Privacy, without the fog

Who sees what, and when.

A journal asks for the truth. You should get the same honesty back from the software keeping it.

01

When you speak

Your audio is sent to a speech provider for transcription. The moment the words come back, the audio is discarded. SayTrail does not save an audio file in its database or storage.

02

When your words are kept

Your journal lives in Postgres behind row-level security. The database serves your rows only to your signed-in account. Connections use TLS; disks and backups are encrypted at rest with AES-256.

03

When AI reads

An AI model sees an entry only when it is doing work for you: cleaning your transcript, answering a question from your journal, or writing your nightly card. Provider API content is not used to train their models by default. Your journal words are not sent anywhere else.

04

When SayTrail reaches out

Notifications never contain journal content. Reminders, memory, and the nightly thread are opt-in. Turn them off and the journal still works.

05

When you leave

Export your complete journal as readable Markdown or portable JSON whenever you want. Delete your account and SayTrail deletes your journal rows, then removes the account.

06

The honest limitation

SayTrail is not end-to-end encrypted. A journal that remembers has to read your words at the moment it processes them. An end-to-end encrypted journal can keep secrets it cannot understand; it cannot remember for you. That trade is the product, and you should know it before you trust us.

07

The public website

We use Vercel Web Analytics for anonymous, aggregated page counts. It is cookieless. It does not identify you or reconstruct your browsing session across websites.

08

Your device lock

The optional PIN and fingerprint or Face unlock are device-local conveniences. They keep casual eyes off an open journal; they do not replace your account’s email sign-in.

The promises behind the plain language

The product behaviour is visible in SayTrail’s implementation. Infrastructure and provider commitments are documented by Supabase security, Groq data controls, OpenAI API data controls, and Vercel Analytics privacy.

Open your journal