How your inner work is protected.

What this app actually stores

When you save a moment, Inrly records: the feeling you chose, the need you picked, an optional intensity rating, an optional body location, and the words you typed. That entry is linked to a random account identifier — a UUID — and never to your name or email at the row level. Your email lives only in the authentication system that lets you sign in.

The data table that holds your saved moments has no foreign-key relationship to your user identity. Structurally, the database treats your entries as belonging to an anonymous account ID.

What we do with it

Your saved moments are shown back to you, and only to you, when you sign in. They are never shown to other users, sold, licensed, used for advertising, or used to train third-party models. They are stored at rest on infrastructure operated by Supabase (region: Frankfurt, EU) and encrypted in transit using TLS.

Your profile (gender, age range, country)

During setup you can optionally tell us your gender, age range, and country. These answers live on your account — the same account that holds your saved moments — so that future versions of the app can feel more like they were built for you specifically.

A few honest things about how this works:

• Your profile answers are stored on your account, which means they are technically linked to the email address you signed in with inside our authentication system. We are telling you this directly because we think you should know it.
• Your profile answers are never joined to your journal entries in any query, report, or export. The two live in separate places with no connection between them in our code.
• They are never used for advertising, never sold, and never shared with anyone outside this app.
• All three fields are optional. You can leave them blank, change them, or clear them at any time in Settings → Your profile.

The reason we ask at all: we want Inrly to eventually adapt to who you are — not just what you feel in the moment. That requires knowing a little about you. We would rather ask honestly and let you decide than collect it quietly.

How AI is used (always on)

Inrly uses AI on what you write to generate the personalised reply and your pattern insights. This is not optional, because templated, non-personalized output is the opposite of what this tool exists to be. Here is exactly what that means in practice:

• The text you save is sent to OpenAI in the moment to produce a reply or insight. Under their API data-usage terms, your text is not retained by OpenAI and is not used to train their models.
• We never train any model on your content, ours or anyone else's.
• Your text is never sold, shared, used for advertising, or used to profile you. The only purpose AI serves here is generating output that is specific to you, for you, on your own data.
• We retain your saved cards on your account so you can read them back. The AI call itself is transient.

Two optional consent toggles

You control two independent switches in Settings — both default to off:

• Anonymous product analytics.When on, each save records a separate event in a dedicated analytics table that contains only categorical buckets (e.g. the word "Lonely", the word "Comfort", a coarse intensity bucket, and the hour and day-of-week). That table has no link of any kind back to you. We never write your typed words to it.
• Aggregate research contribution. When on, the same anonymous events may be used in aggregate research outputs about emotional patterns. Any reported figure is suppressed if fewer than ten distinct events would back it (a k-anonymity threshold). No individual record is ever released.

Either toggle can be turned off at any time. Withdrawal is immediate and applies to all future processing. Past anonymous events, by their nature, cannot be withdrawn because they cannot be linked back to you — but no future events will be recorded.

Your rights

You can export everything you have saved at any time as a Markdown file, from Settings → Your data. You can permanently delete your account's data with one click from the same screen. If you sign in from the EU/UK, GDPR additionally grants you the right to access, rectify, restrict, and port your data. Email privacy@inrly.io for any data request.

What we do not do

• We do not sell or license your data to anyone, ever.
• We do not use your inner-work text for advertising targeting.
• We do not train AI models on your content.
• We do not share individual records with researchers, partners, or third parties.
• We do not use cookies for tracking outside the essential session cookie required to keep you signed in.

Legal framework

Inrly treats every entry as "special category data" under GDPR Article 9 (data revealing health, including mental health). Our legal basis for processing is your explicit, granular, withdrawable consent. We comply with the FTC Health Breach Notification Rule's breach-disclosure requirements should one ever occur. We are not a covered entity under HIPAA — Inrly is a wellness journaling tool, not a healthcare service, and is not therapy.

If you are in immediate danger, Inrly is not the right place. Please reach out: US: 988 · UK/ROI: 116 123 · Crisis Text Line: text HOME to 741741.

Changes to this policy

If the privacy policy materially changes, your existing consent is invalidated and you will be asked to consent to the new version before any further processing occurs. You will see a notification the next time you open the app.