Privacy Policy
WrittenWords
Effective date: June 1, 2026
This Privacy Policy explains how WrittenWords collects, uses, stores, and shares information when you use the WrittenWords website, web app, iOS app, backend services, and related features.
This draft is written for review before launch. Replace any bracketed items before publishing.
Who We Are
WrittenWords is a personal journaling service for writing, digitizing, organizing, and searching journals.
References to "WrittenWords," "we," "us," and "our" mean WrittenWords LLC, the operator of WrittenWords.
Contact: support@written-words.com
Summary
WrittenWords is built around private journal content, so the important points are straightforward:
- We do not sell your journal content.
- We do not use your journal content for advertising.
- We do not market WrittenWords as end-to-end encrypted or zero-knowledge.
- Our servers process plaintext journal content when needed to provide features like OCR, semantic search, exports, sync, and account recovery workflows.
- Journal entry bodies are encrypted by our backend using AWS Key Management Service envelope encryption before they are stored in the database. Raw database access alone should not expose journal entry bodies.
- Some journal-related metadata is not encrypted with the same envelope-encryption process, including titles, notebook names, dates, page numbers, search embeddings, OCR uncertain-word records, image metadata, usage records, and other operational metadata.
- Uploaded journal images may be stored so you can review them, attach them to entries, and revisit scanned pages. In production, uploaded image files are encrypted by our backend using AWS KMS envelope encryption before object storage.
- AI features send journal images or text to OpenAI for processing.
- Search embeddings are stored unencrypted because semantic search requires comparing vectors.
- We use cookieless, aggregated website analytics to understand basic site usage and performance.
Information We Collect
Account Information
We collect information needed to create and manage your account, such as:
- Email address
- Name, if provided
- Authentication identifiers from our sign-in provider
- Subscription tier or account status
- Account creation and update timestamps
We use this information to authenticate you, secure your account, provide support, and operate the service.
Journal Content
We collect the content you choose to store in WrittenWords, including:
- Typed journal entries
- Uploaded journal page images
- OCR text extracted from uploaded images
- Corrections you make to OCR text
- Notebook names, notebook descriptions, page numbers, entry dates, and organization metadata
- Margin notes, doodle descriptions, tags, uncertain words, and other review metadata created during OCR
We use this information to store, display, search, organize, edit, export, and delete your journal archive.
Journal entry bodies, margin notes, doodle descriptions, doodle tags, and extracted equation records are encrypted before database storage when production encryption is configured. Other information, including titles, notebook metadata, page/date metadata, uncertain-word review records, image metadata, search embeddings, and usage records, may be stored separately and may not be encrypted with the same envelope-encryption process.
Search Embeddings
When semantic search is enabled, WrittenWords creates search embeddings from your entries, OCR text, doodle descriptions, and search queries. An embedding is a numeric representation that helps the app find entries by meaning, not just exact words.
Embeddings are not intended to recreate your original journal text, but they can reflect the general meaning of an entry. We treat them as sensitive metadata. They are stored unencrypted because semantic search requires comparing embeddings directly.
Images and Camera Access
On iOS, WrittenWords may ask for camera access so you can capture journal pages. Images are uploaded only when you choose to submit them for OCR or storage.
Uploaded images may be normalized before storage. This can include applying orientation, stripping metadata, resizing large images, converting them to JPEG, and generating thumbnails.
Uploaded images are stored in object storage or local storage depending on deployment. In production, our backend encrypts uploaded image bytes using AWS KMS envelope encryption before storage, then decrypts them after authentication when serving them back to you.
Billing Information
If paid plans are enabled, payment processing is handled by Stripe, Apple, or another payment provider depending on how you subscribe. We may receive limited billing metadata such as subscription status, plan, customer identifier, renewal status, and payment success or failure. We do not store full credit card numbers.
