Privacy Policy

1. Information We Collect

When you use Streaks, we collect:

• Account information — your name, email, and profile picture from Google Sign-In
• Streak data — the streaks you create and your daily check-ins
• Journal entries — stored as ciphertext only; the date title and timestamp are stored in plaintext

2. How We Use Your Information

Your information is used to:

• Authenticate your identity and manage your account
• Display your streaks, progress, and journal entries
• Power optional AI features via the T2A API at https://t2a.kapillohani.site

3. Journal Encryption

Journal entries are encrypted in your browser before being sent to our servers, using AES-256-GCM with a key derived from your passphrase via PBKDF2-SHA256 (200,000 iterations) and a per-entry random salt and IV. Your passphrase is never transmitted to or stored by Streaks. We cannot read your entries, and if you lose your passphrase they cannot be recovered.

4. Data Storage

Your data is stored in a secured PostgreSQL database. We do not sell, share, or distribute your data to third parties.

5. Third-Party Services

Streaks integrates with:

• Google OAuth — for authentication
• T2A API — messages you send to AI features are forwarded to https://t2a.kapillohani.site to generate responses. Encrypted journal ciphertext is never sent to AI providers.

These services have their own privacy policies. We encourage you to review them.

6. Data Deletion

You can delete your streaks and journal entries at any time from the app. Deleting your account removes all associated data.

7. Security

We take reasonable measures to protect your data. However, no system is completely secure and we cannot guarantee absolute protection.

8. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated date. Continued use of the service constitutes acceptance of the revised policy.