App Privacy Policy

Effective date: May 26, 2026

otio (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application (the “App”).

Information We Collect

To provide the App, we collect and process:

Account information

  • Email address (for account creation and sign-in through Apple or Google)

Journal data you log

  • Emotion labels you choose

  • Optional notes you add to emotion logs

  • Optional energy levels

  • Timestamps associated with your logs

This journal data is stored on our servers as encrypted data. It is encrypted on your device before it is uploaded. We do not store your journal as readable plain text in our database under normal operation.

Optional product data

  • Personalized AI insights (generated and stored for your account when you use that feature)

  • Product preferences and settings (for example: reminders, AI insights consent, Zeitgeist contribution toggle)

  • Encrypted backup data needed for journal recovery (for example: a wrapped encryption key and related cryptographic metadata—we do not store your recovery key itself)

We do not use your data for advertising.

Journal Encryption

Your journal entries are protected with encryption designed so that only your devices can decrypt them under normal use.

Here is how it works:

  • Your device creates and holds encryption keys used for your journal.

  • Journal entries are encrypted on your device before they are sent to our servers.

  • Encrypted journal data is stored using Google Firebase (Realtime Database).

  • When you set up the App, you receive a recovery key. You should save it somewhere safe.

  • If you sign in on a new device and your device keys are not available (for example, if iCloud Keychain sync is unavailable), you will need your recovery key to access your journal.

  • We cannot reset or recover your recovery key for you. If you lose your recovery key and cannot access your keys on a device, you may lose access to encrypted journal data.

Some metadata (such as timestamps used for calendar views) may remain readable to support core App features. Optional features described below are separate from journal encryption.

How We Use Your Information

We use your information to:

  • Maintain secure account access through Apple or Google sign-in

  • Provide core features such as emotion logging, calendar history, reminders, and soundscapes

  • Store your encrypted journal and sync it to your account

  • Let you export your data for personal use (exports are prepared on your device)

  • Generate personalized AI insights only when you opt in (see below)

  • Operate optional Zeitgeist community features only when you opt in (see below)

  • Maintain, secure, and improve the App

We do not sell your personal information.

AI Insights and OpenAI

If you opt in to “use AI for personalized insights” in Account settings:

  • When you open My Insights, we may send about the last 7 days of relevant check-in data for analysis.

  • This may include emotion labels, energy levels, timestamps, and notes.

  • We do not send your name, email address, or other direct account identifiers to OpenAI for this feature.

  • Processing runs through our backend pipeline before reaching OpenAI.

  • Generated insights may be stored for your account (including in encrypted form where applicable).

  • You can opt out at any time in Account settings. If you opt out, your data is not sent for new AI insight generation.

OpenAI processes data according to its own terms and privacy policy. We use OpenAI as a service provider for this optional feature.

Zeitgeist (Optional Community Feature)

If you opt in to “contribute to Zeitgeist” in Account settings:

  • Each new log you save while this is on may be added to an anonymous community pool.

  • This may include emotion labels, notes, and energy levels.

  • We do not include your name or email.

  • Notes may appear in community-facing or AI-generated community content.

  • You can turn this off at any time to stop new contributions.

Zeitgeist-related processing may use our backend services and OpenAI for community narrative features.

Data Storage and Security

User data is stored using Google Firebase and related Google Cloud infrastructure.

We use technical and organizational measures including:

  • Encryption in transit (HTTPS/TLS)

  • Encrypted journal storage (device-side encryption before upload)

  • Authentication and database access rules

  • Separation of optional feature processing from core account identifiers where applicable

No method of storage or transmission is 100% secure. We work to protect your information, but we cannot guarantee absolute security.

Data Export and Deletion

Export: You can export your data in the App. Export files are generated on your device from decrypted journal data you choose to export.

Delete account: You can delete your account from Account settings. When you delete your account, we delete your account and journal data stored in our app database (for example, data under your user record in Firebase Realtime Database) as part of the App’s deletion flow.

Deleting your account in the App does not automatically delete copies you saved elsewhere (for example, exported files on your device).

Analytics and Diagnostics

We use Firebase Analytics (GA4) to understand product usage and improve the App.

Analytics events are designed to be privacy-preserving. They focus on coarse app activity (for example: screen views, tab selections, sign-in success, and whether optional fields were used). We do not send emotion note text, journal content, recovery keys, or direct personal identifiers as analytics event parameters.

We may also use Firebase services such as Crashlytics for crash and stability diagnostics. These services may collect device and app diagnostic information needed to identify and fix issues.

Analytics and diagnostics data are processed according to Google’s policies and retention settings. Deleting your account in the App does not automatically guarantee immediate removal of historical analytics events already processed by Google.

Service Providers

We use trusted service providers to operate the App, including:

  • Google (Firebase / Google Cloud)—authentication infrastructure, database, analytics, cloud functions, and related hosting

  • Apple / Google—sign-in services

  • OpenAI—optional AI insights and optional Zeitgeist-related processing (only when you opt in to those features)

These providers process data on our behalf according to their terms and our instructions for the relevant feature.

Children’s Privacy

otio is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take appropriate steps.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above and provide additional notice when required.

Your continued use of the App after an update means you accept the revised policy, except where applicable law requires otherwise.

Contact Us

For questions about this Privacy Policy, contact:

hi@otio.world

Terms of Service: https://otio.world/app-terms-of-service