Privacy Policy

Dear My Past ("we", "our", or "us") is a personal journaling application that helps you reflect on your life through private daily writing. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service at dearmypast.com.

By using Dear My Past, you agree to the practices described in this policy. If you do not agree, please do not use our service.

Information you provide directly

• Account information — your email address and display name (nickname) when you register.
• Journal entries — the title, content, date, and emotion tag of each entry you write.
• OAuth sign-in data — if you sign in with Google or Apple, we receive your name and email address from those providers. We do not receive your password.

Information collected automatically

• Usage data — basic statistics such as the number of entries written, writing streaks, and session dates.
• Device information — browser type and general device information needed to operate the service.

We do not collect precise location data, sell your data, or use your journal content for advertising.

We use your information solely to provide and improve Dear My Past:

• To create and manage your account.
• To store and display your journal entries securely.
• To calculate writing statistics (streaks, total entries, weekly progress).
• To generate AI-powered reflections based on your journal content (when this feature is enabled).
• To send important service emails (e.g. password reset). We do not send marketing emails without your consent.
• To improve the app based on aggregated, anonymised usage patterns.

We use the following trusted third-party services to operate Dear My Past:

• Supabase — database and authentication infrastructure. Your data is stored on Supabase servers. See Supabase Privacy Policy.
• Google Sign-In — optional OAuth sign-in. See Google Privacy Policy.
• Apple Sign-In — optional OAuth sign-in. See Apple Privacy Policy.
• Vercel — web hosting and deployment infrastructure. See Vercel Privacy Policy.

We do not share your personal data with any third parties for marketing or advertising purposes.

We take the security of your data seriously. Your journal entries are protected by Row Level Security (RLS), meaning only your account can read or modify your entries — not other users, and not our team.

All data is transmitted over HTTPS. We use Supabase's enterprise-grade infrastructure, which includes encryption at rest and in transit.

No method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

We retain your personal data for as long as your account is active. If you delete your account, we will permanently delete your journal entries and personal information within 30 days, except where we are required to retain data for legal or compliance purposes.

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — you can request a copy of the data we hold about you.
• Right to rectification — you can correct inaccurate personal data.
• Right to erasure — you can request deletion of your personal data ("right to be forgotten").
• Right to restriction — you can ask us to restrict processing of your data.
• Right to data portability — you can request your data in a machine-readable format.
• Right to object — you can object to certain types of processing.

Our lawful basis for processing your data is contract (to provide the service you signed up for) and legitimate interests (to improve and secure the service).

To exercise any of these rights, contact us at dmpofficial@dearmypast.com.

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:

• Right to know — you can request disclosure of the personal information we have collected about you.
• Right to delete — you can request deletion of your personal information.
• Right to opt-out of sale — we do not sell your personal information to third parties.
• Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

To submit a CCPA request, contact us at dmpofficial@dearmypast.com.

Dear My Past is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email or through a notice in the app.

Your continued use of Dear My Past after changes are posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: