Inner Map Privacy Policy

Effective Date: May 19, 2026
Last Updated: May 19, 2026

Five things we want you to know

Before the legal version, here's the short version. Everything below this section is more detail on the same five points.

Your inner work is private. Your journal entries stay on your phone, encrypted. We genuinely cannot read them.
We don't sell your data, run ads, or share with marketers. Not now, not ever. This isn't a policy we'll quietly change later — it's the reason we built Inner Map.
The AI providers we use don't train on your conversations. Anthropic (for chat) and OpenAI (for voice and transcription) process your conversations to generate replies and then don't retain them. We don't use your data to train any model either.
You can export everything we have on you, or delete your account, at any time. Deletion is real — not soft-deleted, actually deleted from our servers and your device.
Inner Map is a reflection tool, not therapy or medical care. If you're in crisis, please reach out: 988 (US), Samaritans 116 123 (UK), or findahelpline.com (international).

The rest of this policy fills in the detail.

Who we are

This Privacy Policy is published by Innermap LLC, a Florida limited liability company ("Inner Map," "we," "us," or "our"). We operate the Inner Map mobile application available on the Apple App Store and Google Play, and any related services.

You can reach us at:

Privacy questions, data requests: privacy@my-inner-map.com
Support: support@my-inner-map.com
Legal: legal@my-inner-map.com
General: hello@my-inner-map.com
Mailing address: 7100 Camino Real, Ste 302, Office 42, Boca Raton, FL 33433, United States

What this policy covers

This policy applies to the Inner Map mobile application and any services we provide directly through it. It explains what data we collect, how we use it, who we share it with, how long we keep it, and what rights you have.

This policy does not cover third-party services we link to (for example, crisis hotline websites). When you visit those, their own policies apply.

By using Inner Map, you agree to the practices described in this Privacy Policy.

Age requirement

Inner Map is intended only for users 18 years of age or older. We do not knowingly collect data from anyone under 18. During signup, you confirm that you are 18 or older.

If you believe a minor has provided us with personal information, please contact privacy@my-inner-map.com and we will promptly delete the account and any associated data.

Information we collect

We've designed Inner Map to collect the minimum information needed to make the app work. Specifically:

Information you provide

Account identifier. A unique user ID generated when you first install the app. This ID isn't tied to your real name or any external account by default.
Email address (optional). Only required if you want to use the relationship feature (so we can route invites). Otherwise optional.
Display name (optional). A name or nickname you can set for use in the app and in any relationship features. Doesn't need to be your real name.
Conversation content. What you write or say in chat with the AI. Used to generate replies and to maintain context across sessions.
Inner-experience map data. The parts, patterns, and inner-experience structure you map out with the AI's help. This is your work product, and we store it so you can return to it across sessions.
Journal entries. Stored only on your device, encrypted. We do not have copies on our servers.

Information collected automatically

Usage counters. Counts of actions you take (messages sent, voice sessions started, etc.) used for rate-limiting and abuse prevention. Counters only — never content.
Device type and operating system. For compatibility and crash diagnostics.
App version. To know which version of the app you're using.
Approximate timezone. For features that depend on local time (daily check-ins, etc.).

Information from third parties

We may receive information from third parties only in these specific cases:

App store (Apple, Google) — anonymized subscription status if you subscribe. We don't see your payment details; Apple and Google handle those.
Relationship feature partners — if another Inner Map user invites you to connect, we receive an indication that an invite was sent to your contact, but only after you accept does any data exchange begin.

What we don't collect

To make our minimization commitments explicit:

We do not collect phone numbers.
We do not collect physical addresses.
We do not collect government IDs.
We do not collect dates of birth (only age confirmation that you're 18+).
We do not access your contacts.
We do not access your camera or photo library.
We do not track your location.
We do not access your microphone except when you explicitly initiate a voice note or voice session.
We do not use third-party analytics SDKs that track behavior across apps.
We do not use advertising networks.
We do not integrate with social media platforms.
We do not retain voice recordings — they are processed for transcription and discarded.

If we ever begin collecting any of the above, we will update this policy and notify you in-app before the change takes effect.

How we use your information

We use the information described above for these specific purposes, and no others:

What we use	Why	Legal basis (for EU/UK users)
Account identifier	To recognize you across sessions and tie your map to your account	Contract performance
Email (optional)	To deliver relationship invites	Consent
Display name (optional)	To personalize the experience and surface to a connected partner	Consent
Conversation content	To generate AI replies and maintain session context	Contract performance
Inner-experience map data	To persist your work across sessions	Contract performance
Journal entries	Stored locally to enable journaling features	Contract performance (no server processing)
Usage counters	To enforce rate limits and prevent abuse	Legitimate interest in service stability
Device type / OS / version	For crash diagnostics and compatibility	Legitimate interest in service quality
Approximate timezone	For time-of-day features	Contract performance

We do not use your information for:

Advertising or marketing to you or anyone else
Selling, renting, or trading to third parties
Training AI models (ours or anyone else's)
Profiling for any purpose beyond what you'd reasonably expect from the app's stated functionality

How we use AI

Inner Map uses two AI service providers:

Anthropic (for chat)

Your text-based conversations are sent to Anthropic's API to generate AI replies. Per Anthropic's API terms:

Customer data (your conversations) is not used to train Anthropic's models.
Data is processed transiently to fulfill the API request and is not retained by Anthropic beyond standard operational retention windows (typically up to 30 days for abuse monitoring, per Anthropic's data policy).
Anthropic does not share your data with other Anthropic customers.

