Privacy Policy
Last updated: July 2026 · antia is in beta: features evolve, and this policy will evolve with them. When it changes in a way that matters, we will publish the change here and, where the law requires it, ask for your consent again.
The short version
- You own all your content — memories, reflections, metadata, voice recordings, photos.
- We do not sell, rent, or monetize your data, and we do not show ads.
- The AI providers we use do not use your content to train their models.
- You can export your memories and life-model data at any time.
- You can delete individual memories, or erase your whole account, yourself from the app.
Who we are
antia is operated by antia Journal, Inc., a Delaware corporation (United States), registered at 131 Continental Dr, Suite 305, Newark, DE 19713, United States (our Delaware registered office). For the purposes of EU/UK data protection law, we are the controller of your personal data. You can reach us about privacy at privacy@antia.io.
antia Journal, Inc. has no establishment in the EU/EEA. For our current EU/EEA and UK beta users, an EU representative (GDPR Art. 27) and a data protection officer are being arranged; we will publish their contact details here as soon as they are appointed. At public launch we will pause new EU/EEA and UK sign-ups until those appointments are in place. In the meantime you can raise anything with us directly at privacy@antia.io, and every right in this policy applies in full.
What we collect
Data you provide: Email, display name, and a hashed password for authentication; an optional date of birth and country; and the memories you capture — text, voice recordings, and photos.
Data we generate: Embedding vectors for memory search and your Route, and metadata such as themes, people, locations, dates, and emotional tone extracted from your memories. This generated data is stored alongside your memories in our cloud database.
Data collected automatically: Product-analytics events linked to your account (via PostHog) to understand feature usage; on the mobile app, crash and error reports (via Sentry); and standard server logs. We log your IP address for security and abuse prevention.
Beta-invite signups: If you request access through an invitation page, we collect your name, email address, the platforms you tell us you'd like to use, and your IP address (for security). Our lawful basis is our legitimate interest (Art. 6(1)(f) GDPR) in running and growing the beta. We use it to send you access and the occasional beta update — every beta email includes an unsubscribe link. It is stored separately from any journal data, never shared or sold, and kept until you create an account or for up to 12 months, whichever comes first. You can ask us to delete it any time at privacy@antia.io.
What we do NOT do
- We do not sell, rent, or monetize your data.
- We do not use third-party advertising trackers or cross-site tracking inside the app.
- The AI providers process your content to deliver features, not to train their models (per their API terms).
How your data is stored
Your memories are stored in our cloud infrastructure on AWS, encrypted in transit (TLS 1.2+/1.3) and at rest (AES-256). The desktop app also keeps a local copy for fast, offline-capable capture; new memories sync to the cloud when you reconnect.
Guest mode works fully offline with data kept on your device. If you are online, a temporary device account is created and your data syncs to the cloud so you can move to a full account later.
Our legal basis for using your data
We only process your personal data where the law allows:
- To provide antia (performance of our contract with you, GDPR Art. 6(1)(b)): creating your account, storing the memories you capture, generating your embeddings, metadata, and Route, and letting you search and reflect.
- Your explicit consent for sensitive content (Art. 9(2)(a)): the memories you write can reveal sensitive things — your health and state of mind, your beliefs, your relationships. Under EU law this is special-category data, and we process it only with the explicit consent you give when you sign up. You can withdraw it at any time by deleting your account; withdrawal does not affect processing that already happened.
- Our legitimate interests (Art. 6(1)(f)): keeping antia secure and preventing abuse (including logging your IP address), and understanding how features are used to improve them. You can object, and you can turn product analytics off (on the mobile app, Settings → Privacy).
- Legal obligation (Art. 6(1)(c)): we keep limited payment and tax records where the law requires.
Third-party processors
- OpenAI and Anthropic — when memories (including voice recordings, which OpenAI transcribes) are sent for transcription, reflection, conversation, embeddings, or Route features. Per their API terms, content is not used to train their models.
- AWS — infrastructure, storage, and database.
- Stripe — payment processing.
- PostHog — product analytics.
- Sentry — mobile crash and error reporting.
- Gmail / SMTP — transactional email (sign-in, password reset).
