innous

Privacy Policy

Last updated: 28 May 2026

Innous is a private journaling app. Your journal stays on your device. AI features optionally require a pseudonymous Sign in with Google — we store only an opaque account identifier, never your email or name.

Data stored on your device

Your journal entries, the moods, topics, goals, ideas, decisions, skills and themes detected from them, any photos you attach, and your app settings are stored in an encrypted database on your device only. This data is never uploaded to an Innous server.

AI insights

When AI insights are enabled, the text of a journal entry is sent over an encrypted (HTTPS) connection to a processing proxy, which forwards it to Google's Gemini AI for analysis. The analysis is returned and stored only on your device. The proxy does not retain entry text after a request is processed. Photos are never sent for AI analysis.

We use Google's paid Gemini tier, under which Google contractually does not use your inputs to train or improve its models. Google may briefly retain API request logs for abuse-detection purposes for up to 55 days, after which they are deleted. No user email, device ID, or location is sent to Gemini — only the entry text and your selected writing style.

Legal basis (UK/EEA users): We process your entry text on the basis of your explicit consent under Article 6(1)(a) of the UK GDPR and EU GDPR. To the extent any entry contains special-category data (for example, references to health, beliefs, or sexual orientation), we rely on Article 9(2)(a). You give consent via the AI consent prompt on first use and can withdraw it at any time in Settings → AI insights.

International transfer: Sending text to Gemini involves transferring it to Google LLC in the United States. We rely on the EU–US Data Privacy Framework (Google LLC is certified) and Standard Contractual Clauses approved by the European Commission and the UK ICO.

Sign in with Google (AI features only)

To use AI features, Innous asks you to Sign in with Google. This is required for one reason only: to apply the Acceptable Use Policy consistently across reinstalls.

Innous does not store your email, name, profile picture, or any other personal identifier from your Google account. What we store: the opaque sub claim from your Google ID token — a string like 108194512348492048120 that is meaningless to us but identifies the same Google account to Google. This is stored only on your device and presented to our AI proxy on each AI request so the proxy can enforce per-account limits. The sub is not linked to your journal entries on any server.

To remove it: Settings → AI privacy → Sign out clears the sub and token from your device. You can re-sign-in at any time.

Legal basis (UK/EEA users): Processing of the sub is on the basis of your explicit consent under Article 6(1)(a) UK/EU GDPR. The sub is pseudonymous data — it can be linked to a person by Google, but not by Innous.

Abuse detection

To enforce the Acceptable Use Policy, our AI proxy records a pseudonymous strike log — containing the opaque sub (or a proxy IP hash), an event type, and a timestamp — in Cloudflare's infrastructure. Three policy violations auto-suspend AI access for 7 days. Strike records expire automatically after 60 days. No journal content is included in this log.

Location and weather

If you enable the optional context capsule, the app uses your approximate location one time to request current weather from Open-Meteo, a third-party weather service. Your location is not stored or tracked, and the feature can be disabled in Settings.

Photos

Photos you attach to an entry are stored only on your device and are never uploaded or shared.

Accounts and analytics

AI features require a pseudonymous Sign in with Google (opaque account identifier only — no email, name, or photo). Non-AI journaling requires no sign-in of any kind. Innous contains no advertising. Firebase Crashlytics (Google) collects crash reports consisting of stack traces and device metadata only — no journal content. Firebase Analytics collects aggregate usage breadcrumbs (screen views, session counts) to help us understand app stability — no personal identifiers and no journal content.

Subscription

Innous offers an optional premium subscription. Payments are processed entirely by Apple or Google — Innous never receives or stores your payment details.

Data retention and deletion

Because all of your journal data lives on your device, uninstalling Innous permanently and completely deletes it. There is nothing stored elsewhere for us to delete.

The pseudonymous sub and cached ID token stored on-device are deleted when you sign out (Settings → AI privacy → Sign out). Abuse-detection strike records in Cloudflare KV expire automatically after 60 days.

Security

Data stored on your device is encrypted at rest using SQLCipher, and all network requests use encrypted HTTPS connections.

Third-party services

Google Gemini (AI analysis of entry text, via the proxy); Google Identity (Sign in with Google, ID token validation); Firebase Crashlytics and Firebase Analytics (crash reporting and aggregate usage, Google); Cloudflare (KV abuse-detection log); Open-Meteo (current weather for the context capsule); the Apple App Store and Google Play (distribution and subscription billing).

Children

Innous is not directed to children under 16 (EEA and UK) or under 13 (rest of world) and should not be used by them. If you believe a child has used Innous, please contact us at hello@innous.app and we will take reasonable steps to address it.

Changes to this policy

This policy may be updated from time to time. The date above reflects the most recent change. Material changes will be notified in the app.

Contact

Questions about this policy or your data? hello@innous.app