OpenAI (for voice and transcription)

Your voice sessions and voice notes are processed by OpenAI's Realtime API and Whisper API for transcription and conversational replies. Per OpenAI's API terms for paid tiers:

Customer data is not used to train OpenAI's models.
Voice audio is processed transiently and is not retained.
Transcripts pass through Whisper but are not stored by OpenAI beyond the API call.

What we do with the AI provider relationship

We have contractual agreements with both providers requiring them to handle your data only for the purposes of fulfilling our API requests.
We do not have any agreements with these providers that allow them to use your data for any other purpose.
We monitor our own usage to ensure we're not inadvertently sending more data than necessary to fulfill each request.

What we don't do with AI

We do not train any Inner Map AI model on your conversations.
We do not provide your conversations to any third party for model training.
We do not aggregate your conversations with other users' conversations for any analytical purpose that could identify you.

Where your data lives

On your device (encrypted, never transmitted to us)

Your journal entries, encrypted using AES-256
Your cached chat history (for offline reading)
Your locally-stored preferences

The encryption key is generated on your device at first launch and stored in your phone's secure keystore (Apple Keychain on iOS, Android Keystore on Android). The key never leaves your device. We do not have access to it. We cannot decrypt your journal entries even if compelled to do so.

On our servers (encrypted at rest)

Your account record
Your conversation history (used for AI context)
Your inner-experience map data (parts, wounds, patterns)
Your relationship records (if you use the relationship feature)
Usage counters

All server-side data is stored on Railway's managed PostgreSQL with encryption at rest (AES-256). All communication between your device and our servers uses TLS (HTTPS/WSS) encryption in transit.

Transient processing (third parties, not retained)

AI replies are generated via Anthropic and OpenAI APIs as described in "How we use AI" above. Your data passes through these providers transiently for the purpose of generating responses and is not retained by them beyond their standard operational windows.

How we protect your data

We've designed Inner Map with security-by-design and privacy-by-design principles. Specific measures include:

Encryption in transit: All API calls and WebSocket connections use TLS 1.2+ encryption.
Encryption at rest: Server-side database is encrypted at rest (AES-256). Local journal entries are encrypted at rest on your device (AES-256).
Authentication required: All API endpoints require authentication. Unauthenticated requests are rejected.
Rate limiting: Multiple layers of rate limits prevent abuse of API endpoints (per-user daily caps on chat messages, voice sessions, transcriptions, and data exports).
Anti-brute-force: Invite code endpoints have failure-rate limits.
Log hygiene: Server logs are sanitized to remove any user content, email addresses, invite codes, or other personally identifying information. Logs contain operational metadata only.
Access control: Only essential Inner Map personnel have access to production systems, and access is reviewed regularly.
Backup encryption: Database backups are encrypted and retained per our hosting provider's policies.
Breach notification: In the event of a security incident affecting your data, we will notify you within 72 hours of confirming the breach, in accordance with applicable laws.

We periodically review our security practices internally. As Inner Map grows, we plan to engage external auditors for formal annual reviews.

No system is perfectly secure. We can't promise we'll never have an incident, but we can promise we'll handle one transparently and quickly.

How long we keep your data

We keep your data only as long as we have a reason to.

Account data and inner-experience map: Kept while your account is active. Deleted within 30 days of account deletion.
Conversation history: Kept while your account is active. Used for AI session memory.
Journal entries: Stored only on your device. We have no copies and cannot retrieve them after they're deleted from your phone.
Usage counters: Retained for up to 90 days for rate-limiting purposes, then aggregated or deleted.
Database backups: Retained for up to 30 days per our hosting provider's standard practices, then purged.

When you delete your account, your data is removed from our active systems immediately and from backups within 30 days.

Your rights and choices

You have the following rights regarding your data:

Access

You can request a copy of all the data we hold about you on our servers. The app has a built-in export function: Settings → Privacy → Export My Data. The export is delivered as a JSON file via your phone's share sheet (so you can save it to Files, send it to yourself via email, etc.).

Deletion

You can delete your entire account from within the app: Settings → Privacy → Delete My Account. This removes your data from our active systems immediately. It cascades to all related tables — sessions, parts, journal references, relationship data — and triggers your device to clear local encrypted storage.

Deletion is permanent. We cannot restore an account once deleted.

Correction

If something we've stored is wrong (an email address typo, for example), you can correct it via Settings, or by contacting privacy@my-inner-map.com.

Withdrawal of consent

If you've consented to specific uses of your data (for example, providing an email for relationship invites), you can withdraw that consent at any time by removing the relevant data from Settings.

Portability

The export function described above gives you a machine-readable copy of your data so you can move it elsewhere if you choose.

Objection

If you object to any specific processing we do (beyond what's necessary to run the app), please contact privacy@my-inner-map.com and we'll discuss what we can do.

