Solstice Diary Privacy Policy

1. Welcome

Solstice Diary is built to help you reflect, notice patterns, and return to important moments over time. That only works if the app feels trustworthy.

Some parts of the app work only on your device, and some rely on cloud infrastructure so your account, saved history, AI tools, and search features can work. We want to be straightforward about that from the start.

2. Our Commitment

We treat journal content as sensitive and try to be careful both in how we handle it and in how we describe our practices.

• We do not sell your journal content to advertisers.
• Much of your saved journal content is encrypted on your device before it is stored in Firestore.
• We try to explain our data practices in plain language and keep app-store disclosures aligned with this policy.
• We do not describe Solstice Diary as end-to-end encrypted because backend AI features require server-side processing of some content.

3. Why We Store Data

Not everything is stored in the same place. Some information stays only on your device, while other information is stored in Firebase services because core parts of the product depend on it.

• We store account and saved-content records in the cloud so you can sign in securely, keep your history across devices, and restore access if you reinstall the app or change phones.
• We store saved entries, conversations, goals, events, and settings so the product can synchronize your data and preserve the state of your journal over time. Saved entries and conversations are encrypted before they are stored in Firestore.
• We create derived records, such as memories, search indexes, and saved reports, so AI-assisted search, summaries, and reflection features can work more reliably and quickly.
• We keep certain data only on your device, such as local reminder schedules, cached settings, and encrypted unsaved drafts, because those features do not always need cloud storage.

4. Who We Are

Solstice Diary is operated by Nathaniel James Markram.

For the purposes of applicable data protection law, Nathaniel James Markram is the data controller of the personal information described in this Privacy Policy, unless stated otherwise.

You can contact him about privacy questions, rights requests, or complaints using the contact details listed at the top of this policy.

5. Eligibility

Solstice Diary is intended only for users who are 18 years of age or older and is not directed to children.

We do not knowingly collect personal information from anyone under 18.

If you believe someone under 18 has provided personal information through the app, contact us so we can review the issue and take appropriate action.

6. Information We Collect

The information we collect depends on how you use the app. Some information is stored locally on your device, some is stored in Firebase services, and some is processed through backend AI features.

Because Solstice Diary is a journaling and reflection app, the content you choose to enter may include sensitive personal information, including information about your emotions, relationships, routines, beliefs, or wellbeing.

• Account and authentication data, such as your email address, password credentials handled through Firebase Authentication, password-reset activity, and basic account/session status.
• Profile and preference data, such as your display name, selected chat persona, archetype or persona dimensions, onboarding status, onboarding version, theme, day-end settings, week-start preference, calendar display settings, intro-completion flags, and similar app settings.
• Journal and reflection content that you choose to provide, such as guided chat messages, saved conversation transcripts, free-writing entries, titles, summaries, analysis text, structured analysis items, insights, mood overrides, pinned insights, and user-selected tags.
• Goals and habit data, such as goal titles, optional reasons or descriptions, emojis, repeat settings, reminder slots, archived or completed status, counters, progress records, and completion timestamps.
• Calendar and event data, such as event titles, notes, location text, birthdays, all-day flags, start and end times, recurrence settings, reminder offsets, timezone names, and timezone offsets.
• Search and navigation inputs, such as semantic search queries, tag filters, selected date ranges, report periods, and drill-down selections used inside the app.
• Local-only data stored on your device, including encrypted unsaved chat drafts, lightweight draft metadata, local reminder payloads, reminder times, and related device permission states for notifications and exact alarms, as described further in Section 7.

7. Local Device Storage

The current app code stores some information only on your device to support encryption, drafts, settings, and local reminders.

• A per-user content-encryption key is stored locally in secure device storage.
• Unsaved chat drafts are stored locally in encrypted form, along with small unencrypted draft metadata such as draft IDs, titles, and timestamps.
• Settings and UI preferences are cached locally to support offline access and faster startup.
• Event and goal reminders are scheduled locally on the device rather than as cloud push notifications in the current app code.
• Depending on your device settings, reminder content may appear on your lock screen or in local notification previews.

8. Cloud Storage and Derived Data

When you are signed in, Solstice Diary stores data in Firebase services. In addition to the records you create directly, we may also create derived records to support AI features, search, and reports.

• Primary cloud records may include user profile documents, journal entries, conversation records, days or mood records, goals, goal counters, goal progress records, events, app settings, and saved insights reports.
• Derived AI records may include memory records, memory indexes, entry search indexes, and report artifacts generated from your saved content.
• When you delete an entry, we are designed to also remove related memory and search records created from that entry.
• When you permanently delete your account in-app, we are designed to delete your account and associated stored data from our active systems.

9. AI Features and Automated Processing

Solstice Diary includes AI-powered features that are routed through Firebase Cloud Functions and OpenAI from our backend. These features may process the content you provide, plus related context needed to return the requested feature.

The current codebase supports AI chat replies, structured summaries, adaptive openers, chat suggestions, insights reports, goal suggestions, emoji suggestions, semantic search embeddings, and long-term memory extraction from saved content.

