Odyssey Privacy Policy

Effective: February 26, 2026

Overview

Odyssey is a personal wellness journaling app designed to help you reflect on your mental health and life journey. We believe your data is deeply personal and should stay that way.

By default, Odyssey stores everything on your device—no account required, no servers involved. Your journal entries, mood data, location snapshots, and health information never leave your iPhone unless you explicitly choose to enable optional cloud backup.

This privacy policy covers both modes:

Local mode (default): Everything stays on your device
Cloud backup mode (optional): End-to-end encrypted backup to our servers

We don't track you, we don't show ads, and we never sell your data.

Data We Collect

Always Collected (Local Storage)

These data are stored locally on your device via SwiftData and never leave your iPhone unless you enable cloud backup:

Journal Entries: Your written reflections, mood ratings, feelings, gratitude notes, wins, tensions, and drink tracking
Location Data: Once per day, Odyssey captures your location and reverse-geocodes it to a city, state, and country. The precise latitude/longitude is stored, but we only display the city/state/country in the map visualization
Health Data: Steps walked, walking distance, and sleep hours—read directly from Apple HealthKit. We never modify your health data
Screen Time Data: Daily total app usage time and pickup count, captured via Apple's DeviceActivityMonitor. This helps you understand your digital wellness context
Photos: Read-only access to your photo library to display photos from the current day in your journal entries. Photos are never saved by Odyssey

Health Data Notice: Health data collected from Apple HealthKit is never used for advertising, never shared with third parties, and never sold. Per Apple's guidelines, Odyssey uses health data solely to provide in-app wellness insights.

Optional Cloud Backup (When You Create an Account)

If you choose to create an account for cloud backup, we encrypt and upload the following:

End-to-end encrypted fields (AES-256-GCM): Your journal entries, gratitude notes, wins, tensions, single-word feelings, and precise location (latitude/longitude, city, state, country). Your encryption key never leaves your device or iCloud Keychain—we cannot decrypt this data even if we wanted to.
Plaintext metadata: Mood score, sleep quality rating, feeling color, drinks count, step count, walking distance, sleep hours, screen time seconds, pickup count, and entry dates. This metadata is stored unencrypted to enable filtering and searching in the app
Authentication: Your account is authenticated via Clerk, which supports Apple Sign-In and Google Sign-In. Clerk receives your authentication identifiers but does not have access to your encrypted journal data

Your encryption key is derived from your device identity and stored in iCloud Keychain. Even if our servers are compromised, your journal content remains encrypted.

How We Use Your Data

We use your data solely to provide Odyssey's features. Specifically:

Journal entries, mood data, and feelings are displayed in your Daily entries and Insights tabs
Location data powers the map visualization showing everywhere your journey has taken you
Health and Screen Time data populate the Insights dashboard (mood trends, health milestones, digital wellness awareness)
All data (in-app) helps generate your Year in Review summary

We do not:

Use your data for advertising or marketing profiling
Share your data with third parties (except Clerk for authentication if you create an account)
Use analytics or tracking SDKs to monitor your behavior
Sell your data

Data Sharing & Third Parties

Local Mode

Your data never leaves your device. No servers are involved. No third parties have access.

Cloud Backup Mode (Optional)

Clerk (Authentication): If you create an account, Clerk authenticates your identity via Apple Sign-In or Google Sign-In. Clerk does not have access to your encrypted journal data
Cloudflare Workers (API): Your app communicates with our API hosted on Cloudflare Workers to sync encrypted data and metadata. Cloudflare does not have your encryption key and cannot decrypt your journal
Neon Postgres (Database): Your encrypted journal ciphertext and metadata are stored in a Neon Postgres database. Your encryption key remains on your device

In all cases, your encrypted journal content is never accessible to us. We only see ciphertext, and your key never leaves your device.

Data Retention & Deletion

Local Mode

Your data is deleted when you uninstall the app. If you want to delete individual entries, you can do so in the Journal tab.

Cloud Backup Mode

You can delete your cloud account at any time from the Profile tab. Deleting your account immediately removes all server-side data (both encrypted and plaintext copies). This is a permanent action.

For GDPR/data subject requests or to verify deletion, contact john@johnjlarkin.com.

Your Rights

Data Access & Export

You can export your local data as CSV from the Profile tab. This includes all journal entries, mood data, location, and health information.

Data Deletion

Local mode: Uninstall the app or delete entries individually
Cloud backup mode: Delete your account from Profile → Account Settings

GDPR / CCPA Rights

If you reside in the EU, California, or another jurisdiction with data privacy laws, you have the right to:

Access your data (CSV export)
Delete your data (uninstall app or delete account)
Request a data portability report
Opt out of optional features (cloud backup)

To exercise these rights or submit a data subject request, email john@johnjlarkin.com with your name and the email associated with your account (if applicable).

Children's Privacy

Odyssey is not directed at children under 13. We do not knowingly collect data from children under 13. If we become aware that we have collected data from a child under 13, we will delete it immediately.

If you are under 18, please ask a parent or guardian before using Odyssey or creating an account.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by updating the "Effective" date at the top of this policy. Your continued use of Odyssey after such updates constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy, your data, or how Odyssey handles your information:

Email: john@johnjlarkin.com
GitHub Issues: johnlarkin1/odyssey/issues

We're committed to protecting your privacy and will respond to all inquiries within 10 business days.

Last updated: February 26, 2026