Privacy Policy

1. Who We Are

OneLineDiary is operated by Hitesh Nambiar, an individual developer based in Sweden. We are the data controller responsible for your personal data under applicable privacy laws.

For privacy questions or to exercise your data rights, contact:

If you are located in the European Economic Area (EEA) or United Kingdom and have unresolved concerns about our data practices, you have the right to lodge a complaint with your local data protection authority. A list is available at edpb.europa.eu.

2. What Data We Collect

We collect only what is necessary to provide One Line Diary. We do not collect data for advertising or sell your data to anyone.

Data we do NOT collect:

• •Location or GPS data
• •Contacts or phone data
• •Browsing history
• •Biometric data
• •Data from third-party sources

3. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

• •Contract performance (Article 6(1)(b)): Providing the journaling service, account authentication, and data storage are necessary to deliver the service you signed up for.
• •Consent (Article 6(1)(a)): AI processing of your diary entries requires your explicit opt-in. You can enable or disable it anytime in Settings.
• •Legitimate interest (Article 6(1)(f)): Security logs and abuse prevention measures are necessary for the safe operation of the service.

Special categories of data:

For diary entries that may contain special categories of personal data (such as health, emotions, beliefs, sexual orientation, or political opinions under GDPR Article 9), we rely on your explicit consent, which you give when you choose to write such information in the app and continue after being informed in the app and in this Privacy Policy. We never use this data for profiling, marketing, or any purpose other than delivering the service to you.

4. How AI Processing Works

AI features are off by default and require you to opt in. You can enable or disable them anytime in Settings or from the Reflections tab. Disabling AI does not affect writing, mood tracking, search, streaks, themes, or data export.

When AI features are enabled, your diary entry text is sent to external AI services to generate reflections and insights. Entry text is discarded immediately after processing.

AI providers:

• •Google (Gemini API): Weekly and monthly reflections, persona extraction, reflection chat
• •Anthropic (Claude API): Year in Review

How we protect your data during AI processing:

• •Paid API tiers only. We exclusively use paid API tiers from both Google and Anthropic. Under their paid API terms of service, your data is not used to train, improve, or develop their AI models.
• •Only entry text is sent. We never send your email, name, user ID, account details, photos, or any profile data to AI providers.
• •Structured identifiers stripped. Before entry text reaches an AI provider, our system automatically removes email addresses, phone numbers, credit card numbers, social security numbers, URLs, and IP addresses. Personal names, places, and life events mentioned naturally in your diary entries are intentionally kept and processed by AI to generate meaningful, personalized reflections.
• •Per-request processing, nothing stored. Entry text is sent to AI providers only when a reflection is being generated, then immediately discarded. Google may retain data up to 55 days and Anthropic up to 7 days for abuse monitoring. Neither uses your data for model training.

AI Persona Profile:

To provide personalized reflections, we maintain an AI-generated profile of patterns from your entries — including people you mention, routines, places, and milestones. This profile is stored on your device and used as context when generating reflections. It is permanently deleted when you disable AI features.

Your control over AI:

• •You can disable AI features at any time (Settings → Privacy & Data)
• •Disabling AI permanently deletes all generated reflections and your persona profile
• •Your diary entries are never affected — they remain safely stored on your device

5. Data Storage & Security

Where your data is stored:

• •Diary entries and photos: Stored on your device, optionally backed up to your iCloud account. Never stored on our servers.
• •Account data: Your authentication profile (email, preferences) is stored by Supabase.
• •AI reflections: Stored on your device. Deleted when you disable AI.
• •AI persona profile: Stored on your device. Deleted when you disable AI.

Security measures:

• •All data in transit is protected using HTTPS/TLS
• •Local data is stored in the app's protected sandbox on your device
• •Authentication is handled by Supabase Auth with industry-standard security
• •API routes authenticate every request using JWT tokens
• •Server-side API keys are never exposed to the client

6. International Data Transfers

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data may be transferred to and processed in the United States through our third-party processors.

These transfers are protected by:

• •Standard Contractual Clauses (SCCs) as approved by the European Commission
• •Data Processing Agreements (DPAs) with each processor
• •Additional technical safeguards including HTTPS/TLS in transit and protected local storage

7. Data Retention

• •Diary entries and photos: Kept on your device until you delete them individually or delete your account.
• •AI reflections: Stored on your device. Deleted when you disable AI or delete your account.
• •AI persona profile: Stored on your device. Permanently deleted when you disable AI or delete your account.
• •Account data: Kept until you delete your account.
• •Server logs: Automatically deleted after 30 days.
• •Account deletion: All data permanently removed from our systems. Data previously sent to AI providers is purged per their retention schedules (Google: up to 55 days, Anthropic: 7 days).

8. Third-Party Processors

We share your data only with the following trusted service providers:

We do NOT share your data with:

• •Advertisers or ad networks
• •Data brokers
• •Analytics platforms
• •Any other third parties not listed above

9. Cookies & Tracking

One Line Diary uses only essential cookies required for authentication and session management. We do not use:

• •Advertising or marketing cookies
• •Third-party tracking cookies
• •Analytics cookies
• •Social media pixels or trackers

10. Your Rights

For all users:

• •Access: Export all your data anytime in JSON or CSV format from Settings
• •Rectification: Edit any diary entry or profile information at any time
• •Erasure: Delete individual entries or your entire account from Settings
• •Restrict processing: Disable AI features while keeping your diary fully functional
• •Data portability: Export your data in a structured, machine-readable format (JSON)

Additional rights for EEA/UK residents (GDPR):

• •Right to object to processing based on legitimate interest
• •Right to lodge a complaint with your local data protection supervisory authority
• •Right not to be subject to automated decision-making

Additional rights for California residents (CCPA/CPRA):

• •Right to know what personal information we collect and how we use it
• •Right to delete your personal information
• •Right to opt-out of sale — we do NOT sell your personal information
• •Right to non-discrimination

To exercise any of these rights, contact us at privacy@onelinediary.com or use the in-app controls in Settings. We will respond within 30 days (GDPR) or 45 days (CCPA).

11. Children's Privacy

One Line Diary is intended for users aged 16 and older. We do not knowingly collect personal information from anyone under 16. This threshold complies with GDPR Article 8 (which sets 16 as the default age for digital consent) and exceeds the COPPA minimum of 13.

By creating an account, you confirm that you are at least 16 years old.

If we learn that we have inadvertently collected data from a user under 16, we will delete the account and all associated data immediately. If you believe someone under 16 has created an account, please contact us at privacy@onelinediary.com.

12. Data Breach Notification

In the unlikely event of a data breach that affects your personal data:

• •We will notify the relevant supervisory authority within 72 hours
• •If the breach is likely to result in a high risk to your rights, we will notify you directly via email
• •We will document all breaches and the remedial actions taken

13. Mental Health Disclaimer

One Line Diary is a personal journaling tool. It is not a mental health service, therapy tool, or medical device. AI-generated reflections are for personal reflection purposes only and do not constitute professional advice.

If you are experiencing a mental health crisis, please contact a qualified professional or your local emergency services. In the US, you can reach the 988 Suicide & Crisis Lifeline by calling or texting 988.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• •We will update the “Last updated” date at the top
• •For significant changes, we will notify you via email or in-app notification
• •Continued use after changes take effect constitutes acceptance

15. Contact Us

For any questions about this Privacy Policy, to exercise your data rights, or to report a concern:

We aim to respond to all inquiries within 72 hours and to all formal data rights requests within 30 days.