transit and at rest. Only devices with your encryption key (stored in your iOS Keychain) can decrypt and display your entries.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the App or on our website at seewhatswithin.com. The "Last Updated" date at the top of this policy reflects the most recent revision.
11. Contact Us
If you have questions or concerns about this Privacy Policy or your data, contact us at:
Email: contact@seewhatswithin.com
Website: seewhatswithin.com
This privacy policy applies to the Within iOS application available on the Apple App Store.