Privacy Policy
Last updated: June 2, 2026
1. Who We Are
Mialo (“we,” “our,” or “us”) is a private voice journaling app. We believe your thoughts belong to you. This policy explains exactly what we collect, where it goes, and your rights.
Mialo is for users aged 16 and older. By using the app you confirm you are at least 16.
2. What Data We Collect
You provide directly:
- Name (max 10 characters) — stored locally on your device only
- Birthday (month, day, year) — stored locally on your device only; used for age validation and a once-yearly birthday reminder
- Voice recordings — recorded locally on your device as audio files. Audio is never uploaded anywhere. Ever.
- Mood tags — emoji mood selections stored locally with each entry
- Text notes — optional written notes stored locally with each entry
- PIN code — stored in your device’s secure enclave (iOS Keychain). Never transmitted anywhere.
Generated automatically:
- Transcripts — generated entirely on your iPhone using Apple’s on-device Speech Recognition. Your voice never leaves your device.
- Apple User ID — an anonymised identifier provided by Apple when you sign in with Apple. This is a random string generated by Apple — not your email, name, or any identifiable information. Stored on our server to authenticate your account.
- Session token — a randomly generated token used to authenticate your requests to our server. Stored on our server alongside your Apple User ID. Nothing else is stored.
- Streak data — consecutive days logged, stored locally.
- Chat history — your conversations with the AI journal chat, stored locally.
What we do NOT collect:
- Your Apple ID email address or name (unless Apple provides it on first sign-in, in which case it is not stored by us)
- Location data
- Health data
- Advertising identifiers or tracking data
- Crash reports
3. How Your Data Is Used
| Purpose | Data Used | Where Processed |
|---|---|---|
| Voice journaling | Audio recordings | On your device only |
| Transcription | Audio files | On your device only (Apple Speech Recognition) |
| Displaying your journal | Entries, transcripts, moods | On your device |
| AI title generation | Transcript text | Our server → OpenAI |
| AI pattern analysis & insights (Pro) | Last 40 journal transcripts | Our server → OpenAI |
| AI journal chat (Pro) | Recent transcripts + chat messages | Our server → OpenAI |
| AI follow-up notifications (Pro) | Recent transcripts | Our server → OpenAI |
| Subscription management | Purchase events | RevenueCat → Apple |
| Birthday notification | Birthday date | On your device |
| App lock | PIN / biometrics | On your device |
4. Voice Transcription
Transcription works differently depending on your plan:
- Journal plan: Audio is transcribed entirely on-device using Apple’s on-device speech recognition. Audio never leaves your device.
- Pro plan: Audio is sent to Apple’s speech recognition servers for higher-accuracy transcription. Apple does not retain or store the audio after processing — it is discarded immediately. This is governed by Apple’s privacy policy. Mialo never receives or stores the audio.
In both cases, Mialo’s own servers never receive audio recordings.
5. AI Features (Pro Tier Only)
When you use Pro AI features, the text transcript of your journal entries is sent to our secure backend server, which forwards it to OpenAI to generate titles, insights, patterns, and chat responses.
We never send:
- Audio files
- Your name or birthday
- Your PIN
- Your device ID or payment information
OpenAI processes data under their Privacy Policy. Under our API agreement, your data is not used to train OpenAI’s models. Transcripts sent to OpenAI are not retained by us after processing.
If you do not use Pro features, your journal data never leaves your device.
6. Data Storage
On your device (private, local):
All journal entries, audio files, transcripts, settings, streaks, and chat history are stored locally using AsyncStorage, expo-secure-store (iOS Keychain for your PIN), and local file system (audio files in the app’s private document directory).
On our servers:
When you sign in with Apple, we create an account on our backend server (hosted on Railway). We store your anonymised Apple User ID (a random string from Apple — not your email or name) and a session token. That is all. No journal entries, no transcripts, no name, no birthday, no email.
7. Third-Party Services
| Service | Purpose | What They Receive | Privacy Policy |
|---|---|---|---|
| Apple / App Store | Payments, OS, Speech Recognition | Purchase events, on-device audio processing | apple.com/privacy |
| RevenueCat | Subscription management | Purchase events, entitlement state | revenuecat.com/privacy |
| OpenAI | AI features — Pro tier only. Processes journal text for insights, chat, and follow-up questions. | Journal transcripts (text only) — no names, voice recordings, or identifying information | openai.com/privacy |
| Railway | Backend server hosting | Anonymous device ID, auth token | railway.app/legal/privacy |
| PostHog | Anonymised usage analytics — feature usage, onboarding completion. No journal content is ever included. | Anonymised event data (e.g. screen views, feature taps) | posthog.com/privacy |
We do not sell, rent, or share your personal data with any third party for advertising, marketing, or any other commercial purpose.
PostHog analytics — full event list:
| Event | Data included |
|---|---|
onboarding_page_viewed | page number, page name |
onboarding_completed | — |
notification_permission | granted: true/false |
apple_sign_in_completed | — |
referral_redeemed | source: “onboarding” |
subscription_started | plan (journal/pro), source (onboarding/paywall_modal) |
paywall_shown | hasJournal: true/false |
recording_saved | duration (seconds), isDailyReflection, hasMood |
What is NOT included in any event: journal content, voice recordings, AI responses, user name, or any personally identifiable information. PostHog links events to an anonymous user ID (Supabase user ID) only.
8. AI Features and Usage Limits
Mialo Pro includes AI-powered features: journal insights, personalised chat, and follow-up questions. These are processed via OpenAI’s API.
- Only the text content of relevant journal entries is sent to OpenAI for analysis
- No names, voice recordings, or identifying information are sent
- AI interactions are subject to a fair-use limit of 100 calls per day per account
- Automated title generation is exempt from this limit
If you do not use Pro features, no journal data is ever sent to OpenAI.
9. Your Rights
You can:
- View all your data — directly within the app
- Delete all your data — Settings → Delete All Data
- Opt out of AI features — simply downgrade from Pro and use Journal
- Delete your account — email support@mialo.app and we will delete your account and all associated data (Apple User ID and session token) from our servers within 30 days
GDPR (EU Users): You have rights under the GDPR including access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21). Our legal basis for processing is performance of a contract and legitimate interests. Contact: support@mialo.app
CCPA (California Users): We do not sell your personal information. Contact support@mialo.app to exercise your rights.
10. Account Deletion
You can delete your account at any time via Settings → Your Data → Delete Account in the app. When you do, the following is permanently and immediately deleted from Mialo’s servers:
- Your account record
- Your Apple User ID reference
- Any AI usage history
Journal entries and audio recordings are stored only on your device and are also wiped locally. Deletion is irreversible and cannot be undone.
Subscriptions: Deleting your account does not cancel your App Store subscription. Active subscriptions must be cancelled separately through the App Store. Mialo cannot process refunds for remaining subscription time.
11. Data Retention
- On-device data: Kept until you delete it or uninstall the app
- Server data: Your account (Apple User ID + session token) is kept while you use the app. Request account deletion at any time by emailing support@mialo.app — we will delete within 30 days
- OpenAI: We do not retain data sent to OpenAI. See OpenAI’s data retention policy for their own practices
12. Children’s Privacy
Mialo is not directed at anyone under 16. We do not knowingly collect data from users under 16. If you believe a child under 16 has used the app, contact support@mialo.app.
13. Changes
We may update this policy. Material changes will be notified in-app. Continued use after notification constitutes acceptance.