Legal

Privacy Policy

Last updated: 20 May 2026  ·  Governing law: India · DPDP Act 2023
Your journal entries are yours. We do not sell your data. We do not share it with third parties for advertising. We do not read it unless required to provide the service.

1. Who this applies to

This policy applies to all users of The Inner Architect, operated by an individual based in New Delhi, India. It is written in compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act).

Contact the Data Fiduciary: stays@innerarchitect.in

2. What we collect

We do not collect your location, contacts, biometric data, financial information, or any data from other apps on your device.

3. Why we collect it

We do not use your data for advertising, profiling for commercial purposes, or any purpose not listed above.

4. How your data is processed by AI

When you save a journal entry, its content is sent to Anthropic's Claude API to generate a mirror reflection. This transmission is encrypted in transit. Anthropic's data processing is governed by their own privacy policy. We do not send identifiable information beyond what is necessary for the reflection.

We do not use your journal entries to train AI models. We do not permit Anthropic to use your content for training purposes under our API agreement.

5. Where your data is stored

Your data is stored on Supabase, a cloud database service. Supabase stores data in secured data centres. Your journal entries are encrypted at rest and in transit using AES-256 and TLS 1.3.

Data may be processed outside India by our infrastructure providers (Supabase, Vercel, Anthropic). By using the service, you consent to this cross-border transfer as necessary to provide the service.

6. Your rights under the DPDP Act 2023

As a Data Principal under Indian law, you have the right to:

To exercise any of these rights, email stays@innerarchitect.in. We will respond within 30 days.

7. Data retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days. Usage logs are retained in anonymised form for up to 12 months.

8. Children

The Inner Architect is not intended for anyone under 18 years of age. We do not knowingly collect data from minors. If we become aware that a minor has created an account, we will delete it.

9. Cookies

The app uses a session token stored in your browser's local storage for authentication. We do not use tracking cookies or third-party advertising cookies.

10. Email communications

If you have written a journal entry that day, you may receive one evening reflection email at 8pm IST. You can opt out at any time by contacting us or deleting your account.

We may also send account-related emails (access granted, password reset). These cannot be opted out of as they are necessary for account security.

11. Changes to this policy

We may update this policy. Material changes will be notified by email. The date at the top of this page shows when it was last updated.

12. Contact and grievances

For privacy-related questions or to exercise your rights: stays@innerarchitect.in

We aim to respond to all requests within 30 days as required by the DPDP Act 2023.