Last updated: February 28, 2026
Reflekt is a personal journaling application with AI-powered features including weekly summaries and journal chat. This policy explains what data we collect, how we use it, and your rights.
Account data: When you sign up, we store your username, display name, and a hashed version of your password. We never store your actual password — it is hashed with bcrypt before being saved, and cannot be reversed.
Journal data: Your entries, tags, excerpts, and AI-generated summaries are stored in our database, associated with your account.
We do not collect email addresses, phone numbers, payment information, location data, cookies for tracking, or any analytics or usage data.
All data is stored in a Turso (LibSQL) cloud database. The database is access-controlled and only the application server connects to it. Data is transmitted over encrypted connections (HTTPS/TLS).
When you use AI features (weekly summaries, journal chat), your journal entries are sent to Anthropic's Claude API for processing. This is how the AI reads your entries and generates insights.
Important details about this:
— Anthropic does not use API inputs to train their models.
— Anthropic may retain API inputs for up to 30 days for safety and abuse monitoring, after which they are deleted.
— AI processing happens server-side. Your entries are sent from our server to Anthropic's API, and the response is returned to you.
— If you do not use AI features (summaries, chat), your entries are never sent to any third party.
— You can access all your own data through the app.
— Other users cannot see your data. All queries are scoped to your account.
— The app administrator has database credentials and could technically query the database directly. This is standard for any hosted application. We do not access user data except for debugging critical issues, and only with minimal scope.
— Anthropic receives entry content only when you use AI features, under their API data policy.
You can export all your data (entries, excerpts, summaries) as a JSON file at any time from the Settings page. Your data is portable and belongs to you.
You can delete individual entries, excerpts, and summaries through the app. If you want your entire account and all associated data deleted, contact us and we will remove it from the database.
— Passwords are hashed with bcrypt (10 rounds) before storage.
— All traffic is served over HTTPS.
— Session tokens expire after 7 days.
— We do not currently offer end-to-end encryption of journal entries, but this is under consideration for future versions.
We may update this policy as the app evolves. The "last updated" date at the top will reflect any changes. Continued use of Reflekt after changes constitutes acceptance.
Questions about your data or this policy? Reach out at rushilk26@gmail.com.