Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your email address and name (optional). This information is stored on our secure servers (Supabase) to enable account access and communication.

Journal Entries - Zero-Knowledge Encrypted Storage

Your journal entries are stored both locally on your device and as encrypted backups in the cloud (Supabase). Here's exactly how it works:

• Local Storage: Entries are stored on your device in encrypted local storage for instant access.
• Cloud Backups: When you create a backup, all your entries are encrypted on your device using AES-256-GCM encryption with your user-created passcode.
• Upload: The encrypted data is uploaded to our cloud servers (Supabase).
• Zero-Knowledge: Your passcode NEVER leaves your device. We cannot decrypt your backups. Only you can decrypt and restore your data.
• Lost Passcode: If you forget your passcode, we cannot recover your data. This is by design to ensure maximum privacy.

What we CAN see: That you have backups, when they were created, and their encrypted size.

What we CANNOT see: The content of your journal entries.

Temporary AI Processing

To provide AI-powered insights (mood detection, topic analysis, transcription), your journal content may be temporarily sent to trusted AI processing partners for analysis. Important details:

• Your entries are decrypted on your device (using your passcode) only when AI features are requested
• Sent to AI processing partners over encrypted HTTPS connections
• AI partners analyze the content and return insights to your device
• All AI processing partners permanently delete data after processing (typically within 30 days)
• AI partners do NOT use your data for training their models
• The insights are saved to your device and included in your encrypted backups
• Mento servers never receive or store your unencrypted journal content

This temporary processing is necessary for advanced AI features to work. You have full control - if you prefer not to use AI features, you can journal without them, and your entries will remain entirely local to your device. We're also working on on-device AI processing options for the future.

Voice Recordings

When you record a voice entry, the audio may be temporarily sent to our speech recognition partners for transcription. The transcription is returned to your device and saved as text. All voice recordings are permanently deleted after processing. Original audio recordings are not stored on Mento's servers - they exist only on your device (if you choose to save them) or are discarded after transcription.

Usage Analytics (Anonymous)

We collect anonymized usage data to improve Mento:

• Number of entries created (NOT the content)
• Features used (voice recording, AI insights, etc.)
• Session duration and app opens
• App crashes and technical errors
• Device type and OS version

We use Sentry for error tracking - it collects only technical diagnostics and stack traces, never journal content or personal data.

Device Information

We collect basic device information: device type, operating system version, app version, and general location (country/region only) to ensure app compatibility, provide region-specific features, and improve performance.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve Mento's services
• Process your subscription and send transaction confirmations
• Send important service updates, security alerts, and support messages (you can opt out of non-essential emails)
• Respond to your questions, feedback, and support requests
• Analyze anonymized usage patterns to improve features and user experience
• Detect and prevent security threats, fraud, abuse, or technical issues
• Comply with legal obligations (law enforcement requests, court orders, etc.)

3. Information Sharing and Third Parties

We share your information only with trusted service providers necessary to operate Mento. We NEVER sell your data to advertisers or data brokers. Here's exactly who has access to what:

• AI Processing Partners - Your journal content is temporarily sent to trusted AI partners for analysis (mood detection, transcription, insights). These partners process it, return results, then permanently delete it. They do not use your data for training.
• Cloud Storage Provider - Stores your encrypted journal backups (which we cannot decrypt), account information (email, name), and metadata (backup timestamps, entry counts). They cannot decrypt your journal content.
• Payment Processor - Processes subscription payments and manages in-app purchases. Receives only payment data, subscription status, and purchase history - never journal content.
• Analytics Provider - Error tracking and app monitoring. Receives only technical error logs, stack traces, and device diagnostics - never journal content or personal entries.
• Legal Compliance - We may disclose information if legally required (subpoena, court order, legal process). However, since we cannot decrypt your journal entries, we can only provide account information, metadata, and encrypted backups (which require your passcode to decrypt).

4. Data Security

We implement multiple layers of security to protect your data:

• Zero-Knowledge Encryption: Journal entries are encrypted on your device using AES-256-GCM encryption before being backed up. Only you hold the decryption passcode.
• Passcode Security: Your backup passcode is stored securely on your device only (iOS Keychain / Android Keystore). It never leaves your device and is never transmitted to our servers.
• End-to-End Encryption: Your journal content is encrypted on your device, transmitted encrypted, stored encrypted, and can only be decrypted by you with your passcode.
• Data in Transit: All data transmitted between your device and our servers uses TLS 1.3+ encryption (HTTPS).
• Server Security: Our cloud storage servers use industry-standard security including firewalls, intrusion detection systems, access controls, and regular security audits.
• Access Controls: Even Mento employees cannot access your journal entries. We can only see encrypted backups and account metadata.
• Regular Security Audits: We conduct regular security assessments and promptly patch any discovered vulnerabilities.
• No Plaintext Storage: Your journal content is never stored in plaintext on our servers.

5. Your Privacy Rights

You have the following rights regarding your data:

• Access: Request a copy of your account information and metadata (we cannot decrypt your journal entries without your passcode)
• Correction: Update or correct inaccurate account information at any time
• Deletion: Delete your account and all associated data (encrypted backups, account info, metadata) at any time through app settings
• Export: Download your journal entries in PDF, JSON, or plain text format (requires your passcode for decryption)
• Portability: Transfer your data to another service via export
• Opt-out: Unsubscribe from marketing and non-essential emails (we send very few)
• Restrict Processing: Request limitations on how we use your data (may affect app functionality)
• Object: Object to certain data processing activities

6. Your Privacy Guarantee - Summary