Privacy Policy
Last Updated: February 21, 2026
At InnerLuminous, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our daily self-love platform.
TL;DR: We collect your email, password, and journal entries to provide the service. We don't sell your data. We use basic cookies for authentication. You can request your data or delete your account anytime.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address — for account login and communication
- Password — stored securely using bcrypt hashing (we never see your plain-text password)
- Name — optional, for personalization
Content You Create
As you use InnerLuminous, we store:
- Journal entries — your daily reflections and responses to prompts
- Affirmation interactions — which affirmations you've seen and when
- Streak data — your consecutive login days and milestones
Usage Data
We automatically collect technical information, including:
- Device & browser type — to ensure compatibility
- IP address — for security and analytics
- Session data — to keep you logged in
- Analytics — basic usage patterns via Polsia Analytics (anonymous visitor tracking)
2. How We Use Your Information
We use your data to:
| Purpose | Details |
|---|---|
| Provide the service | Deliver daily affirmations, store journal entries, track streaks |
| Improve the platform | Analyze usage patterns to enhance features and user experience |
| Communicate with you | Send important updates, new features, or support responses (no marketing spam unless you opt in) |
| Security & fraud prevention | Protect your account and detect malicious activity |
3. Data Sharing & Disclosure
We Don't Sell Your Data
Period. Your journal entries, affirmations, and personal reflections are yours. We will never sell, rent, or trade your personal information to third parties.
Service Providers
We use trusted third-party services to operate InnerLuminous:
- Neon (PostgreSQL database) — stores your account and content data securely
- Render (hosting) — runs the platform infrastructure
- Polsia (parent platform) — provides infrastructure and analytics
These providers are contractually required to protect your data and only use it to provide services to us.
Legal Requirements
We may disclose your information if required by law, court order, or to protect the rights, safety, or property of InnerLuminous, our users, or the public.
4. Cookies & Tracking
We use cookies and similar technologies for:
- Authentication — keeping you logged in between sessions
- Analytics — understanding how people use the platform (via Polsia Analytics)
You can disable cookies in your browser, but this may limit functionality (e.g., you'll need to log in every visit).
5. Data Retention
We retain your data as long as your account is active. If you delete your account:
- Your journal entries and personal content are permanently deleted within 30 days
- We may retain aggregated, anonymized analytics data for product improvement
- Legal or security logs may be retained longer if required by law
6. Your Rights
You have the right to:
- Access your data — request a copy of all personal information we store
- Correct your data — update your email, name, or other account details
- Delete your account — permanently remove your data from our systems
- Export your data — download your journal entries and content (feature coming soon)
- Opt out of emails — unsubscribe from non-essential communications
To exercise these rights, contact us at innerluminous@polsia.app.
7. Data Security
We take security seriously and use industry-standard measures:
- Encryption — all data transmitted over HTTPS
- Password hashing — bcrypt with salting (we never store plain-text passwords)
- Secure databases — hosted on Neon with access controls
- Session management — 30-day expiry with secure tokens
However, no system is 100% secure. While we do our best, we can't guarantee absolute protection against all threats.
8. Children's Privacy
InnerLuminous is intended for users aged 13 and older. If you're under 13, please do not create an account or provide personal information. If we discover that a child under 13 has created an account, we'll delete it promptly.
9. International Users
InnerLuminous is operated in the United States. If you're accessing from outside the U.S., your data may be transferred to and stored in the U.S. By using our service, you consent to this transfer.
10. GDPR & CCPA Compliance
For EU Users (GDPR)
If you're in the European Union, you have additional rights under GDPR, including:
- Right to access, rectification, erasure, and portability
- Right to object to processing or withdraw consent
- Right to lodge a complaint with your local data protection authority
For California Users (CCPA)
If you're in California, you have the right to:
- Know what personal information we collect and how it's used
- Request deletion of your personal information
- Opt out of the "sale" of personal information (we don't sell data, so this doesn't apply)
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make significant changes, we'll notify you via email or a notice on the platform. The "Last Updated" date at the top will reflect the most recent version.
12. Contact Us
Questions, concerns, or data requests? Reach out:
- Email: innerluminous@polsia.app
- App URL: https://innerbloom-6syr.polsia.app