ThoughtoxThoughtox

Privacy Policy

Last Updated: March 20, 2026

Thoughtox is a private writing product, not a social network. This page describes what we store, what gets sent to third parties, what stays temporary, and where deletion has timing limits.

1. What We Collect

Account

Your Google account identifier and email address. We do not store passwords for the current product flow. Sign-in and deletion verification are handled through Google OAuth.

Thought Content

The text you submit, the time it was created, and the minimum state needed to save it and show it back to you later.

AI-Derived Fields

When you ask for AI reflection, the text is sent to OpenAI's API. We store the returned reflection text, any short acknowledgment attached to it, and the reflection status needed to show that result back to you later. We do not use these fields for advertising.

Metadata

Timestamps, moderation status, crisis flag state, reflection status, and your saved pre-submit intensity score. These are required for history, safety routing, and rate limits.

Guest Sessions

If you use Thoughtox without an account, your entry is stored in a temporary guest session so the page can keep working. Guest sessions are cookie-backed and expire automatically. They are not anonymous in the technical sense; they are just temporary and not tied to a signed-in account.

In-Browser Signals

Typing speed and similar interaction signals are analysed locally in your browser to help pace the writing experience. The raw typing metrics are not stored on our servers. A derived intensity value may still be sent when you submit an entry.

Offline Queue

If you submit a thought while offline, it is temporarily stored in your browser's local storage (thoughtox_offline_queue) until a connection is restored and the entry syncs. It is removed from local storage immediately after a successful sync.

Security Logs

IP address and user agent, retained for up to 90 days for abuse prevention and access auditing. Under GDPR, the legal basis for this processing is our legitimate interest in securing the platform.

Usage Data

Error logs and feature usage signals (e.g. which tabs you use) to identify bugs and breakages. We do not retain your full thought text inside operational AI request logs.

2. What We Do Not Collect

  • We do not collect or store biometric data.
  • We do not use advertising trackers or third-party analytics SDKs.
  • We do not read your Google contacts, calendar, or any data beyond what Google OAuth provides for sign-in.
  • We do not use your thought content to train AI models — ours or anyone else's.

3. OpenAI and Data Processing

Your thought text is sent to OpenAI's API only when you request an AI reflection. This is the only third-party service that receives your thought content.

Under OpenAI's API data usage policy, data submitted via the API is not used to train OpenAI's models by default. OpenAI may retain API inputs and outputs for up to 30 days for abuse monitoring, after which they are deleted. We have no ability to delete data from OpenAI's systems within that window.

If this is a concern, you should know it before you use the service, not after.

4. Encryption

Thought text and saved reflection text are encrypted at rest using field-level encryption. Data in transit is protected via TLS.

5. Crisis Detection

Certain language patterns trigger a crisis flag on your entry. When this happens, the entry is saved, AI reflection is paused, and you are shown help-now resources. The crisis flag is stored as private metadata. We do not claim real-time monitoring.

6. Moderation and Limited Review

Most entries are handled automatically. A small subset may be reviewed by authorized staff when they are escalated for abuse prevention, safety handling, or a user report about an AI output. We do not run a general human-reading program over everyone's journal entries.

7. Retention and Deletion

Your data is retained for as long as your account exists. Deleting your account from Settings disables account access immediately. Thought entries, saved reflections, metadata, and your profile are then scheduled for permanent deletion from our database after 7 days. If you sign back in during that 7-day window, the pending deletion is canceled and the account is restored.

Security logs are purged on a 90-day rolling window. Account-deletion timing above describes the primary database used by the product runtime.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data; to restrict or object to certain processing; and to lodge a complaint with a supervisory authority. To exercise any of these rights, email us at toxthotox@gmail.com. We will respond within 30 days.

You can request a full account export from Settings at any time.

9. Minors

Thoughtox is not intended for users under 16. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, contact us at toxthotox@gmail.com and we will delete it promptly.

10. Infrastructure

  • Google Cloud Run — application hosting.
  • Google Cloud SQL — primary database hosting.
  • Google Cloud infrastructure — supporting cache and storage services when enabled.
  • OpenAI API — AI processing of submitted thought text only.
  • Google OAuth — authentication only. No other Google data is accessed.

11. Changes to This Policy

If we make a material change — particularly one that affects how thought content is processed or shared — we will notify you before the change takes effect. The "Last Updated" date at the top will always reflect the current version.

Questions about this policy? toxthotox@gmail.com