Privacy Policy
Last updated: June 11, 2026
Aurem is a private journaling app. This policy explains what we collect, how we use it, and the choices you have. It's written in plain language because we think privacy policies shouldn't feel like a trap.
If you'd rather read the short version: we collect only what we need to make Aurem work for you. We don't sell your data, we don't track you across apps, and we don't show ads. Your journal entries are yours.
---
## Who we are
Aurem is built and operated by Aurem Journal LLC, a California limited liability company. You can reach us at hello@auremjournal.com for any privacy questions.
---
## What we collect
We only collect what we need to give you the app.
### When you create an account
- Your email address. Used to sign you in, confirm your account, send password resets, and contact you about the service.
- A display name you choose. Shown in the app (e.g. on your cover).
- A password (only if you sign up with email). Stored only as a one-way hashed value by our authentication provider. We never see the original.
- An Apple identifier (only if you use "Sign in with Apple"). This is provided by Apple and lets us recognize you across sign-ins. We do not receive your real email address if you choose Apple's email relay.
### What you write and create
- Journal entries: text, titles, the styling you apply, and the date.
- Photos and images you attach to entries or covers.
- Voice memos you record on entries, including transcripts the app generates locally.
- Drawings you make with PencilKit (the iOS drawing tool).
- Stickers, rhinestones, ephemera, and other decorations you place on entries or your cover.
- Custom stickers and fonts you upload.
- Cover designs including material, color, backdrop, and decorations.
- Mood selections and custom mood definitions.
- Saved collections (groups of entries you've organized).
- Bookmark position (the page Aurem opens to).
- Handwriting samples if you train Aurem to write in your own handwriting.
- Song-of-the-day metadata (track title, artist, URL) if you attach a song to an entry.
We do not collect: your location, your contacts, your health data, your financial data, your browsing history outside Aurem, or your device's advertising identifier.
### Automatically
Basic technical logs generated by our service provider (Supabase) to keep the service running and diagnose problems. Things like server response times and error counts. These logs don't identify you to us beyond your account ID.
Apple's standard app diagnostics, but only if you've opted into "Share with App Developers" in iOS Settings → Privacy & Security → Analytics & Improvements. These include anonymized crash reports and performance metrics — things like how long the app takes to launch, energy use, hang rate, and crash logs. Apple collects and aggregates this data, then surfaces it in our App Store Connect dashboard so we can find and fix bugs. We never receive raw device-level data.
We do not use third-party analytics, crash reporting, or advertising SDKs. There is no IDFA, no Google Analytics, no Facebook Pixel, no Sentry, no Crashlytics. Nothing of that nature in Aurem.
---
## How we use what we collect
We use the information above to:
- Sign you in and keep your account secure.
- Save your journal entries and let you read them back across your devices.
- Sync your work to the cloud so you don't lose anything if you replace your phone.
- Send you transactional emails like sign-up confirmations, password resets, and important changes to the service. No marketing emails unless you opt in.
- Diagnose problems and improve the app.
We do not use your data to train any AI model. We do not sell or rent your data. We do not show advertising.
---
## Who we share it with
Aurem runs on a small number of third-party services that handle parts of the infrastructure. They only see the data they need to do their job, and they're each contractually bound to handle it as we describe here.
- Supabase: our database, authentication, and file storage provider. Your account info, journal entries, photos, voice memos, and other content live in encrypted databases and storage buckets here. ([privacy policy](https://supabase.com/privacy))
- Apple: if you sign in with Apple, Apple handles the authentication itself. Apple receives your sign-in attempts but does not see the contents of your journal. ([privacy policy](https://www.apple.com/legal/privacy/))
- Spotify: only if you authenticate your Spotify account to attach songs to entries. Spotify receives standard OAuth metadata. We receive only the track info you choose to attach. ([privacy policy](https://www.spotify.com/legal/privacy-policy/))
- Resend: sends our transactional emails (sign-up confirmations, password resets). Receives the email address being mailed and the contents of the email. ([privacy policy](https://resend.com/legal/privacy-policy))
- Apple (payments): when you start an Aurem Premium subscription or free trial, Apple processes the payment. Apple receives your purchase info; we never see your credit card details, just whether your subscription is active. Apple's handling of payment data is covered by Apple's own privacy policy.
We never sell your data to advertisers, data brokers, or anyone else.
We may share your data with law enforcement if compelled by a valid legal request, and only the minimum required to comply. We'd push back on overbroad requests.
---
## How we keep it safe
- All data in transit between your device and our servers is encrypted with HTTPS / TLS.
- All data at rest in our database and file storage is encrypted by Supabase.
- Each user's data is isolated by Row Level Security policies. Even if there were a bug in our app, the database itself refuses to return another user's data to your account.
- Our private file storage bucket can only be accessed by you, the account that owns the files. There are no public URLs to your journal photos or voice memos.
- We never see your password, only a hashed form.
No system is perfectly secure, but we treat your journal like the private thing it is and design accordingly.
---
## Your choices
You can:
- See your data. Everything you've created is visible in the app at any time.
- Export your data. Use the Export option in Settings to download your entries as a PDF.
- Edit your data. Edit any entry, cover, or setting at any time from the app.
- Delete your account. Go to Settings → Delete Account. This permanently removes your account and every piece of associated content from our servers. That includes entries, photos, voice memos, drawings, covers, stickers, fonts, the works. Deletion is immediate and cannot be undone.
- Opt out of non-essential emails. Aurem only sends transactional emails (sign-up, password reset, important service changes). We don't send marketing.
If you're in the European Union, the United Kingdom, or California, you may have additional rights under the GDPR, UK GDPR, or CCPA. That includes the right to request a copy of your data, correct inaccuracies, restrict processing, or lodge a complaint with your local data-protection regulator. Email us at hello@auremjournal.com to exercise these rights.
---
## Children
Aurem is intended for users age 13 and up. We don't knowingly collect data from children under 13. If you believe a child under 13 has created an account, please contact us at hello@auremjournal.com and we'll delete it.
---
## Where your data lives
Our servers and file storage are hosted on Supabase's US-East-1 infrastructure (Amazon Web Services, Virginia, USA). If you use Aurem from outside the United States, your data will be transferred to and processed in the US.
---
## Changes to this policy
If we make material changes, we'll update the "Last updated" date at the top of this page and, where appropriate, notify you in the app or by email before the changes take effect. If you keep using Aurem after a change, it means you accept the new policy.
---
## Contact
Privacy questions, data requests, or anything else about how we handle your information, just email hello@auremjournal.com.