Privacy Policy

Last updated: July 1, 2026

This Privacy Policy is issued by Chunlong Cao (an individual developer, hereinafter "we," "us," "our," or "the Developer") and applies to Inner Talk Diary (hereinafter "the App"), a private journaling application for iOS.

The guiding principle of the App is simple: your innermost thoughts belong to you. We designed the App with privacy first—your journal entries are stored only on your own device by default. We operate no central server that stores your journal content, and we do not send your journal content to any server of ours or to any third party. We cannot see what you write. This Policy explains in detail what data we collect, why we collect it, who processes it, and the rights you have.

1. Introduction and Scope

The App is a private journaling tool that helps you record your inner dialogue, emotions, and thoughts. We recognize that journal content constitutes highly sensitive personal information, and we have written this Policy to describe our data practices transparently and honestly.

This Policy applies to all use of the App through your iOS device. The App is offered primarily to a global, international audience, and our practices are therefore designed to comply with:

the EU General Data Protection Regulation (GDPR) and related laws of the European Economic Area (EEA) and the United Kingdom;
the California Consumer Privacy Act, as amended (CCPA / CPRA); and
the privacy requirements of the Apple App Store.

By downloading, installing, or using the App, you confirm that you have read and understood this Policy. If you do not agree with this Policy, please do not use the App.

2. What Data We Collect

We are committed to the principle of data minimization. The categories of data we may process are described below.

2.1 Account Information

When you create an account or sign in, account identity information is involved. The App supports the following sign-in methods:

Sign in with Apple
Sign in with Google
Email and password

Authentication is handled by Firebase Authentication (provided by Google). Depending on the sign-in method you choose, the account information involved may include your email address, the unique user identifier returned by a third-party sign-in provider, and a display name (if you provide one).

About passwords: If you sign in with email and password, the App itself does not store your password. Your password is securely managed by Firebase Authentication as an encrypted hash, and we cannot read your plaintext password.
The App does not collect phone numbers and does not offer SMS or phone-based one-time-passcode sign-in.

2.2 On-Device Content (Your Journal)

The journal entries, inner dialogue, mood records, and all other body content you write are, by default, stored only locally on your own iOS device (using Apple's SwiftData technology).
This content is not uploaded to any server operated by us and is not sent to any third party. By default, no party other than your device—including us—can access your journal content.

2.3 Cloud-Synced Content (Premium Subscribers Only)

If you subscribe to Premium, the App can additionally sync your journal content to your own private iCloud database (Apple CloudKit) so that it is synchronized and backed up across your Apple devices.
This data is stored under your own iCloud account and is protected by Apple's privacy and security mechanisms. We (the Developer) cannot access the journal content in your private iCloud database.

2.4 Usage and Crash Analytics

To improve the stability and experience of the App, we use the following Google Firebase services:

Firebase Crashlytics (crash reporting): When the App crashes, this collects diagnostic information such as crash logs, device model, operating system version, and crash stack traces, helping us identify and fix problems.
Firebase Analytics (anonymous usage statistics): This collects anonymous, aggregated behavioral statistics—such as feature usage frequency, session duration, and screen views—to help us understand how features are used.

We make this firm commitment: analytics and crash reports involve only anonymous behavioral and diagnostic data and never include the body content of your journal. We will never use your journal content for analytics, statistics, or any commercial purpose.

2.5 Subscription and Payment Information

The App offers a Premium auto-renewable subscription. All billing is processed through the Apple App Store.

We do not access, collect, or store your payment card or bank information. Payment information is processed by Apple.
We may receive your subscription status from Apple (for example, whether your subscription is active and its expiration date) in order to unlock Premium features, but this does not include your payment credential details.

