Encryption of User Data
Last edited: April 23, 2025
This document explains, in plain language, how we keep your private information safe. It’s written for you—the person who uses our app—and is provided as part of our submission to the Google Play Store and Apple App Store.
1. How We Encrypt Your Data
What happens to your sensitive information?
Before any private text (for example, personal messages or profile details) leaves our servers, it is locked with a strong “envelope” method. This means your data is scrambled so that, even if someone could view our database, they would only see an unreadable jumble of characters.What key do we use?
We use a single, securely stored key managed by Google Cloud. This key is never included in logs or saved alongside your data. Only our app’s server and a very small number of authorized administrators have permission to unlock (decrypt) your information.
2. How Encryption and Decryption Work
Saving your data (Encrypting):
You send a message or update to our server.
Our server uses the secret key to turn your message into ciphertext (locked text).
We save that locked text in our database.
Retrieving your data (Decrypting):
You request to view your own data in the app.
Our server checks that it’s really you.
The server uses the secret key to unlock the text and send you the original message.
If someone else—even a developer—tries to view your text through the database directly, they can only see the locked version and cannot unlock it.
Note: This encryption method ensures that no one with direct database access (including developers) can read your private messages without going through our secure decryption process.
3. How We Verify and Monitor Access
Audit logs:
Every time data is locked or unlocked, Google Cloud records an entry that includes who did it and when.Regular reviews:
We review these audit logs periodically to make sure only authorized actions have occurred.
4. Redacting Logs
Why redact?
Sometimes our system logs contain details of operations (for example, error messages). To protect your privacy, we automatically remove or mask any actual personal text before it is written to our logs.How it works:
A built-in filter looks for sensitive patterns (like names or message content) and replaces them with placeholders before anything is stored.
5. Secret Manager Security
What is Secret Manager?
It’s a secure storage service provided by Google where we keep encryption keys and other internal secrets (like API passwords).Who can access it?
Only our app’s running server processes and a small list of trusted administrators can retrieve these secrets.Additional guardrails:
• Access is granted using strict roles—no one else can request a secret.
• Every secret retrieval is logged just like encryption and decryption operations.
6. Securing Derived Insights
Why protect insights?
We analyze your messages to generate personalized insights and recommendations. These insights are based on your private text and are equally sensitive.Encryption and storage:
We apply the same strong envelope encryption process to store insights. They are encrypted with the same Google Cloud KMS key before saving in our database.Access control and auditing:
Only the app server and designated administrators can decrypt insights, and every decryption operation is recorded in audit logs.
7. Data in Transit
Secure transmission: All data transferred between your device and our servers is encrypted using HTTPS (TLS 1.2+). This ensures that messages and insights cannot be intercepted or read by anyone while in transit.
Server-to-server: Any internal communications between our services also use HTTPS with strong TLS settings to keep your data protected at all times.