Last updated: April 2026 · Aglossal is operated by Embur World
Aglossal is built on one principle: what you write here is yours. This policy explains exactly what data we collect, how we use it, and the rights you have over it. Written to be read, not to obscure.
Aglossal is a private personal reflection tool for storing unsaid thoughts, voice memos, and emotional expressions. It is not a medical device, mental health treatment, therapy service, or crisis intervention platform. It is not a substitute for professional mental health care. If you are in crisis or experiencing a mental health emergency, please contact emergency services or a qualified mental health professional in your region immediately.
All vault entries — text and voice recordings — are stored locally on your device using AES-256 encryption. This data never leaves your device except when you explicitly choose to use a release feature (Anonymous Pulse, Direct Delivery, or Time Capsule). Your vault is protected by Face ID, Touch ID, or your device passcode via Apple's LocalAuthentication framework. We do not store, access, or transmit your biometric data. Biometric authentication is handled entirely by your device's operating system.
We store the following on our servers only when you use specific features: Account: Your email address and encrypted password (if registered with email), used solely for authentication. Sign in with Apple provides authentication without sharing your personal email. Release features: When you send an Anonymous Pulse, Direct Delivery, or Time Capsule, we store the minimum required to fulfill delivery — recipient contact, emotional category or content, and scheduled date. Raw vault text sent via Direct Delivery is purged from our servers within 24 hours of delivery. Voice audio (Direct Delivery only): If you send a voice memo via Direct Delivery, the audio file is temporarily uploaded to Cloudinary (our secure media hosting provider) to generate a playable link for the recipient. The file is accessible via a private, unguessable URL and is not indexed or searchable. Shadow Portrait: To generate your portrait, anonymized behavioral metadata is sent to Anthropic's Claude AI — entry count, emotion distribution, revision frequency, and time-of-day patterns only. Your actual words are never sent.
Microphone: Required to record voice memos in the Draft Studio. Audio is stored locally on your device. It is only uploaded when you explicitly send a voice memo via Direct Delivery. We do not access your microphone at any other time. Face ID / Touch ID: Used to protect access to your vault. We use Apple's LocalAuthentication framework. Your biometric data never leaves your device and is never accessible to us. Notifications: Used to send daily check-in reminders and Time Capsule delivery alerts. These are local notifications scheduled on your device. We do not send marketing notifications. You can disable notifications at any time in your device Settings. All permissions are optional. You can skip biometric and notification setup during onboarding or disable them later in Settings.
Anthropic (anthropic.com) — Powers the Shadow Portrait feature. Receives anonymized behavioral metadata only. No raw text. Privacy policy: anthropic.com/privacy Resend (resend.com) — Email delivery service for Anonymous Pulse, Direct Delivery, Time Capsule, and password reset emails. Receives recipient email addresses and message content only when you explicitly trigger a release. Privacy policy: resend.com/legal/privacy-policy Cloudinary (cloudinary.com) — Secure media hosting for voice audio sent via Direct Delivery. Audio files are stored with private access controls. Privacy policy: cloudinary.com/privacy Railway (railway.app) — Backend server hosting. Processes API requests and stores account and release data. Privacy policy: railway.app/legal/privacy None of these providers are authorized to use your data for advertising, profiling, or any purpose beyond service delivery.
Aglossal will never
Anonymous Pulse sends a single emotional word to a recipient via email. Your identity, name, email address, and the content of your vault entry are never included or revealed. The recipient receives only the emotional signal with no way to identify you. This feature may not be used to send threatening, harassing, or abusive content.
Direct Delivery sends your chosen entry content to a recipient's email. You have a 10-minute cancellation window after sending. After this window, the message is delivered and cannot be recalled. Content is purged from our servers within 24 hours of delivery. You are solely responsible for the content you send.
Time Capsule seals your entry for future delivery on a date you choose. Content is stored encrypted on our servers until the delivery date. If you delete your account before the delivery date, the capsule is also deleted and will not be sent. Content is purged within 24 hours of delivery.
Shadow Portrait generates a personal reflection using Claude (Anthropic's AI). We send anonymized behavioral metadata — not your words — to Anthropic's API. This includes: total entry count, emotion tag distribution, revision frequency, and time-of-day writing patterns. No raw text from your vault ever leaves your device for this feature. The generated portrait is displayed only to you and not stored on our servers.
Aglossal includes on-device crisis keyword detection that runs entirely within the app. No text content is sent to any server during crisis detection. If concerning keywords are detected, you are shown local mental health and crisis resources. No alerts are sent to any third party, including Aglossal, when crisis keywords are detected. The system surfaces resources — it does not monitor, record, or report. In a life-threatening emergency, always contact emergency services directly.
Aglossal offers optional Premium subscriptions through Apple's App Store in-app purchase system. We do not collect or store your payment information — all billing is handled by Apple. Subscriptions automatically renew at the end of each billing period unless cancelled at least 24 hours before renewal. To manage or cancel: iPhone Settings → Apple ID → Subscriptions. Refunds must be requested from Apple at reportaproblem.apple.com. We do not process refunds directly. Current prices (may vary by region): · Monthly Premium: $4.99/month · Annual Premium: $39.99/year
Vault entries: Stored locally on your device. Deleted when you delete the entry or your account. Account data: Retained while your account exists. Deleted immediately upon account deletion. Release metadata: Retained for 90 days for operational integrity, then automatically purged. Direct Delivery content: Purged within 24 hours of delivery. Time Capsule content: Retained until delivery date, purged within 24 hours of delivery. Shadow Portrait calls: Anonymized metadata only, not retained after the API response.
Vault data: AES-256 encrypted on-device, protected by Face ID, Touch ID, or device passcode. Server communications: All API calls use TLS 1.2 or higher. Passwords: Hashed using bcrypt. Never stored in plain text. Authentication tokens: JWT with 90-day expiry, invalidated on sign out and account deletion. In the event of a data breach affecting your information, we will notify you within the timeframes required by applicable law.
Regardless of where you live, you have the right to: · Access all data we hold about you · Correct inaccurate data · Delete your account and all associated data instantly (Settings → Delete all my data) · Export your vault data (Settings → Export my data) · Withdraw consent at any time by deleting your account GDPR (EU/UK): Additional rights including data portability and the right to lodge a complaint with your local supervisory authority. CCPA (California): Right to know what personal information is collected and to opt out of sale (we do not sell your data). PDPL (Kuwait): We comply with Kuwait's Personal Data Protection Law requirements. To exercise any of these rights: privacy@embur.world
Aglossal is rated 17+ on the App Store and is intended for users aged 17 and older. We do not knowingly collect personal data from anyone under 17. If we become aware that a user is under 17, we will delete their account and all associated data immediately. If you believe a minor has created an account, contact us immediately at privacy@embur.world.
Aglossal is a personal reflection tool, not a clinical service. It has not been evaluated by any medical or psychological regulatory authority. The crisis detection feature is an automated keyword-matching system — it is not a substitute for professional crisis assessment and does not contact emergency services on your behalf. If you or someone you know is in immediate danger, call your local emergency number. Do not rely solely on this app for crisis support.
Our servers are hosted via Railway on infrastructure that may be located in the United States. If you are located in the EU, UK, Kuwait, or another jurisdiction with data transfer restrictions, your data may be transferred to and processed in the United States. We implement appropriate safeguards as required by applicable law.
We will notify you in-app before any material changes to this Privacy Policy. Continued use after the effective date constitutes acceptance. The "Last updated" date at the top reflects the most recent revision.
Privacy requests and data deletion: privacy@embur.world General support: support@embur.world Aglossal is operated by Embur World. Last updated: April 2026