Privacy Policy for Plai.

Last Updated: May 15, 2026

1. Introduction

Plai. (“we,” “us,” or “our”) respects your privacy and is committed to protecting your data. This Privacy Policy outlines what information we collect, how we use it, and your choices regarding your data.

Plai. is an iPhone journaling app. Journal entries (text, audio recordings, and transcripts) are stored locally on your device and, if you enable iCloud sync, in your private iCloud account. We also operate a small backend service to authenticate accounts and route AI requests to OpenAI. The sections below explain both.

2. Information We Collect

We collect the following types of data:

  • Account Data:When you sign in with Apple, our backend stores your Apple opaque user identifier (“sub”), the email address Apple shares with us (only if you choose to share it; this may be a private relay email), and your account creation timestamp. We use this to identify your account on subsequent requests and to anchor your trial window.
  • Session Tokens: After Sign in with Apple, our backend issues a session token (a JWT, valid for up to 365 days) that your device sends with each AI request. The token is stateless and stored only on your device.
  • Rate-Limit Counters: To prevent abuse, the backend keeps per-day counters of how many AI requests your account has made. No request content is stored — only counts.
  • Subscription Data: When you purchase a subscription or restore access, we receive purchase details from Apple (plan type, localized price, subscription status, transaction identifiers, renewal status, and billing period end dates). This information is stored locally on your device.
  • Usage Data: Including device information, app performance data, crash reports, and general usage analytics to improve the app experience.
  • Content Data: Text entries, voice recordings, transcripts, and any other materials you create within the app. This content is stored on your device and, if you enable iCloud sync, in your private iCloud account. We do not store your journal content on our servers.
  • Biometric Authentication Status: If you enable biometric authentication (Face ID or Touch ID), we access only the success or failure status of the authentication request from your device. No biometric data is stored or transmitted.
  • AI Request Data: When you use voice transcription, Plai. Insights, or other AI-powered features, the relevant content (audio for transcription, or journal text passed as context for a question) is sent from your device to our backend and forwarded to OpenAI in real time. The content is not retained on our backend after the response is returned. See Section 6 for details.
  • Server Logs: Our backend records minimal request metadata (HTTP method, path, status code, response time) for operational monitoring. Request bodies, IP addresses, and journal content are not written to logs.

3. How We Use Your Information

We use the collected data to:

  • Authenticate your account and authorize AI requests from the app.
  • Provide, maintain, and enhance the Plai. experience.
  • Enable optional features like iCloud sync across your Apple devices (if you turn it on).
  • Transcribe your voice recordings and power in-app insights.
  • Enforce reasonable per-user rate limits and prevent abuse.
  • Ensure app security and integrity.
  • Comply with applicable legal requirements.

4. Subscription & Payment Processing

Plai. Plus purchases, renewals, and cancellations are processed through Apple’s in-app purchase system. We do not receive your payment card number or billing address. Apple provides us with transaction identifiers, plan selection, renewal status, and refund or cancellation notices so we can manage your entitlements. You can view or cancel your subscription anytime in Settings > Apple ID > Subscriptions on your device.

5. Data Storage and Security

Your journal data — voice recordings, transcripts, and text entries — is stored locally on your device. If you enable iCloud sync, it is also backed up to your private iCloud account using Apple’s secure infrastructure. We do not have access to your iCloud content, and we do not store your recordings or transcripts on our own servers.

Account data (the items listed in Section 2 under Account Data, Session Tokens, and Rate-Limit Counters) is stored in a managed PostgreSQL database operated by our hosting provider, Railway, in a European Union region. Connections to the backend use TLS. Locally stored data on your device is protected using Apple’s data protection APIs and industry-standard encryption techniques.

6. Third-Party Services

We use the following third-party services to operate Plai.:

  • Apple — Sign in with Apple, iCloud, and App Store: We verify Sign in with Apple identity tokens against Apple’s public keys, rely on iCloud for optional sync, and use Apple’s App Store for billing.
  • Railway — hosting and database: Our backend service and PostgreSQL database run on Railway (EU region). Railway acts as a data processor for the account data described in Section 2.
  • OpenAI — AI processing:When you record audio, search, or ask Plai. Insights a question, the relevant content (audio file, search query, or question and the journal excerpts used as context) is sent from your device to our backend and forwarded to OpenAI for transcription, embedding, or analysis. Our backend keeps the OpenAI API key server-side; it is never embedded in the app. According to OpenAI’s API data-usage policy, input submitted via the API is not used to train their models. We do not retain the content of AI requests on our backend after the response is returned. Note: requests are tied to your account for rate-limiting purposes, so they are not fully anonymous, though we do not transmit your Apple identifier or email to OpenAI.

7. Sharing Your Information

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Data may only be shared in the following cases:

  • With the service providers listed in Section 6 (Apple, Railway, OpenAI) strictly to enable app functionality, under their respective data-processing terms.
  • If required by law or in response to valid legal processes.
  • In the event of a merger, acquisition, or sale, users will be notified of any changes to data handling.

8. Your Rights and Choices

You may:

  • Delete your account and backend data from inside the app. This removes your user record and all associated rate-limit counters from our database. The deletion is immediate; there is no soft-delete or archival period.
  • Delete your journal data at any time by removing the app or clearing local and iCloud data. Because journal content does not live on our servers, account deletion does not affect on-device or iCloud content.
  • Export your journal as Markdownfrom Settings > Data > Export, for backup or external analysis.
  • Control biometric settings via your device preferences.
  • Opt out of iCloud sync through iOS Settings > Apple ID > iCloud > Plai.
  • Request access, correction, or erasure of any personal data we hold (Apple sub, email, rate-limit counters) by emailing us at the address below. Under GDPR and similar laws, you may also have rights to object to processing or to data portability.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in technology, regulations, or business practices. The updated version will be indicated by a revised “Last Updated” date. Continued use of the app after changes means you accept the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or how Plai. handles your data, please contact us at:

Plai.
Email: badgiovi@gmail.com