Error, Log, and Device Information
We collect operational information needed to keep the service reliable and secure, such as:
- Request path, request ID, status code, and response time
- App version, environment, browser or device information, and operating system
- Crash reports and error diagnostics when error reporting is enabled
- Security, rate-limit, and abuse-prevention logs
We do not intentionally log journal text or uploaded journal images in application logs.
Website Analytics
We use Vercel Web Analytics to understand aggregated website usage, such as page views, referrers, browser, operating system, device type, and country. Vercel Web Analytics does not use cookies and does not give us information that identifies individual visitors.
We use this analytics information to monitor traffic, understand which pages are useful, improve site performance, and make product decisions. We do not use Vercel Web Analytics to track journal content, sell personal information, or serve targeted advertising.
Waitlist, Support, and Communications
If you join a waitlist, contact us, or request support, we collect the information you provide, such as your email address and message content.
Local Preferences
Some preferences, such as theme and homepage display options, may be stored locally on your device or in your browser. Local preferences may not be synced across devices.
How We Use Information
We use information to:
- Provide and maintain WrittenWords
- Authenticate accounts and protect sessions
- Store, display, edit, delete, and export journal entries
- Process OCR for uploaded pages
- Generate embeddings and provide semantic search
- Sync content across devices
- Provide customer support
- Process subscriptions and enforce usage limits
- Monitor reliability, security, abuse, and performance
- Comply with legal obligations
- Improve the service in ways that do not require selling your data or using journal content for advertising
AI Processing
WrittenWords uses AI for handwriting transcription, image understanding, doodle or margin-note extraction, and semantic search.
When you use OCR, uploaded journal images and related prompts are sent to OpenAI's API. When semantic search is enabled, entry text or search queries are sent to OpenAI's API to generate embeddings.
OpenAI acts as a service provider or processor for these features. OpenAI states that API data is not used to train models by default and that API inputs and outputs may be retained for up to 30 days to provide the services and identify abuse unless a different retention setting applies. See OpenAI's policy here: https://openai.com/enterprise-privacy/
AI output can be imperfect. OCR and generated descriptions should be reviewed by you before you rely on them.
Legal Bases for Processing
Where a legal basis is required, we process personal information under one or more of the following bases:
- Contract: to provide the service you request
- Legitimate interests: to secure, maintain, debug, and improve the service
- Consent: where we ask for optional permissions or optional processing
- Legal obligation: where retention, disclosure, or processing is required by law
How Information Is Protected
We use technical and organizational safeguards appropriate for a private journaling service, including:
- HTTPS/TLS for data in transit
- Server-side access controls
- Authentication through Clerk
- Device Keychain storage for sensitive iOS tokens where applicable
- AWS KMS envelope encryption for journal entry bodies in production before database storage
- AWS KMS envelope encryption for stored margin notes, doodle descriptions, doodle tags, and extracted equation records in production
- AWS KMS envelope encryption for uploaded image files in production before object storage
- Database and storage-provider encryption at rest where configured
- Request IDs and audit-oriented logging for troubleshooting and security review
- Rate limiting and input validation
WrittenWords uses backend-managed encryption, not end-to-end encryption. Your app sends and receives journal content over TLS. Our backend encrypts journal text before database storage and decrypts it when needed to serve it to you, search it, export it, or process it through enabled features. Authorized production access to both the encrypted data and the required key-management path may allow decryption, so WrittenWords should not be treated as zero-knowledge storage.
A direct database query should return encrypted journal entry bodies rather than readable text. This does not mean all journal-related information is encrypted: search embeddings, titles, notebook metadata, dates, page numbers, OCR uncertain-word records, image metadata, usage records, logs, and provider records may still reveal information about your archive.
No online service can guarantee absolute security. If you believe your account or data has been compromised, contact us promptly.
Who Can Access Information
You
You can access your journal content by signing in to your account.
WrittenWords Systems and Personnel
WrittenWords systems process your data to provide the service. WrittenWords personnel do not routinely read journal content. Human access, if needed, should be limited to support, security, legal, abuse prevention, or operations needs.
