Privacy Policy

Last updated: March 6, 2026

Overview

Sotto ("we," "us," or "our") is a journaling application. We take your privacy seriously — especially because the content you share with Sotto is deeply personal. This policy explains what data we collect, how we use it, and how we protect it.

Data we collect

  • Account information: Your email address and hashed password when you create an account.
  • Journal entries: The text you write or dictate. Entries are encrypted at rest in our database.
  • AI reflections: The prompts sent to and responses received from our AI provider (Anthropic) are stored encrypted. These are generated solely for your personal use.
  • Preferences: Your timezone, notification settings, and prompt category preferences.
  • Payment information: Payments are processed by Stripe. We do not store your credit card number. We retain transaction records (date, amount, status) for billing history.
  • Usage data: Basic server logs (IP address, timestamps, pages visited) for security and debugging purposes.

How we use your data

  • To provide the journaling and reflection features of the app.
  • To send you daily prompts and reflection reminders (if enabled).
  • To process payments and manage your subscription.
  • To send transactional emails (password resets, billing receipts).

AI processing

Your journal entries are sent to Anthropic's API to generate personalized reflections. We send only the text of your entries for the current day — no identifying information is included in the AI request. Anthropic does not use API inputs to train their models. For more information, see Anthropic's privacy policy.

Data protection

  • Journal entries and AI reflections are encrypted at rest using Active Record Encryption.
  • All data is transmitted over HTTPS.
  • Passwords are hashed using bcrypt and never stored in plain text.

What we don't do

  • We do not sell, share, or license your personal data to third parties.
  • We do not serve advertisements.
  • We do not use your journal entries to train AI models.
  • We do not track you across other websites.

Data retention & deletion

Your data is retained as long as your account is active. You may delete your account at any time, which will permanently remove all your journal entries, reflections, and personal data from our systems. To request account deletion, contact us at contact@sottoapp.com.

Cookies

We use a session cookie to keep you logged in. We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice.

Contact

Questions or concerns? Reach us at contact@sottoapp.com.