Privacy Policy
Effective date: June 15, 2026 · Version 1.2
Talk2Diary is built by Appspace Innovations Pvt Ltd. We take your privacy seriously. This policy explains what information we collect, why we collect it, and how we protect it. We have written this in plain English so it is easy to understand. If you have any questions, email us at support@appspace.co.in.
1. What We Collect
1.1 Phone Number
If you sign up using phone-based authentication, we ask for your phone number to verify your identity via a one-time password (OTP). It is stored securely on our servers and used solely for authentication. We do not use it for marketing or share it with advertisers.
1.2 Voice Recordings
When you record a journal entry, the audio is captured on your device and sent to our server over HTTPS for transcription. The audio file is forwarded to Sarvam AI for speech-to-text conversion. During this transcription step, the audio is processed in its original form — it is not encrypted in transit to Sarvam AI. The audio is held in memory only and is not written to disk on our servers during this process.
After transcription, your audio is separately encrypted on your device using AES-256-GCM and uploaded to our servers in encrypted form for storage and playback. We cannot listen to your stored recordings.
1.3 Journal Transcripts and Mood Analysis
After your voice is transcribed, the transcript text is sent to OpenAI's API (GPT-4o mini) to detect your mood. The text is sent without any identifying information — no phone number, no account ID, no name. After mood detection is complete, the transcript is encrypted on your device before it is stored on our servers. We cannot read your journal text.
1.4 Mood Scores
We store your mood score (a number from 1 to 10) and mood label for each entry. This is what powers the Insights screen. Mood data is stored encrypted on our servers.
1.5 Photos
If you attach photos to a journal entry, they are encrypted on your device before upload. We store only the encrypted file. We cannot view your photos.
1.6 Google Account (optional)
If you sign in with Google or enable Google Drive backup, we use Google Sign-In to verify your identity and receive your email address. We upload an encrypted copy of your encryption key to your own Google Drive (in a hidden app folder not visible in your Drive UI). We do not access any other files in your Drive.
1.7 iCloud Backup (optional, iOS)
On iOS, an encrypted copy of your encryption key is automatically synced to your iCloud Keychain when iCloud is enabled on your device. No additional sign-in is required. The key material stored in iCloud is encrypted and cannot be read by us. You can disable iCloud Keychain at any time in your device settings.
1.8 Apple Account (optional, iOS)
On iOS, you may sign in with Apple to create or access your Talk2Diary account. When you use Apple Sign-In, Apple provides us with a unique user identifier and, on the very first sign-in, an optional name and email address (which you may choose to hide). We use this only to identify your account. We do not share it with third parties or use it for marketing. These features apply to the iOS version, coming soon..
1.9 Subscription Status
If you subscribe, we store your subscription status (active or expired), renewal date, and the transaction identifiers issued by Google Play or Apple App Store. We do not store any payment card details. Payments are processed entirely by Google Play (Android) or Apple App Store (iOS) — we never receive your card or banking information.
1.10 App Usage Analytics
We use Mixpanel to understand how the app is used. Mixpanel collects usage events such as which screens you visit, which features you use, and session information. It does not receive your journal content, mood scores, phone number, or any other personal data. We use this data only to improve the app.
1.11 Device Identifier
We generate an anonymous identifier for your device using a one-way cryptographic hash. It cannot be reversed to identify you or your device. We use it to manage your account without requiring a username or email.
1.12 Transcription Processing Logs
When your audio is transcribed, we log technical metadata: the request identifier, the language used, whether the transcription succeeded or failed, and the response time. We do not log the audio content or the transcript text. These logs are used for monitoring the health of our transcription service. They are deleted when you delete your account.
2. What We Do Not Collect
We do not collect:
- Your location
- Your contacts or call logs
- Any data from other apps on your device
- Payment card or banking details
- Anything from your microphone when the app is closed
- Your biometric data — Face ID and fingerprint authentication happen entirely on your device
3. How We Protect Your Data
Your journal transcripts, mood data, photos, and stored audio files are all encrypted on your device using AES-256-GCM before being uploaded. We store only the encrypted versions. We do not hold the decryption key and cannot read your stored entries.
Transcription exception: When you record an entry, the audio is temporarily passed through our servers in unencrypted form so that Sarvam AI can transcribe it. This is the only point at which your voice content is accessible in its original form on our infrastructure. After transcription, the audio is encrypted on your device before being stored.
Your PIN protects the encryption key on your device. The PIN is never transmitted to our servers.
All data sent between the app and our servers is protected by HTTPS (TLS). Cleartext connections are blocked.
4. Third-Party Services
We use the following third-party services:
Sarvam AI — Transcribes your voice recordings into text. Audio is sent without any personal identifiers. See Sarvam AI's privacy policy at sarvam.ai.
OpenAI — Analyses your transcript to detect your mood (GPT-4o mini). The transcript is sent without any personal identifiers — no phone number, account ID, or name. See OpenAI's privacy policy at openai.com.
SMSCountry — Sends OTP messages to your phone number for verification when you use phone-based sign-in. Your phone number is shared with SMSCountry solely for this purpose. See SMSCountry's privacy policy at smscountry.com.
Mixpanel — App analytics. Collects usage events and session information. Does not receive journal content, mood scores, or personal identifiers. See Mixpanel's privacy policy at mixpanel.com.
Google — We use Google Sign-In for optional account creation and Drive backup, and Google Play for subscription payments on Android. See Google's privacy policy at policies.google.com.
Apple — On iOS, we use Apple Sign-In for optional account creation, iCloud Keychain for encrypted key backup, and Apple App Store for subscription payments. See Apple's privacy policy at apple.com/legal/privacy.
5. Data Retention
- Journal entries — Kept until you delete them or delete your account. When you delete an individual entry, it is permanently and immediately removed from our servers along with its associated audio and photos. This cannot be undone.
- Phone number — Kept for the life of your account. Deleted permanently when you delete your account.
- Subscription records — Kept for the life of your account and deleted when you delete your account.
- Transcription processing logs — Contain only technical metadata (language, response time, success/failure). No transcript content. Deleted when you delete your account.
- OTP codes — Expire after 5 minutes and are purged automatically from our database daily.
When you delete your account, all your data — entries, audio, photos, mood records, encryption keys, and logs — is permanently and irreversibly removed from our systems immediately.
6. Your Rights
You can:
- Export all your journal data from Settings → Export Data
- Delete individual entries at any time (deletion is permanent and immediate)
- Delete your entire account from Settings — see full deletion instructions
- Disconnect Google Drive backup at any time
- Contact us at support@appspace.co.in to ask what data we hold about you, to request a correction, or to raise a grievance
Under the Digital Personal Data Protection Act, 2023 (India), you have the right to access, correct, and erase your personal data. The controls above give you direct access to these rights. For anything else, contact our grievance officer at support@appspace.co.in.
7. Children
Talk2Diary is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a person under 18 has created an account, please contact us at support@appspace.co.in and we will delete the account.
8. Changes to This Policy
If we make significant changes to this policy, we will notify you through the app. The effective date at the top of this page will always reflect the latest version. Continued use of the app after changes means you accept the updated policy.
9. Contact
If you have any questions about this privacy policy or how we handle your data, contact us at:
- Email: support@appspace.co.in
- Company: Appspace Innovations Pvt Ltd