We expect human access to journal content to be rare. We may access or disclose journal content when necessary to comply with valid legal process, protect the service or users, investigate abuse or security issues, or provide support you request.
Service Providers
We use third-party service providers to operate WrittenWords. They may process information only for the purposes described in this policy and their agreements with us.
Legal and Safety Disclosures
We may disclose information if required by law, subpoena, court order, or valid legal process, or when necessary to protect the rights, safety, or security of users, WrittenWords, or others.
Subprocessors and Service Providers
The services below may process information depending on which features are enabled and how the service is deployed.
| Provider | Purpose | Data Involved | Policy |
|---|---|---|---|
| Clerk | Authentication, user profile, session management | Account identifiers, email, profile, authentication data | https://clerk.com/legal/privacy |
| OpenAI | OCR, image understanding, embeddings, semantic search | Journal images, journal text, prompts, AI outputs, search queries | https://openai.com/enterprise-privacy/ |
| Amazon Web Services | Hosting, storage, encryption, audit logs | App data, encrypted journal text, uploaded images, logs | https://aws.amazon.com/privacy/ |
| Neon | Managed PostgreSQL database hosting, where used | Database records, encrypted journal text, metadata, embeddings | https://neon.tech/privacy-policy |
| Stripe | Web subscription and payment processing, where enabled | Billing identifiers, payment metadata, subscription status | https://stripe.com/privacy |
| Apple | iOS app distribution, App Store payments, device platform services | App Store account/payment data handled by Apple; app permission prompts | https://www.apple.com/legal/privacy/ |
| Sentry | Error tracking and performance diagnostics, where enabled | Error events, stack traces, device/browser metadata, limited user/account identifiers | https://sentry.io/privacy/ |
| Vercel | Hosting, deployment, and cookieless web analytics | Page views, referrers, browser/device metadata, country-level location, aggregated analytics data | https://vercel.com/legal/privacy-policy |
We will update this list when we add or materially change providers that process personal information.
Data Retention
We keep account and journal data for as long as your account is active or as needed to provide the service.
You may request account deletion by contacting us. Account deletion is intended to delete journal entries, notebooks, uploaded images, embeddings, OCR metadata, and account records from active systems within 30 days, unless we must retain limited information for legal, security, billing, fraud-prevention, or dispute-resolution purposes.
Backups and provider logs may persist for a limited period according to normal backup and security retention cycles.
OpenAI's retention of API data, Stripe's payment records, Apple's App Store records, and other provider records are governed by their own policies and legal obligations.
Your Choices and Rights
Depending on where you live, you may have rights to:
- Access personal information we hold about you
- Correct inaccurate account information
- Export your journal data
- Delete your account and associated journal data
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
- Lodge a complaint with a data protection authority
We aim to offer these rights to all users where reasonably possible. To make a request, contact us at support@written-words.com. We may need to verify your identity before completing the request.
California Privacy Notice
We do not sell personal information and do not share personal information for cross-context behavioral advertising.
We collect the categories of information described above, including identifiers, commercial information if you subscribe, internet or network activity, device information, user-generated content, and inferences in the form of search embeddings. We use and disclose these categories for the purposes described in this policy.
International Users
WrittenWords is operated from the United States. If you use WrittenWords from outside the United States, your information may be processed in the United States and other countries where our service providers operate. Those countries may have privacy laws that differ from the laws where you live.
Children
WrittenWords is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, contact us and we will take appropriate steps to delete the account.
Legacy Access
WrittenWords may offer legacy access features in the future, allowing you to designate a trusted contact who can request an archive export if you are unable to access your account. Any such feature should require verification and privacy review. We will update this policy before launching a material legacy access feature.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the app, by email, or by another reasonable method before the changes take effect when required by law.
The effective date at the top shows when this policy was last updated.
Contact
WrittenWords
support@written-words.com