Privacy Policy
Summary. Confido is a local-first journaling app. By default, everything you write, record, and capture stays on your iPhone. Cloud features that send data to our servers are explicitly opt-in, clearly labeled, and can be disabled at any time.
1. Who we are
Confido (“the app”) is developed and operated by Lin Chiang-Yu, an individual developer based in Taiwan (“we,” “us”). This privacy policy describes what data the app handles, when data leaves your device, and how to exercise your rights.
2. Local-first by default
Confido is designed so that the core journaling experience runs entirely on your device:
- Journal entries, voice notes, attached photos and videos, captured locations, and your settings are stored locally using Apple’s SwiftData framework and the iOS file system.
- None of this content is sent to our servers unless you explicitly enable a cloud feature described below.
- If you never sign in and never enable cloud features, Confido does not collect any data from you.
3. Optional cloud features
Confido offers cloud-backed features that you can choose to enable. Each requires you to sign in with Apple ID (Sign in with Apple). When you opt in, specific categories of data are processed on our servers as described below.
3.1 Sign in with Apple
When you sign in, Apple provides us a pseudonymized user identifier and, depending on your choice, your name and an email address (which may be Apple’s private relay address). We store this identifier with your Confido Cloud account so we can associate your future requests with the right account.
3.2 AI Companion and Diary Generation
When you use AI features such as the AI Companion or automatic Diary generation, the relevant journal text is sent to our Cloud Gateway, which forwards it to Google’s Gemini API for processing. The generated response is returned to your device. We do not retain prompts or responses beyond the request lifetime on our Gateway.
3.3 Speech transcription (two engines)
Confido offers two speech-to-text engines that you can switch between in Settings:
- On-device (default). Uses iOS 26’s SpeechAnalyzer framework. Audio is transcribed locally on your iPhone and never leaves the device.
- Cloud (opt-in). Uses our server-side recognizer for higher transcription accuracy. When this engine is selected, the audio file is sent to our Cloud Gateway for transcription. We do not retain audio beyond the request lifetime on our Gateway.
You can switch back to on-device transcription at any time from Settings.
3.4 Usage metering
When cloud features are enabled, our Cloud Gateway counts your API call volume and total audio seconds processed. We use these counters solely for service availability (rate limiting and fair-use enforcement). We do not use this data to analyze your behavior, profile you, or target advertising.
3.5 Profile picture (optional)
If you choose to upload a profile picture, it is stored in our backend storage and shown only to you. You can remove it at any time.
4. What we do not collect
Even with all cloud features enabled, Confido never:
- Uploads your journal photos or videos to our servers (your own profile picture is the only image that leaves the device, and only if you set one).
- Uploads your precise GPS location. Location captured with moments is stored on-device only. Reverse geocoding (turning coordinates into place names) uses Apple’s MapKit, which is an Apple system service, not our backend.
- Uses tracking identifiers such as the IDFA, or asks for App Tracking Transparency permission.
- Shares data with advertising networks or data brokers.
- Sells your data.
5. Third-party processors
When you use cloud features, the following third parties process data on our behalf:
- Cloudflare—hosts our Cloud Gateway and this website. Cloudflare Privacy Policy
- Supabase—stores your Confido Cloud account, entitlement state, and profile picture. Supabase Privacy Policy
- Google Gemini—processes AI Companion and Diary generation prompts. Google Privacy Policy
We do not control these third parties’ own data practices. We choose providers whose terms align with the limited, request-scoped processing described in this policy.
6. Data retention
- On-device content remains on your iPhone until you delete it or uninstall the app.
- Cloud Gateway request data (AI prompts, audio for cloud transcription) is processed in-memory and not persisted beyond the request lifetime.
- Confido Cloud account state (Sign in with Apple identifier, entitlement, usage counters, profile picture) is retained while your account exists. It is deleted when you delete your account.
7. Your rights and choices
- Stop using cloud features. Sign out of Confido Cloud in Settings; subsequent requests stay on-device.
- Delete your account. Open Settings › Account › Delete Account inside the app. This deletes your Confido Cloud account and all associated server-side data (account record, entitlement, usage counters, profile picture).
- Export your data. Confido provides a data export to a neutral JSON format from Settings. The export covers your on-device journal content and is portable to other journaling tools.
- Withdraw consent. You can disable cloud features without deleting your account, in which case existing server-side records remain until you choose to delete the account.
8. Children’s privacy
Confido is not directed to children under 13 and we do not knowingly collect data from children under 13. If we become aware that a child under 13 has provided us data through cloud features, we will delete it.
9. Security
All network communication between the app and our Cloud Gateway uses HTTPS / TLS. API credentials and authentication tokens are stored in the iOS Keychain. Our Cloud Gateway and Supabase backend enforce server-side authentication and authorization for every request.
No system is perfectly secure. If you discover a vulnerability, please contact us via the Support page.
10. International data
Our Cloud Gateway and Supabase instance may process and store data in regions outside Taiwan (your country of residence) depending on the providers’ infrastructure placement. By using cloud features, you consent to this processing.
11. Changes to this policy
We may update this privacy policy from time to time, for example when we add new features that change what data we handle. We will revise the “Last updated” date at the top of this page. For material changes that affect existing users, we will surface the change inside the app on next launch.
12. Contact
If you have questions about this privacy policy, please contact us:
- Email: [email protected]
- Support page: confido.rxchi1d.me/support