Privacy Policy

Nothing.

Whispering Thoughts collects zero data from the app. We do not collect:

• Usage statistics (how often you journal, which features you use)
• Journal entry contents (we cannot decrypt your vault)
• Device information (iOS version, iPhone/iPad model, hardware specs)
• Personal data (name, email, location, IP address)
• Crash reports or error logs
• In-app purchase history
• Search queries or typed text

We genuinely do not know that you are using Whispering Thoughts. There are no analytics SDKs embedded in the app. No Firebase. No Mixpanel. No Google Analytics. No telemetry. Nothing.

Your journal entries are encrypted with Protocol B+ before being saved.This is military-grade encryption (AES-256-GCM for text, ChaCha20-Poly1305 for photos) used by governments and banks.

Here's how it works:

1. Recovery Phrase: During onboarding, you generate a BIP-39 recovery phrase (12 words). This phrase derives your master encryption key. Store it securely—it never leaves your device.
2. PIN Protection: You create a 6-digit PIN for daily access. The PIN unlocks your encryption key from the iOS Keychain (hardware-protected Secure Enclave).
3. Encryption: Text entries use AES-256-GCM. Photos/voice memos use ChaCha20-Poly1305 with per-file derived keys. All data is encrypted before touching disk.
4. Key Storage:The master key is stored in iOS Keychain, protected by your device's Secure Enclave chip. Only your device can access it.
5. Local-First:Your encrypted vault is stored in your device's local sandbox. No network requests required (except optional CloudKit sync).

What this means: Not even Ekoche Studios can decrypt your vault. We do not have a master key. We do not have a backdoor. We cannot recover your data if you forget your password. This is a feature, not a bug.

Your vault is stored locally on your device.Your encrypted journal entries are stored in your device's local sandbox (app container protected by iOS sandboxing). We do not run servers.

Protocol S Sync (Premium Only):If you purchase the Sanctuary Key, you can enable optional encrypted sync via CloudKit. Here's what happens:

• Your encrypted entries sync to YOUR private iCloud container (not our servers)
• Data goes directly from your device to Apple's CloudKit infrastructure
• Ekoche Studios never sees your data — we have no access to your iCloud container
• Entries are already encrypted before upload using your master key (which we don't have)
• Works across iPhone, iPad, and Mac (via "Designed for iPad")

Free users: Your vault stays local-only. Use iCloud Backup (Settings → [Your Name] → iCloud → Backup) to include the app in your device backups. See backup instructions.

If you purchase the Sanctuary Key (one-time unlock), the transaction is processed by Apple via the App Store, not Ekoche Studios.

What Apple collects:

• Your Apple ID and payment information
• Purchase history (stored in your Apple account)
• Receipt data (cryptographically signed)

What Ekoche receives: A StoreKit receipt proving you purchased the Sanctuary Key. This receipt is validated locally on your deviceand never transmitted to our servers (because we don't have servers).

We do not receive your name, email, credit card number, or any personal information from Apple.

Whispering Thoughts requests the following iOS permissions:

• Photo Library (optional): To attach photos to your journal entries. Photos are encrypted before storage.
• Microphone (Premium, optional): For voice dictation (speech-to-text). Audio is processed on-device via Apple's Speech framework and never leaves your device.
• Location (optional): For Atlas entries (travel journal). GPS coordinates are encrypted and stored locally.
• CloudKit (Premium, optional): For Protocol S Sync. Syncs your encrypted entries to YOUR private iCloud container.

All permissions are optional and requested only when needed. You can deny any permission and the app will continue to work (though some features may be unavailable).

Whispering Thoughts uses zero third-party services. No:

• Google Analytics
• Firebase
• Mixpanel
• Segment
• Crashlytics
• Sentry
• Cloud storage providers

The app is completely self-contained. All encryption, storage, and search happens locally on your device.

This privacy policy applies only to the Whispering Thoughts iOS app.

Our website (ekoche.com) uses Google Analytics and Meta Pixel to measure marketing effectiveness. Your app data is never connected to website data. These are separate systems.

The privacy promise ("zero knowledge, zero tracking") applies to the app, not the website. See our global privacy policy for details about website tracking.

We can't sell your data because we don't have it.

Since Whispering Thoughts collects zero data, there is nothing to:

• Request access to (no data stored on our servers)
• Request deletion of (no data stored on our servers)
• Request portability of (your vault.db is already portable — it's on your device)
• Opt out of (no tracking to opt out of)

Your journal entries, search queries, and preferences stay on your device. You own your data. We never see it.

Whispering Thoughts is inherently GDPR and CCPA compliant because we collect zero personal data.

Under GDPR and CCPA, you have the right to:

• Know what personal data is collected about you (zero)
• Request deletion of your personal data (we have none to delete)
• Opt out of data sale (we don't sell data because we don't have data)
• Port your data (your vault.db is already on your device)

Since we process zero personal data, we are not a data controller or data processor under GDPR. Your Windows device is the data controller.

If we ever change our privacy practices (e.g., add analytics or cloud sync), we will:

• Update this page
• Update the app description in Microsoft Store
• Increment the app version number
• Display a one-time in-app notice explaining the change

We will never retroactively collect datafrom previous versions. If you don't update the app, your privacy is preserved.

Last updated: March 29, 2026