Is your journaling app actually private? 5 things to check

A journal is the one place you’re supposed to be completely honest. Which makes a journaling app a strange thing to hand your secrets to — because unlike a paper notebook, it can copy, sync, analyze, and sometimes sell what you write.

Most people never check. The app is pretty, the onboarding is smooth, and “privacy policy” is a link nobody clicks. So here are five concrete things worth checking before you pour your inner life into any app — including ours.

1. Is it encrypted — and who holds the key?

“Encrypted” is the most abused word in app marketing. Almost everything is encrypted in transit (that’s just HTTPS — table stakes). The real questions are:

• Is it encrypted at rest, on the server?
• Is it end-to-end encrypted, meaning the company literally cannot read it?

There’s a meaningful difference between “we protect your data” and “we can’t read your data.” Look for the second kind of language. If a policy only ever says it “values” or “protects” your privacy without saying who can access the plaintext, assume someone can.

2. Can the company read your entries?

Separate from encryption: as a matter of policy and access, can a human at the company open your journal and read it?

For a lot of apps the honest answer is yes — support staff, engineers, or automated systems can. That’s not always sinister (debugging, abuse prevention), but you deserve to know. A trustworthy app states plainly whether your content is readable by staff, and minimizes who can.

The test: search the privacy policy for the words “we cannot” or “we never read.” If they’re not there, the company probably can.

3. Is your writing used to train AI?

This is the new one, and it’s important. Many apps now feed user content into AI systems — sometimes to give you features, sometimes to train their models, sometimes both.

Training a model on your journal is a different thing entirely from using AI to help you in the moment. The first means your private words become part of a system that outlives your account. Check specifically for: “we do not use your content to train AI models.” Vague language here is a red flag, because it’s easy to be specific if the answer is genuinely no.

4. Can you get your data out — and truly delete it?

Two rights worth confirming before you start:

• Export. Can you download everything you’ve written, in a usable format (like plain text), whenever you want? If your words are trapped in the app, they were never really yours.
• Deletion. Can you delete your account and all its data, permanently, from inside the app — not by emailing support and hoping? “Right to be forgotten” should be a button, not a favor.

5. What does it collect that it doesn’t need?

The safest data is the data never collected. A journaling app needs very little: a way to log you in, your entries, and maybe a reminder time. If it wants your contacts, your precise location, your ad identifier — ask why. Minimal collection is both a privacy posture and a sign of a company that has thought about this seriously.

How JotMood answers these

We’d rather just tell you our answers than imply them:

1. Encrypted, and your entries sync to your account but stay yours.
2. We can’t read them, and we never sell them. That’s the whole point of the design.
3. Your journal is never used to train AI models. When you ask for an insight, your text is used only to generate your insight — not to train anything.
4. Export everything as plain text, or delete all of it, in two taps. No email, no waiting.
5. We collect the minimum: a login, your entries, and an optional reminder time.

None of this is a flex — it’s just the baseline a journal should meet. If another app meets it too, wonderful; you should still pick the one you trust. Just make sure you checked, because the apps hoping you won’t are exactly the ones worth checking.

If you want a journal built privacy-first from the first line of code, JotMood is free to start — and your honest pages stay honestly yours.