Who we are
Unspoken is operated by Elyorbek Turdialiev, based in Riga, Latvia. For the purposes of the EU General Data Protection Regulation (GDPR), Elyorbek Turdialiev is the data controller.
Contact: hello@unspoken.app
What we collect
Account information: Your email address and a hashed password. We need these to create and secure your account. We do not ask for your name, phone number, location, or any identifying information beyond email.
Your writing: The entries you write in Unspoken are stored in our database so they can be returned to you across sessions and used to generate your weekly reflections. Your entries are encrypted in transit (HTTPS) and stored on servers provided by Supabase (hosted in the EU).
Mood selections: When you tag an entry with a mood (e.g. "calm," "tired"), that selection is stored alongside your entry.
Settings: Your timezone, language preference, and any other settings you configure.
Reflection data: Weekly reflections generated from your entries are stored so you can revisit them.
Technical data: We collect minimal technical data required to operate the service: browser type, approximate session timestamps. We do not use analytics tracking, advertising pixels, or fingerprinting.
How we use your data
To provide the service: Your entries and mood data are used to generate your weekly reflections. This processing is performed by the Anthropic API (Claude), a third-party AI service. Your entries are sent to the Anthropic API solely for the purpose of generating your reflection. Anthropic's data usage policy states that data sent via the API is not used to train their models.
To communicate with you: We may send you your weekly reflection via email (if you have opted into this). We will not send marketing emails.
To improve the service: We may analyze aggregated, anonymized usage patterns (e.g., how many entries are written per week across all users) to improve Unspoken. We will never analyze individual entries for this purpose.
What we will never do
We will never sell your data to advertisers or any third party.
We will never show you advertising.
We will never read your entries manually unless you explicitly ask us to (e.g., for a support request involving your data).
We will never share your entries with other users unless you actively choose to share them.
We will never use your entries to train AI models. The Anthropic API processes your entries only to generate your reflection, and discards them after.
Third-party services
Supabase: Database and authentication hosting. Servers located in the EU. Supabase processes your data as a data processor under our instructions.
Anthropic (Claude API): Processes your entries to generate weekly reflections. Data sent via API is not retained or used for training per Anthropic's API data policy.
Netlify: Hosts the marketing website (no user data is processed through Netlify).
Resend: Email delivery service for sending reflections. Processes your email address to deliver messages. (Pending setup.)
Data retention
Your entries and reflections are stored for as long as your account exists. You can delete individual entries at any time from the Past Entries page. You can delete your entire account and all associated data from Settings. Account deletion is permanent and irreversible — once deleted, your data cannot be recovered.
You can export all of your data (entries, reflections, settings) as a JSON file from the Settings page at any time.
Your rights under GDPR
If you are in the European Economic Area, you have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; export your data in a portable format; object to or restrict certain processing; and withdraw consent at any time.
To exercise any of these rights, email hello@unspoken.app. We will respond within 30 days.
Children's privacy
Unspoken is available to users aged 13 and above. Users between 13 and 15 years old require parental or guardian consent to create an account, in accordance with GDPR requirements. Users aged 16 and above may consent independently. If we learn that we have collected data from a child under 13 without appropriate consent, we will delete that data promptly.
If you are a parent or guardian and believe your child has created an account without your consent, please contact us at hello@unspoken.app.
Cookies
Unspoken uses only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies. There is nothing to opt out of because we do not track you.
Security
All data is transmitted over HTTPS (TLS encryption). Passwords are hashed and never stored in plaintext. Database access is restricted and authenticated. We follow industry-standard security practices appropriate for the sensitivity of the data we hold.
Despite our efforts, no system is perfectly secure. If you become aware of a security vulnerability, please contact us at hello@unspoken.app.
Changes to this policy
If we make material changes to this privacy policy, we will notify you via email or a notice within the app before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.
Contact
For any questions about this privacy policy or how your data is handled, email hello@unspoken.app.