Privacy

Last updated: April 2026 · Draft

Interstitial is built on a promise: your journal is for you, not for us. This document explains what that means in concrete terms.

What we collect

To operate the service, we store:

Your email address (for email-based accounts) or a Sign in with Apple / Sign in with Google identifier
A password hash and two salt values, derived on your device (used for login)
Opaque encrypted blobs of your journal entries, which we cannot decrypt
Sync metadata (timestamps, device IDs, subscription status)
Anonymous aggregate metrics for crash rates and core feature health — opt-in, scrubbed of any entry content

What we don't collect

We do not, under any circumstance:

Read the content of your journal entries
Use third-party analytics SDKs (no Google Analytics, Mixpanel, Amplitude, or similar)
Sell, share, or monetize your data
Train machine learning models on your content
Include tracking pixels in our emails

How encryption works

When you create an account, your device generates a random encryption key. Your password wraps that key via Argon2id key derivation. Every entry is encrypted with XChaCha20-Poly1305 before it leaves your device. The server stores ciphertext and metadata only.

This means: if you lose your password, we cannot recover your entries. It also means: if we are compelled by law enforcement to hand over data, we can only provide encrypted bytes and an email address.

Your rights

Under GDPR, CCPA, and similar frameworks, you have the right to:

Export all your data as decrypted JSON (Settings → Export)
Delete your account and all associated data (Settings → Delete account)
Request a copy of everything we hold about you
Correct inaccurate information in your account

Data deletion timeline

When you delete your account, your record and all encrypted blobs are removed from primary storage within 24 hours, and from all backups within 30 days per the backup retention schedule.

Email

The only emails we send are: trial expiration notices, payment receipts, account changes you initiated, and security alerts. We never send marketing emails. There are no tracking pixels.

Contact

Questions: support@interstitial.app