How to exercise your rights

The fastest way is in-app: Settings → Privacy has export and deletion buttons that handle most requests instantly.

For anything not handled in-app, email privacy@my-inner-map.com. We aim to respond within 7 business days, and complete your request within 30 days at the latest.

If you don't think we've handled your request appropriately, you have the right to lodge a complaint with your local data protection authority.

Crisis resources & important disclaimers

Inner Map is a reflection tool, not therapy. The AI is not a licensed mental health professional. It cannot diagnose, treat, or replace clinical care.

If you are in crisis or considering harm to yourself or others, please reach out to:

United States: 988 (Suicide & Crisis Lifeline) — call or text
United Kingdom: Samaritans 116 123 (free, 24/7)
International: findahelpline.com for crisis resources in your country
Emergency: Your local emergency number (911 in the US, 999 in the UK, 112 in much of Europe)

The Inner Map AI is configured to recognize crisis indicators and surface these resources during conversations. But the AI is not a crisis intervention service. Please reach out to a human if you need help.

Inner Map is not HIPAA-covered. We are not a healthcare provider, we do not bill insurance, and we do not have a clinical relationship with you. While we treat your data with care comparable to clinical privacy standards, we are not a "covered entity" under HIPAA.

Children's privacy

Inner Map is not intended for users under 18. We do not knowingly collect personal data from anyone under 18.

If you are a parent or guardian and believe your child has provided personal information to Inner Map, contact privacy@my-inner-map.com and we will delete the account and associated data.

Different countries have different age thresholds for digital consent. Regardless of local law, Inner Map's product policy is 18+ only.

International users

Inner Map is available worldwide. Our servers are located in the United States.

If you access Inner Map from outside the United States, your data will be transferred to and processed in the United States. We treat all users' data according to the same privacy standards described in this policy, regardless of where you live.

For users in the European Economic Area, the United Kingdom, Switzerland, or other regions with strict data protection laws, we apply GDPR-equivalent protections globally. See the EU/UK-specific section below for details on your rights under GDPR.

For California residents (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to know what personal information we collect, how we use it, and who we share it with. This policy provides that disclosure.
Right to delete your personal information. Use the in-app deletion feature or email privacy@my-inner-map.com.
Right to correct inaccurate information. Available via Settings or by email.
Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. Inner Map does not sell or share personal information for advertising purposes. The "Do Not Sell or Share My Personal Information" choice is therefore the default state of your account; no action is required.
Right to limit the use of sensitive personal information. Inner Map processes conversation content (which may include sensitive personal information) only to provide the service. We do not use it for any other purpose.
Right to non-discrimination for exercising any of these rights.

To exercise these rights, use the in-app tools or contact privacy@my-inner-map.com.

For EU/UK residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the EU General Data Protection Regulation (GDPR), UK GDPR, and Swiss Federal Act on Data Protection:

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing in certain circumstances
Right to data portability
Right to object to processing based on legitimate interests
Right to withdraw consent where processing is based on consent

Legal bases for processing: We process your data based on (1) the performance of our contract with you (delivering the app's core functionality), (2) your explicit consent (for optional features like the relationship invite system), and (3) our legitimate interest in maintaining service stability and security (for usage counters, rate limiting, and crash diagnostics).

Data Protection Officer: Inner Map has designated a contact for privacy matters at privacy@my-inner-map.com. You can also write to Innermap LLC, 7100 Camino Real, Ste 302, Office 42, Boca Raton, FL 33433, United States.

Right to lodge a complaint: If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority.

International transfers: Your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and equivalent safeguards to ensure your data receives equivalent protection.

When we might say no to a request

We will respect your privacy rights to the fullest extent possible. There are a few cases where we may not be able to fully honor a request:

When we need the data to keep the service running. For example, we cannot delete your active account while you're still using it; you'd need to delete the account first.
When the law requires us to keep it. Certain records (financial, legal) may need to be retained for a defined period.
When fulfilling the request would affect another person's privacy or safety. For example, if your data is intertwined with a partner's data in a relationship record, we may need to handle the deletion in a way that protects them too.
When the request is unreasonably broad or repetitive. For example, we may decline a request for the same export delivered 100 times in a day.

If we cannot fulfill a request, we will tell you why and offer an alternative where possible.

Changes to this policy

We may update this Privacy Policy from time to time. When we do:

We will update the "Last Updated" date at the top.
For material changes (changes that affect what we collect, how we use it, or who we share it with), we will notify you in-app before the change takes effect.
We will not retroactively apply weaker protections to data we've already collected.

We encourage you to review this policy periodically.

How to contact us

For privacy questions, data subject requests, or concerns about how we handle your information:

privacy@my-inner-map.com

For general support:

support@my-inner-map.com

For legal and compliance matters:

legal@my-inner-map.com

For everything else:

hello@my-inner-map.com

By mail:

Innermap LLC
7100 Camino Real, Ste 302, Office 42
Boca Raton, FL 33433
United States

This privacy policy was written in plain language because privacy matters and policies should be readable. If anything here is unclear, please ask — privacy@my-inner-map.com.