Privacy Policy
Last updated: June 30, 2026
Sacred Pages (“Sacred Pages,” “we,” “us”) is a private journaling app. This policy explains what we collect, how we use it, who we share it with, and the choices you have. It applies to the Sacred Pages web app at sacredpages.app and related services operated by Satori Consulting Global LLC.
We built Sacred Pages around the principle that your journal is yours. The most important thing in this policy is the Encryption & security section — please read it.
1.Information we collect
You give us:
- Account details — your email address and password, or, if you sign in with Google or Apple, the basic profile information those providers share (email and name). We never see your Google/Apple password.
- Profile & onboarding — your display name, your “book” name, and the preferences you choose during onboarding (e.g. the areas you want to work on).
- Your journal content — entries, intentions, priorities, notes, and voice recordings and their transcripts. This is encrypted (see Section 3).
- Settings — reminder preferences and time zone, an optional app-lock PIN (stored only as a salted hash, never in the clear), and an optional Quick Entry token (stored only as a hash).
Created automatically:
- Subscription data — if you subscribe, our payment processor (Stripe) gives us a customer/subscription identifier and your subscription status. We never receive or store your full card number — Stripe handles payment details directly.
- Usage analytics — if you consent, product-analytics events about how the app is used (see Section 6).
- Technical logs — standard server logs from our hosting providers (e.g. IP address, browser type, timestamps) used to operate and secure the service.
We do not sell your personal information, and we do not use your journal content to train AI models.
2.How we use your information
- To provide the app: store and display your journal, sync across your devices, and run features you choose (reminders, Quick Entry, voice transcription).
- To manage your account and subscription.
- To secure the service, prevent abuse, and debug problems.
- To understand and improve the product (analytics — only with your consent).
- To send service messages and, if you opt in, reminder emails.
Our legal bases (where GDPR/UK GDPR applies) are: performance of our contract with you (providing the app), your consent (analytics, optional emails), and our legitimate interests (security, product improvement).
3.Encryption & security
All of your journal content is encrypted at rest. There are two modes:
Standard mode (default)
Your content is encrypted, and we hold the encryption key on our servers. This lets us provide server-side features (like generating list previews and processing Quick Entry). It also means that, to operate the service, our systems can technically access your content. We restrict that access and never use your content except to provide the service to you.
End-to-end encryption (optional)
You can turn on end-to-end encryption (E2E) in Settings. When you do:
- Your content is encrypted with a key derived from your password and backed up under a one-time recovery code that we show you once.
- We delete our copy of your key. From then on, only you can decrypt your content. We cannot read it — not for support, not in response to a legal request, and not in the event of a data breach. We would only ever be able to produce unreadable, encrypted data.
What E2E does and doesn’t protect. E2E protects the contents of your entries. It does not hide metadata — for example, the dates and times you write, the type of entry, the chapter, audio duration, and how many entries you have remain visible to our systems. The strength of E2E also depends on the strength of your password and the secrecy of your recovery code: someone who obtained our encrypted database could attempt to guess a weak password offline (the encryption is designed to make this slow and costly, but a strong, unique password is your best protection). Your recovery code is high-entropy and is not feasible to guess.
Recovery and the trade-off of E2E. Because we don’t hold your E2E key, if you forget your password and lose your recovery code, your end-to-end-encrypted content cannot be recovered by anyone, including us. This is the cost of true privacy; please store your recovery code somewhere safe.
Voice transcription with E2E. If you transcribe a voice recording on an E2E account, your device decrypts the audio locally and sends it to our transcription provider (Deepgram) for that single transcription; the audio is not stored there and is excluded from their model training. The recording and the resulting transcript remain end-to-end encrypted at rest.
Quick Entry with E2E. Captures sent from your iOS Shortcut are encrypted to your public key the moment they reach our server (we cannot read them) and are decrypted only on your unlocked device.
Other protections. Data is encrypted in transit (HTTPS), access to our backend is restricted, and we apply a strict content-security policy. No system is perfectly secure, but we work to protect your data.
4.Who we share information with (sub-processors)
We use the following service providers to run Sacred Pages. They process data on our behalf under their own terms; we share only what’s needed for each function.
| Provider | Purpose | Notes |
|---|---|---|
| Supabase | Database, authentication, file storage, backend functions | Stores your (encrypted) content and account data. Hosted in United States. |
| Vercel | Web app hosting / delivery | Serves the app; standard request logs. |
| Stripe | Payment processing | Handles card data directly; we store only identifiers + status. |
| Deepgram | Voice-to-text transcription | Receives audio only when you transcribe; not retained, excluded from training. |
| PostHog | Product analytics | Only if you consent; see Section 6. |
| Resend | Email delivery | Used for reminder emails if you enable reminders. |
We may also disclose information if required by law, to protect our rights or users’ safety, or in connection with a merger or acquisition. Note that for end-to-end-encrypted content, a legal request can only ever yield encrypted data we cannot decrypt.
5.Data retention
We keep your information for as long as your account is active. When you delete your account, we delete your personal data and journal content from our live systems immediately, except where we must retain limited records for legal, tax, or security reasons.
6.Analytics & cookies
We use a small amount of browser storage to keep you signed in, remember your onboarding progress, and store your privacy choices. We use PostHog for product analytics (which features are used, where people get stuck) only after you consent; you can decline, and we won’t load analytics. We do not use third-party advertising trackers.
7.Your rights and choices
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can:
- Access/export or delete your data by contacting us.
- Withdraw analytics consent at any time in the app.
- Turn end-to-end encryption on or off in Settings.
To exercise any right, contact us at privacy@sacredpages.app. We will respond within the time required by applicable law. You also have the right to complain to your local data-protection authority.
8.Children
Sacred Pages is not directed to children under 16 and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
9.International data transfers
We operate from and store data in the United States. If you access Sacred Pages from elsewhere, your information may be transferred to and processed in the United States. Where required, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) for international transfers.
10.Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you in the app or by email and update the “Last updated” date above.
11.Contact
Questions about this policy or your data: privacy@sacredpages.app