Privacy Policy

Effective Date: January 26, 2026 | Version 2.1

1. Our Approach to Privacy

Sanctuary is built on a fundamental principle: true anonymity. Unlike most apps, we don't ask you to create an account. We don't collect your email, name, phone number, or any other identifying information.

This isn't just a policy choice — it's a technical architecture. We've designed our systems so that identifying individual users is impossible, not just prohibited.

2. What We Don't Collect

We do not collect, store, or process:

• Names, emails, phone numbers, or usernames
• Device identifiers (IDFA, GAID, etc.)
• IP addresses
• Location data
• Browsing history or behavior tracking
• Financial information
• Any persistent user identifiers

3. What We Do Store

When you submit a reflection, we store:

• The content — your reflection text
• AI-detected themes — e.g., "hope," "uncertainty"
• Quality score — how well it connects to universal experience
• Timestamp — when it was submitted

Crucially, none of this data is linked to you. Each reflection gets a random identifier with no connection to any user.

4. Rate Limiting

To prevent spam, we use ephemeral rate limiting. When you use the app, a random token is generated locally on your device. We receive a one-way hash of this token (not the token itself) to count submissions. This hash:

• Cannot be reversed to identify you
• Auto-deletes after 24 hours
• Cannot be linked across sessions

5. AI Processing

We use AI (Google Gemini) to analyze reflections. The AI receives only the text of your reflection — no user identifiers, device information, or metadata. Per Google's API terms, they don't retain this data.

6. Private Journal

The Private Journal feature stores entries locally on your device only. This data is never transmitted to our servers. If you uninstall the app, this data is deleted.

7. Push Notifications

We offer optional push notifications for daily summaries and reflection reminders. These use Firebase Cloud Messaging (FCM) with topic-based messaging, which preserves your anonymity:

• We never store your device token on our servers
• You subscribe to anonymous topics (e.g., "daily_summary")
• We cannot identify who receives or opens notifications
• Your notification preferences are stored locally on your device only
• Disabling notifications leaves no trace on our servers

8. Third-Party Services

We use minimal third-party services:

• Firebase (Google) — Database and cloud functions
• Firebase Cloud Messaging (Google) — Push notifications (topic-based, no device tokens)
• Google Gemini — AI analysis
• Upstash Redis — Rate limiting

All third parties receive only anonymous data with no way to identify individual users.

9. Data Retention

• Reflections — Retained indefinitely as part of the collective
• Rate limit hashes — Auto-deleted after 24 hours
• Daily summaries — Retained indefinitely
• Private Journal — Stored locally; you control deletion

10. Your Rights

Because we don't collect personal data, many traditional data rights don't apply in the usual way:

• Access — We can't provide "your" data because we can't identify it
• Deletion — We can't delete "your" reflections because we don't know which are yours
• Portability — Same reason

For your Private Journal, you have full control — it's on your device, and you can delete it anytime.

11. Children's Privacy

Sanctuary is intended for users 13 and older (or the minimum age in your jurisdiction). We don't knowingly collect information from children. Since we don't collect personal data, we can't verify age — but our Terms of Service require users to meet minimum age requirements.

12. International Users

Our servers are located in the United States. Because we process anonymous data (not personal data), international data transfer restrictions under GDPR and similar laws generally don't apply. See GDPR Recital 26.

13. Changes to This Policy

We may update this policy. Significant changes will be announced in the app. Your continued use after changes constitutes acceptance.

14. Contact

Questions about privacy?
Email: admin@sookoon.space