Privacy Policy for Palimpsest

Effective: April 1, 2026 · Last updated: April 1, 2026

Palimpsest is a journaling app for iPad where you write by hand and an ancient entity living in the ink responds. This policy explains how we handle your data to create this experience while keeping your journal private.

1. Our Privacy Philosophy

Palimpsest is built on the principle of Privacy by Design. We do not use accounts, we do not track your behavior, and we never see your journal entries. Most processing happens directly on your device. When we must reach external services (like AI), your requests are routed through a secure proxy so that our AI partner never sees your IP address.

2. What We Collect & Process

Handwritten Text & Images — Your handwriting is converted to text on your device using on-device recognition. If your writing is difficult to read, a temporary compressed image of the entry may also be sent to our AI partner to ensure the entity understands you.

Conversation History — To maintain a coherent conversation, the entity receives a short window of your recent exchanges (up to the last 10 messages). This history is sent alongside each new message and is not stored on any server.

Memory Notes — The entity may remember personal details you share (like your name or interests). These are extracted by the AI, encrypted on your device, and stored in the iOS Keychain. These notes shape the entity's voice and greetings.

Technical Identifiers (IP Addresses) — We do not link your data to a name or email. Your requests to the AI are routed through a Cloudflare Worker proxy, so Anthropic (our AI partner) does not see your IP address. However, your IP address is processed by Cloudflare as part of standard network routing, and it is included in crash reports sent to Sentry to help us diagnose technical issues.

Purchase Data — Transactions are handled by Apple and RevenueCat. We see only an anonymous transaction ID and the product purchased. We never see your credit card or billing info.

3. How We Use Your Data

To Generate Responses — We send your text and recent conversation history to Anthropic (Claude) through a Cloudflare Worker proxy so the entity can respond.

To Personalize the Experience — We use Memory Notes stored on your device to help the entity recognize you over time.

To Fix Crashes — If the app encounters an error, a technical report is sent to Sentry. We strip request bodies and apply additional scrubbing to minimize the chance of journal content appearing in these reports. Sentry receives your IP address as part of the report.

To Recognize Handwriting — Google ML-Kit processes your handwriting locally on your iPad. No handwriting data is sent to Google. However, the ML-Kit library may send basic anonymous telemetry about feature usage to Google as part of its standard infrastructure.

4. Third-Party Services

We partner with a small number of services to provide the app's features. Each operates under the terms of their respective privacy policies.

Anthropic (Claude) — Generates responses. They do not use API data to train their models. Data is retained per their data retention policy. Your IP address is not shared with Anthropic.
Anthropic Privacy Policy

Cloudflare — Our requests to the AI are routed through a Cloudflare Worker, which acts as a proxy. This means Anthropic sees the proxy's address instead of yours. The Worker processes your request data in transit before forwarding it to Anthropic. Cloudflare processes your IP address as part of standard network routing.
Cloudflare Privacy Policy

RevenueCat — Manages in-app purchases. Receives an anonymous device identifier, basic device information, and transaction data from Apple.
RevenueCat Privacy Policy

Sentry — Collects technical error and crash reports. We strip request bodies and scrub reports to minimize journal content exposure. Sentry receives your IP address as part of the report.
Sentry Privacy Policy

Google ML-Kit — Provides on-device handwriting recognition. No handwriting data is sent to Google. The ML-Kit library may send basic anonymous telemetry about feature usage to Google.
Google Privacy Policy

5. Data Storage & Security

On-Device Storage — Your journal and memories live on your iPad. We do not operate user-facing servers or cloud accounts. Conversation history is stored in a local database on your device, protected by your iPad's built-in security (passcode, Face ID). Memory Notes are additionally encrypted by the app and stored in the iOS Keychain. Your ink balance is also stored securely in the Keychain.

Device Backups — If you use iCloud Backup, your conversation history database may be included as part of your standard device backup to Apple's servers. Keychain items (Memory Notes, encryption key, ink balance) are restricted to your device and do not sync via iCloud.

Encryption — Memory Notes are encrypted on your device before being stored. The encryption key is generated on your device, stored in the iOS Keychain, and never leaves it.

AI Transparency — Responses are generated by Artificial Intelligence. While we use safety filters, AI may occasionally produce inaccurate or unexpected content.

6. Your Rights & Controls

Because we don't have accounts, you exercise your rights directly on your device:

Access — You can view your Memory Notes inside the app by tapping "Palimpsest." Past conversations are not browsable.

Deletion — Use the "Forget Everything" button in the app to permanently wipe all conversations and Memory Notes from your device. Your ink balance is preserved so purchased ink is not lost. Data previously sent to third-party services is subject to their retention policies (see Section 7).

Uninstalling — Deleting the app removes your conversation history. However, data stored in the iOS Keychain (Memory Notes, ink balance, encryption key) may persist on the device. To fully remove all data, use "Forget Everything" before uninstalling.

EU/UK Users (GDPR) — Our legal basis for processing is Contractual Necessity. Since data is stored locally, you have full control over your Right to Erasure via the controls described above. If you have questions or wish to exercise your data rights, contact us at kins.cabin@gmail.com — we will respond within 30 days. You also have the right to lodge a complaint with your supervisory authority. For users in Bavaria, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

7. Data Retention

Data stored on your device remains there until you delete it using "Forget Everything" or uninstall the app (see above for what each removes). Data processed by third-party services is retained according to their own policies, linked above.

8. International Data Transfers

Some of the third-party services we use are based in the United States (Anthropic, Cloudflare, Sentry, RevenueCat, Google). When data is processed by these services, it may be transferred outside the European Economic Area. These providers rely on approved transfer mechanisms such as Standard Contractual Clauses or the EU-US Data Privacy Framework to ensure your data is protected in accordance with European law. Sentry error data is processed and stored in the European Union.

9. Children's Privacy

Palimpsest is not intended for children under 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

If we make meaningful changes to this policy, the updated version will be posted at this URL with a new effective date. Continued use of the app after changes are posted constitutes acceptance of the updated policy.

11. Contact

Questions? Reach out to kins.cabin@gmail.com.

Palimpsest is a product of Elif Selin Adic / kinscabin, based in Munich, Germany.