Privacy Policy

1. Who we are

Clicked Emotions is operated by Coding Monks OÜ, a company registered in Estonia. References to “we”, “us”, or “our” in this policy refer to Coding Monks OÜ.

For privacy questions, contact us at privacy@clickedemotions.com.

2. The short version

• Your journal entries are encrypted on your device before they reach our servers. We cannot read them.
• To provide AI features, your text and photos are temporarily processed by Google Vertex AI (Google’s enterprise AI platform), then encrypted immediately after.
• We store your email address and encrypted data. Nothing else.
• We do not sell your data, show you ads, or share your data with third parties beyond what is described here.
• You can delete your account and all data at any time from Settings.

3. What we collect

Account information

Your email address and hashed password, managed by Supabase Auth. If you sign in with Google, we receive your name and email from Google OAuth.

Journal entries (end-to-end encrypted)

Your entry text, titles, emotion labels, AI-generated insights, and journal photos are encrypted on your device using AES-256-GCM before being sent to our servers. We store only ciphertext. We cannot decrypt this data — not to read it, not to recover it, not under any legal process.

Metadata (not encrypted)

Entry dates, word counts, reading times, and creation timestamps are stored unencrypted. This is necessary to display your journal timeline and statistics without requiring decryption.

Usage data

Standard server logs (IP address, browser type, pages visited) retained for up to 30 days for security and debugging. We do not use third-party analytics trackers.

4. How AI processing works

Clicked Emotions uses Google Vertex AI (Google’s enterprise AI platform) to transcribe handwritten photos and analyse the emotions in your writing. This is how the AI pipeline works step by step:

1. You submit a photo or typed entry in the app.
2. Your device sends the image or text to our server for AI processing. At this moment, the content is in plaintext.
3. Our server forwards the content to Google Gemini. Google processes it and returns transcription, emotion labels, and an insight. No human at Google reviews this content.
4. Our server receives the result and immediately returns it to your device.
5. Your device encrypts all content — the transcription, emotion labels, insight, and photo — before saving anything to our database.

The plaintext content exists on our server only during the duration of the API call (typically under 5 seconds). It is not logged, stored, or retained in any form after the response is returned.

Google’s use of data submitted via Vertex AI is governed by the Google Cloud Service Terms. Under Section 17 of those terms, Google is contractually prohibited from using your data to train or improve any AI model without your explicit permission. This is not a default setting — it is a binding legal commitment. We have also disabled Vertex AI’s in-memory prompt caching at the project level, so your content is not retained in any form after each API call completes.

Note: Google Cloud’s Terms of Service require Google to monitor API usage for abuse and policy violations. This may involve logging of requests. We are actively pursuing an exception to this for our project.

5. Encryption architecture

All journal content is protected by client-side end-to-end encryption:

• Master Encryption Key (MEK): A random AES-256-GCM key generated on your device at signup. It never leaves your device in plaintext.
• Key Encryption Key (KEK): Derived from your password using PBKDF2-SHA256 (310,000 iterations). The KEK wraps your MEK for storage.
• Recovery key: A 12-word passphrase shown once at signup. It provides a second KEK that wraps your MEK, enabling password reset without data loss.
• We store only the encrypted MEK and its encrypted backup. We cannot derive your MEK without your password or recovery key.

If you forget your password and lose your recovery key, your encrypted data cannot be recovered by anyone — including us. This is an intentional design decision.

6. Sensitive data

Emotion and mood data may constitute health-related personal data under applicable law, including GDPR Article 9. We treat all journal content as sensitive data regardless of legal classification. Our end-to-end encryption means this data is never accessible to us in readable form.

7. Third-party services

• Supabase (supabase.com) — database, authentication, and file storage. Supabase stores only encrypted ciphertext for journal content.
• Google Vertex AI — AI processing for OCR and emotion analysis via Google’s enterprise AI platform. Content is sent temporarily during processing only (see Section 4). Google is contractually prohibited from training models on this data (Google Cloud Service Terms, Section 17).
• Vercel — application hosting and deployment infrastructure.

We do not integrate advertising networks, social media trackers, or data brokers.

8. Data retention and deletion

Your data is retained for as long as your account exists. When you delete your account (Settings → Danger zone → Delete account), we permanently delete:

• All journal entries and associated photos, emotions, and insights from our database
• Your encrypted encryption keys
• All photos from file storage
• Your authentication account

Deletion is immediate and irreversible. Backups are purged within 30 days.

9. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data. To exercise these rights, contact us at privacy@clickedemotions.com. Because journal content is end-to-end encrypted, we cannot provide readable exports of it — but you can view and export your own data by accessing the app while your vault is unlocked.

If you are in the European Economic Area, you have rights under the GDPR including the right to lodge a complaint with your local supervisory authority.

10. Privacy Mode

When Privacy Mode is enabled for an entry, the original photo is permanently deleted from our storage immediately after transcription. Only the encrypted text transcription is retained. This is enforced server-side and cannot be undone.

11. Children

Clicked Emotions is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, contact us at privacy@clickedemotions.com and we will delete it.

12. Changes to this policy

If we make material changes, we will notify you by email or by a notice in the app at least 14 days before the change takes effect. Continued use after that date constitutes acceptance.