ditlo — Privacy Policy

Effective May 16, 2026

ditlo is a personal diary app with an AI companion. Your entries are intimate, so this policy is plain about exactly what we collect, where it goes, and how to erase it. We do not sell your data, show ads, or use your content to train anyone's models.

What we collect

• Account — your email address and a password (stored only as an irreversible bcrypt hash, never in plain text).
• Profile — name, pronouns, age, language preference, and the answers you give during onboarding.
• Diary content — the entries you write and any voice recordings you choose to make.
• Conversations — messages you exchange with your in-app companion and during the onboarding conversation.
• Companion notes — a self-portrait and topic notes the app generates from your inputs so the companion can sound like you and remember context.
• Notifications — if you enable them, a push token and your time zone, used only to deliver the companion's check-ins.

How we use it

Solely to provide the diary and companion features to you: storing your entries, generating the companion's replies, transcribing voice you record, and sending optional reminders. We do not use it for advertising, profiling for third parties, or model training.

Service providers (sub-processors)

To run the app we pass the minimum necessary data to:

• OpenRouter — processes your diary, onboarding, and companion text through a large language model to generate responses.
• Groq — transcribes voice recordings to text. Audio is sent only for transcription and is not stored after the text is returned; only text you save is kept.
• Resend — sends password-reset emails (your email address only).
• Railway — hosts the application and database where your account and entries are stored.
• Expo — delivers push notifications (device token only).

These providers may process data on servers outside your country.

Retention & deletion

We keep your data while your account exists. You can permanently delete your entire account — and everything in it — from Settings → Delete account in the app. Deletion is immediate and irreversible: it erases your entries, the companion's notes, your companion, your profile, and your account. Voice audio is never retained. See our account & data deletion page for step-by-step instructions.

Security

Passwords are hashed with bcrypt, traffic is encrypted in transit over HTTPS, and your data is accessible only to your authenticated account. No online service can promise perfect security, but we limit what we collect and how long we keep it.

Children

ditlo is not directed to children under 13, and we do not knowingly collect data from them. If you are under 13, please do not use the app.

Your choices

You can edit your profile at any time, and you can permanently delete your whole account (and all its data) from within the app. To ask a privacy question or request help with your data, contact us below.

Changes

If this policy changes materially we will update the effective date above. Continued use after a change means you accept the updated policy.

Contact

Questions or requests: benjamin.tan@duricor.com