Trust & Privacy

Anything you create here: your journal entries, the alters you welcome, your front log, internal weather, identity history, supporter connections, settings, and any media you attach. That’s the whole list.

For your account, we store your email address and a one-way hash of your password — not the password itself. We can’t look up your password, and neither can a hypothetical attacker who got the database. (This is industry-standard.)

We don’t store: your IP address for analytics, device fingerprints, location, or browsing history.

Data is encrypted at rest by our database provider (Supabase) using AES-256, the same standard used by banks. All connections to and from the app travel over HTTPS/TLS.

Inside the database, row-level security means other users on the platform cannot see any of your data — even if they tried. Each row is gated by your account ID.

We do not currently use end-to-end (zero-knowledge) encryption. We considered it. We chose not to ship it for v1 because the trade-off — if you forget your password, all your data is gone forever — is unsafe for a community where dissociative amnesia is part of daily life. We may revisit this if the community asks. We’d rather be honest about what we have than promise encryption we don’t actually deliver.

Other users: nothing. Not your name, not your alters, not your journals. The only way another user sees something is if you choose to post it to a public community room or share it with a friend system explicitly.

Supporters you invite: only what you grant them. Supporters get no access to journals or private notes by default. You control what they see, per supporter, in Settings.

The developer: technically has the ability to query the database, the same way every web-app developer does. (See the next section.)

Anyone else: no third parties. No advertisers. No analytics companies. No AI training partners. Period.

I, the developer, do not read your journals or personal data. Not for curiosity, not for marketing, not for testing, not for AI training, not for “research.”

The only times I would access your account data are:

• If you specifically ask me for help with a bug, a recovery, or something you can’t fix yourself — and we agree on what I’ll look at.
• If I am legally compelled by a court order or subpoena, in which case I will notify you if legally allowed.
• To investigate a security incident — e.g., a breach attempt — where I need to verify nothing was tampered with. In that case, I look at metadata (timestamps, row counts) and not your content.

If any of those happen, I will tell you. If you’d prefer I never access your account regardless of the reason, email me and I’ll honor that — you may need to handle account recovery yourself in that case.

• We don’t sell your data. Ever. Not to advertisers, not to data brokers, not to researchers.
• We don’t share with third parties for advertising, profiling, or behavioral targeting.
• We don’t use your data to train AI models. The optional AI features in this app (BlackoutBridge, Daily Digest, etc.) only run on demand and only on your data, with your consent.
• We don’t use third-party trackers — no Google Analytics, no Meta pixel, no Hotjar.
• We don’t require real names or real-world identifiers.

All your data is removed from our active database. Encrypted backups managed by our database provider are retained for a short window (typically up to 30 days) for disaster recovery, and are then permanently deleted by the provider on its standard schedule.

Once that window closes, your data is gone. No one — including me — can recover it.

If you grant a supporter access to part of your sanctuary, that supporter sees what you grant. When supporters view your data, that access is recorded in your Supporter Activity log so you can see when and what.

If you use the Emergency Override on a Privacy-Veiled note (when Strict Mode is on), that override is also logged in your activity feed. There is no quiet access — access is auditable by design.

This is a small app maintained by one person right now. If you want to ask anything — or report a security concern — email admin@oursystemsanctuary.com. Security reports get a same-day reply.

If this page ever changes in a way that affects what we can see or do with your data, we’ll notify you in the app before the change takes effect.