Privacy Policy
The short version: We don't collect, store, or have access to your journal entries. Ever. Your data is encrypted on your device with a key only you control. We literally cannot read your entries even if compelled to.
1. Our Philosophy
Oracle The Journal ("Oracle," "we," "us," or "our") is built on a radical premise: your private thoughts belong to you alone. This isn't just a policy — it's enforced by our architecture. We use local-first encryption so that even we are technically incapable of accessing your data.
2. What We Do NOT Collect
- Journal entries — never transmitted, never stored on our servers
- Dream diary entries — encrypted and stored only on your device
- AI conversations — processed entirely on your device via Llama 3.2
- Your encryption key or Master Password — derived locally, never transmitted
- IP addresses — Cloudflare Workers never expose client IPs to our code
- Browsing behavior, analytics, or tracking data — we use zero analytics tools, zero tracking pixels, zero cookies for advertising
3. What We Do Collect (Anonymous Archetype Data)
If you opt in to the "State of the Soul" collective feature, Oracle generates an Anonymous Archetype Profile on your device. This profile is:
- Generalized — specific details (age, location) are converted to broad categories (e.g., "30–35," "Europe")
- Noise-injected — Differential Privacy algorithms add mathematical noise so individual contributions have plausible deniability
- K-Anonymous — no data point is stored unless at least 5 people share that same category (the "Rule of 5")
This anonymous profile contains no raw text, no user identifiers, no IP addresses, and no encryption keys. It is transmitted over TLS 1.3 to a Cloudflare Worker that has no access to the sender's IP address by default.
4. How Your Data Is Protected
Local Encryption
All journal entries are encrypted using AES-256-GCM and stored in your browser's IndexedDB. The encryption key is derived from your Master Password using a key derivation function on your device. The key never leaves your device.
Local AI Processing
The Higher Self AI runs entirely on your machine using Ollama and Llama 3.2 (3B). Your entries are processed in local memory only. No data is sent to any external AI service (not OpenAI, not Google, not anyone).
Infrastructure
Our backend runs exclusively on Cloudflare's edge network:
- Cloudflare Pages — hosts the frontend (static files only)
- Cloudflare Workers — serverless functions that never see client IP addresses
- Cloudflare D1 — stores only anonymized, aggregated archetype data
There are no traditional servers, no AWS, no Azure, no third-party databases.
5. Authentication
If you sign in with Google, we receive only your email address for account identification. Your email is never linked to your journal entries or archetype data. Google does not have access to any Oracle data.
6. Third-Party Services
Oracle uses the following third-party services:
- Cloudflare — hosting and edge compute (no data shared beyond anonymous archetype profiles)
- Google Sign-In — authentication only (optional)
We do not use any analytics platforms, advertising networks, data brokers, or customer tracking tools.
7. Data Retention
- Journal entries: Stored on your device indefinitely until you delete them. We have no copy.
- Anonymous archetype data: Retained in Cloudflare D1 for aggregate analysis. Cannot be linked to you.
- Account data: Email address retained for authentication. You can delete your account at any time.
8. Your Rights
Because your data lives on your device, you have complete control:
- Access: Your data is on your device — you already have it
- Delete: Clear your browser storage or delete within the app at any time
- Portability: Export your entries from the local vault
- Opt out: You can disable the anonymous collective feature at any time
For GDPR, CCPA, and similar regulations: because we don't possess your personal data on our servers, most data subject requests are already fulfilled by design.
9. Children's Privacy
Oracle is not intended for use by individuals under the age of 16. We do not knowingly collect data from children.
10. Changes to This Policy
We will update this page if our practices change. Because our architecture makes data collection technically impossible, material changes are unlikely. The "last updated" date at the top reflects the most recent revision.
11. Open Source Verification
Don't take our word for it. Oracle is open source. You can audit our code, verify our encryption implementation, and confirm that no data leaves your device:
github.com/joellejrz/oracle-journal
12. Contact
Questions about this policy? Reach us at [email protected]