• For guided chat and reflection features, the backend may process recent messages, selected mode, selected persona data, and relevant memory context to generate replies or suggestions.
• For saved journal content, the backend may decrypt relevant stored content to generate summaries, insights, reports, memory records, and search indexes.
• For semantic search and contextual retrieval, the backend may create embeddings or other derived representations from decrypted summaries and extracted memory statements.
• For goal suggestions and emoji suggestions, the backend may process goal titles, entry summaries, analysis text, tags, and recent memory context.
• These AI features can influence what content is shown back to you, but they are not a substitute for professional medical, legal, or financial advice.

10. How We Use Personal Information

We use personal information to operate, secure, and provide Solstice Diary, to deliver the features you request, and to comply with legal obligations.

• Create and manage your account, authenticate sessions, and support password resets.
• Save, display, edit, search, organize, and delete journal entries, conversations, moods, goals, events, and settings.
• Generate AI-assisted replies, summaries, reports, suggestions, search results, and related derived records that support app features.
• Sync your settings and content across your signed-in devices.
• Schedule and manage local device reminders for events and goals.
• Maintain security, troubleshoot problems, respond to support requests, and protect our legal rights.

11. How We Share Information

We do not sell your journal content to advertisers. We share personal information only when needed to operate the service, when you ask us to, or when required by law.

• Google and Firebase, which provide authentication, database, cloud-function, and related infrastructure services for the app.
• OpenAI, which processes certain prompts and related context from our backend to generate AI-assisted replies, summaries, suggestions, embeddings, reports, and similar outputs.
• Your device operating system and apps you choose, when you use sharing features to send content outside Solstice Diary.
• Service providers, professional advisors, regulators, law enforcement, or parties involved in a merger, acquisition, financing, or sale of assets, where disclosure is reasonably necessary.
• We do not intentionally include third-party mobile advertising SDKs in the app. If we add analytics, crash-reporting, advertising, or similar third-party tools in the future, we will update this policy and any required store disclosures.

12. Security and Encryption

Much of your saved journal content is encrypted on your device before it is stored in Firestore. To provide features such as AI summaries, memories, search, and insights, Solstice Diary may decrypt relevant content on our servers and create related derived records.

Because these features require server-side processing, Solstice Diary is not end-to-end encrypted. We use administrative, technical, and organizational safeguards designed to help protect personal information, but no method of storage or transmission is completely secure.

13. International Transfers

We and our service providers may process or store personal information in countries other than the country where you live. Those countries may have different data-protection laws.

Where applicable, we rely on appropriate safeguards and contractual measures that are intended to support lawful transfers of personal information.

14. Retention

We generally keep personal information for as long as your account remains active, as long as needed to provide the features you use, or as long as needed for legitimate business or legal purposes.

If you delete content or delete your account, we will aim to remove the relevant active records in the ordinary course of operation. Residual copies may remain for a limited period in backups or recovery systems and will be deleted in the normal course; this policy does not promise a specific backup-deletion window.

Device-local data, such as drafts, settings caches, reminder schedules, and locally stored encryption keys, may remain on your device until removed by the app, by sign-out or cleanup flows, by deleting the app, or by clearing device storage.

15. Your Rights and Choices

Depending on where you live, you may have rights to request access to, correction of, deletion of, restriction of, objection to, or portability of certain personal information. You may also have the right to complain to a regulator.

• Account and content management: you can edit or delete certain entries, goals, events, and settings in the app.
• Entry deletion: deleting an entry is designed to remove the entry and associated derived memory and search cleanup records tied to that entry.
• Account deletion: the app includes an in-app permanent account deletion flow.
• Notifications: you can control local reminder permissions through your device settings and, on supported devices, exact-alarm permissions.
• Sharing: any use of the device share sheet is optional and controlled by you.
• Rights requests: contact us at hello@solsticediary.com. We may need to verify your identity before completing certain requests.

16. EEA, UK, and Similar Legal Bases

If data-protection laws in your jurisdiction require a legal basis, we generally rely on one or more of the following: performance of a contract with you, your consent, our legitimate interests, and compliance with legal obligations.

• Performance of a contract: providing your account, syncing content, saving entries, and delivering requested app features.
• Consent: where required, for example for certain optional permissions or where local law requires consent for a particular processing activity.
• Legitimate interests: improving service reliability, securing the app, preventing abuse, and supporting contextual AI features requested through the product.
• Legal obligations: responding to lawful requests, enforcing rights, and meeting compliance duties.

17. California Notice

If California privacy law applies to our processing of your personal information, California residents may have rights to request access to, correction of, and deletion of certain personal information, subject to exceptions and verification requirements.

We do not knowingly sell personal information, and we do not knowingly share personal information for cross-context behavioral advertising.

18. Web Pages and Web Hosting

If you visit our website or other public web pages for Solstice Diary, our hosting providers may process basic technical information such as IP address, browser or device information, and server logs as needed to deliver, maintain, and secure those pages.

If we later use non-essential cookies, analytics tools, or similar web tracking technologies, we will update this Privacy Policy and provide any additional notices required by applicable law.

19. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version with a revised effective date and, where appropriate, provide additional notice.

20. Contact Us

Privacy requests and questions: hello@solsticediary.com

Mailing address: 13 St James St, Audas Estate, Cape Town, 7130

Operator or controller: Nathaniel James Markram