Legal

Privacy Policy

Last updated: June 30, 2026

Sacred Pages (“Sacred Pages,” “we,” “us”) is a private journaling app. This policy explains what we collect, how we use it, who we share it with, and the choices you have. It applies to the Sacred Pages web app at sacredpages.app and related services operated by Satori Consulting Global LLC.

We built Sacred Pages around the principle that your journal is yours. The most important thing in this policy is the Encryption & security section — please read it.

1.Information we collect

You give us:

Created automatically:

We do not sell your personal information, and we do not use your journal content to train AI models.

2.How we use your information

Our legal bases (where GDPR/UK GDPR applies) are: performance of our contract with you (providing the app), your consent (analytics, optional emails), and our legitimate interests (security, product improvement).

3.Encryption & security

All of your journal content is encrypted at rest. There are two modes:

Standard mode (default)

Your content is encrypted, and we hold the encryption key on our servers. This lets us provide server-side features (like generating list previews and processing Quick Entry). It also means that, to operate the service, our systems can technically access your content. We restrict that access and never use your content except to provide the service to you.

End-to-end encryption (optional)

You can turn on end-to-end encryption (E2E) in Settings. When you do:

What E2E does and doesn’t protect. E2E protects the contents of your entries. It does not hide metadata — for example, the dates and times you write, the type of entry, the chapter, audio duration, and how many entries you have remain visible to our systems. The strength of E2E also depends on the strength of your password and the secrecy of your recovery code: someone who obtained our encrypted database could attempt to guess a weak password offline (the encryption is designed to make this slow and costly, but a strong, unique password is your best protection). Your recovery code is high-entropy and is not feasible to guess.

Recovery and the trade-off of E2E. Because we don’t hold your E2E key, if you forget your password and lose your recovery code, your end-to-end-encrypted content cannot be recovered by anyone, including us. This is the cost of true privacy; please store your recovery code somewhere safe.

Voice transcription with E2E. If you transcribe a voice recording on an E2E account, your device decrypts the audio locally and sends it to our transcription provider (Deepgram) for that single transcription; the audio is not stored there and is excluded from their model training. The recording and the resulting transcript remain end-to-end encrypted at rest.

Quick Entry with E2E. Captures sent from your iOS Shortcut are encrypted to your public key the moment they reach our server (we cannot read them) and are decrypted only on your unlocked device.

Other protections. Data is encrypted in transit (HTTPS), access to our backend is restricted, and we apply a strict content-security policy. No system is perfectly secure, but we work to protect your data.

4.Who we share information with (sub-processors)

We use the following service providers to run Sacred Pages. They process data on our behalf under their own terms; we share only what’s needed for each function.

ProviderPurposeNotes
SupabaseDatabase, authentication, file storage, backend functionsStores your (encrypted) content and account data. Hosted in United States.
VercelWeb app hosting / deliveryServes the app; standard request logs.
StripePayment processingHandles card data directly; we store only identifiers + status.
DeepgramVoice-to-text transcriptionReceives audio only when you transcribe; not retained, excluded from training.
PostHogProduct analyticsOnly if you consent; see Section 6.
ResendEmail deliveryUsed for reminder emails if you enable reminders.

We may also disclose information if required by law, to protect our rights or users’ safety, or in connection with a merger or acquisition. Note that for end-to-end-encrypted content, a legal request can only ever yield encrypted data we cannot decrypt.

5.Data retention

We keep your information for as long as your account is active. When you delete your account, we delete your personal data and journal content from our live systems immediately, except where we must retain limited records for legal, tax, or security reasons.

6.Analytics & cookies

We use a small amount of browser storage to keep you signed in, remember your onboarding progress, and store your privacy choices. We use PostHog for product analytics (which features are used, where people get stuck) only after you consent; you can decline, and we won’t load analytics. We do not use third-party advertising trackers.

7.Your rights and choices

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can:

To exercise any right, contact us at privacy@sacredpages.app. We will respond within the time required by applicable law. You also have the right to complain to your local data-protection authority.

8.Children

Sacred Pages is not directed to children under 16 and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

9.International data transfers

We operate from and store data in the United States. If you access Sacred Pages from elsewhere, your information may be transferred to and processed in the United States. Where required, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) for international transfers.

10.Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you in the app or by email and update the “Last updated” date above.

11.Contact

Questions about this policy or your data: privacy@sacredpages.app