Privacy Policy

Last updated: July 14, 2026

This Privacy Policy explains what personal data we collect when you use the Morning Pages mobile and desktop apps and the website at morningpages.app (together, the "Service"), how we use it, who we share it with, and the choices and rights you have. The Service is operated by Anastasia Gorban, an individual based in Ukraine, who is the data controller for the purposes of the EU General Data Protection Regulation (GDPR). You can reach us at support@morningpages.app for any privacy question or request.

Your journal entries and AI analysis

Morning Pages is a journaling app, so the most important thing to understand is how we handle what you write. Your journal entries are stored on your device and, if you sign in and use cloud sync, are also stored on our servers so you can access them across devices. We do not sell your journal text, use it for advertising, or read it for any purpose other than operating the features you use.

If you have an active subscription or trial and use the insights features (emotions, mood, topics), the text of the relevant entry is sent to OpenAI, our AI analysis provider, to generate those insights. This means the content you write is transmitted to and processed by OpenAI on our behalf for that purpose. If you do not use the insights features, your entries are not sent for AI analysis. The resulting analysis (for example, detected emotions and topics) is stored alongside the entry so we can display your statistics.

Because a personal journal can reveal sensitive details about your life, we treat this analysis as processing of special-category data and rely on your explicit consent as the legal basis. Insights stay off until you choose to turn them on, and you can withdraw your consent at any time by turning the feature off; doing so stops your future entries from being sent for analysis. OpenAI processes your text only as our processor, under a data processing agreement, does not use it to train its models, and retains it only transiently for abuse monitoring before deleting it.

Data we collect

Account data. When you create an account we collect your email address and a password. Passwords are never stored in plain text; they are stored salted and hashed. We also store an authentication token and basic timestamps such as your last login.

Journal content and writing activity. The text of your entries, the dates and times you write, your writing intervals, and your word goals. On iOS and macOS, entries can also sync through your own Apple iCloud account using Apple's CloudKit.

Subscription and purchase data. If you subscribe, we receive and store transaction and subscription details from the relevant platform (Apple App Store, Stripe, or, for some existing subscribers, Gumroad), including purchase receipts, transaction identifiers, a RevenueCat customer identifier, and a Stripe customer identifier. We do not receive or store your full payment card number; card and payment processing is handled by Apple or Stripe.

Usage and device analytics. To understand how the Service is used and to improve it, we collect app usage events and basic device and app information (such as device type, operating system version, app version, and general region) through PostHog and Google Firebase Analytics.

Diagnostics and crash data. If the app encounters an error or crash, we collect diagnostic information (such as error messages, stack traces, device model, and OS version) through Sentry and Firebase Crashlytics to help us fix problems.

Reminders. If you enable writing reminders, they are scheduled as local notifications on your device. Reminder settings stay on your device and are not used to message you from our servers.

How we use your data

We use the data described above to provide and operate the Service (including storing and syncing your entries), to generate the insights you request, to process and manage subscriptions, to provide customer support, to keep the Service secure and reliable, to fix bugs, and to understand and improve how the app is used. If you choose to subscribe to our newsletter, we use your email address to send it; you can unsubscribe at any time.

Legal bases (GDPR)

Where GDPR applies, we rely on the following legal bases: performance of our contract with you (to provide the app, sync, and subscriptions you sign up for); your consent (for optional features such as the newsletter, and where required for analytics); your explicit consent for the AI insights features, which involve special-category data as described above; our legitimate interests (to keep the Service secure, prevent abuse, and improve the product); and compliance with legal obligations. You can withdraw consent at any time where processing is based on consent.

Service providers and third parties

We share data with the following service providers only to the extent needed for them to provide their service to us. They are contractually required to protect your data and use it only for the purposes we specify:

  • Neon and Cloudflare — hosting of our database, servers, and content delivery.
  • OpenAI — AI analysis of journal text for the insights features (subscribers and trials only).
  • Apple — App Store purchases and, on iOS/macOS, iCloud (CloudKit) sync.
  • RevenueCat — subscription management across platforms.
  • Stripe — payment processing for web purchases.
  • Gumroad — payment processing for some existing/legacy subscribers.
  • Mailgun — sending transactional emails (for example, password resets).
  • MailerLite — sending our newsletter, if you opt in.
  • PostHog and Google Firebase — product and usage analytics.
  • Sentry and Firebase Crashlytics — error monitoring and crash reporting.

We do not sell your personal data. We may also disclose data if required by law, to protect our rights, or in connection with a business transfer.

International transfers

Some of our service providers are located outside your country, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

Data retention

We keep your account and journal data for as long as your account is active. When you delete your account, your entries and associated data are deleted from our active systems. Some limited information may be retained where required for legal, accounting, or fraud-prevention purposes, and backups are cycled out over time.

Your rights

Depending on where you live, you may have the right to access the personal data we hold about you, to correct it, to delete it, to export a copy, to restrict or object to certain processing, and to withdraw consent. If you are in the European Economic Area or the UK, you also have the right to lodge a complaint with your local data protection authority. If you are a California resident, you have rights under the CCPA/CPRA, including the right to know, delete, and correct your personal information, and the right not to be discriminated against for exercising those rights.

You can delete your account and its data from the app's settings, or exercise any of these rights by contacting us at support@morningpages.app.

Security

We use technical and organizational measures to protect your data, including encryption in transit (HTTPS/TLS), salted and hashed password storage, and access controls. No method of transmission or storage is completely secure, but we work to protect your information and to address issues promptly.

Children

The Service is not directed to children under 13 (or under 16 in the European Economic Area), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.

Contact us

If you have any questions about this Privacy Policy or how we handle your data, contact Anastasia Gorban at support@morningpages.app.