Privacy

Privacy policy

Last updated May 2026

Stoah is a personal thinking notebook. This policy describes what data we collect, how we use it, and the choices you have.

In short

• Your entries are encrypted on your device before they leave it. We can’t read them.
• When you use AI features, the relevant entries are decrypted on your device and sent through our servers to Google’s Gemini API to generate a response. We don’t store the plaintext.
• We collect the minimum identity needed to give you an account (email, name from your sign-in provider).
• We don’t sell or share your data with advertisers.
• You can delete your account and all server-side data from inside the app at any time.

What we collect

Account identity

When you sign in with Apple or Google, we receive your email address, a stable identifier from the provider, and (if you grant it) your name. We store these so we can recognise you across devices.

Encrypted content

Your entries, conversations, attachments, themes, and tags are encrypted on your device using a key derived from your PIN. We store the ciphertext on our servers so it can sync between your devices. We can’t decrypt it.

Account metadata

A unique account id, when the account was created, when you last signed in, and a record of which sync rows belong to you (without their contents).

Diagnostic data

If the app crashes or hits an error, we send a crash report (stack trace, OS version, app version, an anonymous account id) to Sentry. Crash reports don’t contain your entry text.

AI features

Stoah uses Google’s Gemini model for daily recaps, theme summaries, conversational follow-ups on an entry, and search suggestions. When you actively trigger one of these features:

• The relevant entries are decrypted on your device.
• The plaintext is sent to our backend over HTTPS.
• Our backend forwards it to the Gemini API with our API key, in memory, and does not persistently store the plaintext.
• The response is sent back to your device.

We keep an audit record of which AI calls happened (a hash of the input, a hash of the output, timestamps, token counts) so we can investigate abuse or correct mistakes. The raw text isn’t stored.

Per Google’s Gemini API terms, Google does not use API content to train its models when called with our API key.

If you don’t use AI features, your entries never leave your device in plaintext.

Where your data lives

• Encrypted entries and account records: Railway (Postgres hosting in the EU).
• AI processing: Google Cloud (Gemini API).
• Crash reports: Sentry.

Third parties

Apple and Google sign-in providers receive only the sign-in event, governed by their own privacy policies. We use Google Gemini for AI, Sentry for crash reporting, and Railway for backend hosting. We don’t share your data with anyone else.

Your choices

Delete

You can delete your account and all server-side data from inside the app: Settings → Account → Delete account.

Withdraw

Sign out and uninstall the app to stop new data being collected. Server records you’ve already created remain until you delete your account.

Data retention

We keep your account data for as long as your account exists. When you delete your account, we remove your records from our database within 30 days. Crash reports are retained per Sentry’s standard retention policy.

Children

Stoah is not intended for users under 13 (under 16 in the EU). We don’t knowingly collect data from children.

Changes

If we change this policy in a material way, we’ll show you a notice the next time you open the app. Minor edits are reflected in the “Last updated” date above.

Contact

Questions? Email feedback@stoah.io.