Where your data goes
Our service providers (including OpenAI, Anthropic, AWS, Stripe, PostHog, Sentry, and our email provider) are based in the United States, so your data is transferred outside the EU/EEA. EU law requires appropriate safeguards for these transfers. Where a provider is certified under the EU-US Data Privacy Framework (and its UK Extension), we rely on that certification. For the rest, we process under contractual terms with each provider that prohibit using your content to train their models, and we are putting formal data-processing agreements — including Standard Contractual Clauses where needed — in place with each provider. You can ask us about the safeguards for any provider at privacy@antia.io.
How antia analyzes your memories
To build your Route and make your memories searchable, antia automatically analyzes what you write — pulling out themes, people, places, and dates, and sensing the emotional tone of a memory, then assembling these into your life model. This is a form of automated profiling, carried out only to provide features you have asked for.
antia does not make automated decisions that produce legal or similarly significant effects about you — it does not decide anything for you; it organizes and reflects your own writing back to you. You can review and edit anything antia infers, and delete any memory or your whole account at any time.
Human review of AI-generated content
Some of what antia generates is shown to you only after a person has checked it. For example, the rare commemorative cards the app may compose (such as an anniversary of your first entry) are reviewed by an authorized member of the antia team for tone, accuracy, and safety before they can ever appear in your app. During the beta, this review is performed by antia's founder.
During the beta, this also happens in the background: the app generates and reviews candidate cards even though no cards are shown to anyone yet — so the system is proven safe before it ever turns on. The rules below apply to that background review too.
We designed this review to see as little as possible:
- The review tool shows only the generated card itself — which can include a short excerpt (a couple of sentences at most) that the AI quoted from one of your entries — never your full journal, your account, or anything beyond the card under review.
- Every review access is logged, with who looked and when.
- Reviewers are bound by confidentiality. Review is used to decide whether a card is shown and to improve the safety of the system that generates them — never for advertising, profiling, or anything unrelated to the feature.
- The same rules apply to any human review of other AI-generated reflective content before it is shown to you.
Our legal basis is our legitimate interest in making sure AI-generated content shown to you is safe and faithful to your words (Art. 6(1)(f)), alongside providing the service you asked for (Art. 6(1)(b)). Where an excerpt reveals sensitive content, this processing relies on the explicit consent you give at sign-up (Art. 9(2)(a)), which specifically names human review of AI-generated content. If you have questions about human review, contact privacy@antia.io.
Your rights
Under EU/UK data protection law you have the right to:
- Access & get a copy of your data — export everything from Settings → Export Data: your memory text and metadata, your voice recordings and photos, your Ask and reflection conversations, and your Route / life-model data.
- Correct anything that's wrong — edit any memory, reflection, or metadata directly in the app.
- Delete your data — delete individual memories in the app (recoverable for 30 days, then permanently removed), or erase your whole account and all associated data from Settings → Delete account (immediate and permanent). You can also email privacy@antia.io and we'll confirm within 48 hours.
- Restrict or object to certain processing, including our use of your data for analytics and the legitimate interests described above.
- Take your data with you (portability) in a structured, machine-readable format.
- Withdraw your consent at any time where we rely on consent (including the explicit consent for your sensitive content). This does not affect anything we did before you withdrew it.
To exercise any of these, use the in-app controls above or email privacy@antia.io. We'll respond within one month.
You can also complain to a data protection authority. Because antia has no establishment in the EU, the one-stop-shop does not apply, and you can lodge a complaint with the supervisory authority where you live (in Spain, for example, the Agencia Española de Protección de Datos — AEPD, www.aepd.es).
Data retention
We keep your account data while your account is active. Deleted memories are recoverable for 30 days, then permanently removed. When you delete your account we erase your data from our live systems immediately; copies in our encrypted backups are overwritten on our normal backup rotation, within 14 days. We keep limited payment records for as long as tax and accounting law requires.
Security
Encryption at rest (AES-256) and in transit (TLS 1.2+/1.3), Argon2 password hashing, refresh-token rotation, and AWS WAF protection. We never store plain-text passwords.
Contact
Privacy questions or data deletion requests: privacy@antia.io
Children
antia is for adults and is not intended for anyone under 16. You must be 16 or older to create an account, and we ask you to confirm this at sign-up. If we learn that someone under 16 has created an account, we will delete it. If you believe a child has signed up, please contact privacy@antia.io.
This policy describes what antia actually does today, checked against how the app is built. antia is beta software: features will evolve, and this policy will evolve with them — material changes are published here and, where required, put to you for fresh consent. The one detail still to be added is our registered mailing address, marked above; everything else stated here is in effect now.