Privacy Policy

Untangle is a private space for your thoughts. We collect the minimum data needed to run the app, we encrypt it in transit and at rest, we never sell it, and you can export or delete your data at any time.

• Account data: email, hashed password, optional display name, account creation date.
• Content you write: journal entries, brain dumps, reflections, and any input you submit to AI features.
• Subscription data: plan, status, billing cycle, renewal date, Founding Member number where applicable. Card details are handled by Stripe — we never store them.
• Device & log data: IP address, browser type, OS, timestamps, and basic event logs needed for security and reliability.
• Cookies: a session cookie to keep you signed in and a small number of essential cookies for security.

We use a managed authentication provider to handle sign-up, sign-in, password reset, and session tokens. Passwords are hashed — we never see your raw password. Session tokens are stored in your browser and are required for you to stay signed in.

Payments are processed by Stripe. When you start a checkout, you're sent to Stripe's secure flow; your card details go directly to Stripe and never touch our servers. We receive a customer ID, subscription status, plan, and billing metadata via signed webhooks so we can keep your account in sync.

Stripe's handling of your payment information is governed by Stripe's Privacy Policy.

When you use a feature that involves AI reflection, the relevant text you submit is sent to a third-party AI model provider over an encrypted connection so the model can generate a response. We use providers that contractually commit not to use your inputs to train their public models.

AI responses are generated automatically and may be inaccurate. See our Terms for the full disclaimer.

We use privacy-respecting product analytics to understand which features people find helpful — for example, how often a flow is completed, or whether an AI response was useful. We aim to use aggregated and pseudonymous data wherever possible, and we do not attempt to identify individual users from analytics.

Your data is stored with reputable cloud providers in managed, access-controlled databases. Traffic between your device and our servers is encrypted using HTTPS/TLS. Data at rest is encrypted using disk- or database-level encryption provided by our cloud infrastructure.

We share data only with vendors who help us run Untangle:

• Hosting and database providers
• Authentication provider
• Stripe (billing)
• AI model provider(s) for reflection features
• Analytics and error monitoring

We may also disclose information if required by law, to protect users, or as part of a business transfer (e.g. acquisition), in which case you'll be notified.

We do not sell your personal data. We do not rent it. We do not share your journal content with advertisers. Full stop.

You can, at any time:

• Access and review the data on your account.
• Export your journal entries and account data.
• Correct inaccurate information.
• Delete your account and the personal data tied to it, subject to limited retention required for legal and billing records.
• Object to or restrict certain processing, where you have that right under local law (GDPR, UK GDPR, CCPA/CPRA, etc.).

To exercise any of these rights, email privacy@untanglely.com.

We keep your data for as long as your account is active. When you delete your account, we remove your content from active systems within a reasonable period and from backups within our standard backup cycle. Some records (e.g. invoices) may be retained as required by tax and accounting law.

Untangle is not intended for children under 13, or under 16 in jurisdictions where the digital age of consent is higher. We do not knowingly collect personal information from children under those ages.

We may process your data in countries other than where you live. Where required by law, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

We'll update this Privacy Policy from time to time. Material changes will be announced in-app or by email before taking effect.

Privacy questions or requests: privacy@untanglely.com.

Data controller: [Company Legal Entity Name], [Jurisdiction].