3. Where Data Is Stored and Who Processes It (Sub-processor List)

Data category	Storage / processing location	Processor
Account identity and sign-in	Firebase Authentication cloud	Google (Firebase)
Journal content (default)	Local on your iOS device (SwiftData)	You only
Journal content (subscriber sync)	Your private iCloud database (CloudKit)	Apple (under your own account; we cannot access it)
Crash and anonymous usage analytics	Firebase cloud	Google (Firebase)
Subscription and payment	Apple App Store	Apple

The third-party sub-processors we use are:

Google / Firebase (authentication, crash reporting, anonymous analytics)
Apple (iCloud sync, App Store subscription billing)

4. Why We Collect This Data (Purposes and Lawful Bases)

Data	Purpose	GDPR lawful basis
Account information	Create and manage your account; provide sign-in	Performance of a contract (provision of the service)
On-device / iCloud journal content	Provide the core journaling feature; cross-device sync	Performance of a contract
Crash and anonymous analytics	Fix defects; improve stability and experience	Legitimate interests
Subscription information	Provide and manage the Premium service	Performance of a contract

5. Data Sharing and Disclosure

We do not sell your personal information. Within the meaning of the CCPA/CPRA, we do not "sell" or "share" personal information for cross-context behavioral advertising. We also do not use your journal content for advertising, and we do not send your journal content to any server of ours or to any third party.

We share necessary data only with the sub-processors listed in Section 3 above, and only to the extent required to provide the corresponding functionality:

Shared with Firebase / Google: account authentication, and crash and anonymous analytics data;
Shared with Apple: iCloud sync and subscription-billing data.

In addition, we may disclose information only where required by law (for example, valid legal process or a court order) or where necessary to protect the legitimate rights, safety, and security of us and our users.

6. Data Retention and Deletion

Local journal content: Retained on your device until you delete the content, uninstall the App, or delete your account.
iCloud-synced content (subscribers): Retained in your iCloud account until you delete it or disable sync; you may also manage it through Apple's iCloud settings.
Account information: Retained until you delete your account.
Crash and anonymous analytics data: Retained according to Firebase's default or configured retention periods for aggregated diagnostics, and is generally not identifiable to an individual.

Account deletion: The App provides a "Delete Account" function in its settings. Deleting your account will:

delete your Firebase account (identity information);
delete the data stored locally on this device; and
on a best-effort basis, also delete the copies of your journal synced to your private iCloud database (CloudKit), including the automatic-sync mirror and backup records.

Account deletion is irreversible. We will make our best effort to erase the iCloud cloud copies described above when you delete your account. If cloud erasure cannot be completed because of a network issue or temporary unavailability of the iCloud service, any residual copies remain under your own iCloud account, and you may delete them yourself through Apple's iCloud management. If you have questions about account deletion, you may contact us using the details below.

7. Your Rights

We respect and support your control over your own data.

7.1 Rights Under the GDPR (for EEA/UK Users)

You have the right to: access your personal data; request rectification; request erasure (the "right to be forgotten"); request restriction of processing; request data portability (export); object to processing; and, where processing is based on consent, withdraw your consent at any time (withdrawal does not affect processing already carried out before the withdrawal). You also have the right to lodge a complaint with the data protection supervisory authority in your jurisdiction.

7.2 Rights Under the CCPA/CPRA (for California Users)

You have the right to: know what personal information we collect and the purposes for which it is used; request access to it; request deletion; request correction; and opt out of the sale or sharing of your personal information (as stated above, we do not sell or share your personal information). We will not discriminate against you for exercising your rights.

7.3 How to Exercise Your Rights

You can manage most matters directly within the App (edit or delete journal entries and delete your account).
For other requests (access, export, correction, and so on), you may contact us using the contact details below, and we will respond within the time limits prescribed by applicable law.

8. Children's Privacy

The App is intended for adult users and is not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us using the details below, and we will take steps to delete it.

9. Security Measures

We implement reasonable technical and organizational measures to protect your data, including:

storing journal content locally on your device by default, which structurally reduces the risk of a centralized breach;
having account authentication and password hashing managed by Firebase Authentication; and
encrypting network transmission to servers (HTTPS/TLS).

Nevertheless, no system can guarantee absolute security. Please keep your device and account credentials secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you through an in-app notice or by updating the "Last updated" date on this page. Your continued use of the App after a change takes effect constitutes your acceptance of the updated Policy.

11. Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy or your data, please contact:

Data Controller: Chunlong Cao (an individual developer)
Contact email: chjam12301@gmail.com