Is your journal app actually private? What to look for

Every journaling app says it's private. The marketing pages all use the same words. End-to-end encryption. Your data is yours. We can't read it. Most of them are not lying exactly, but the way they use these phrases doesn't always mean what readers think it means.

If you're about to trust an app with things you don't say anywhere else, it's worth knowing what to actually check. Most of it takes about five minutes of looking around.

The first question: who can read your entries?

Open the app's privacy policy and find the section about data access. The question you're answering is simple. If a court order arrived tomorrow, could the company hand over your entries in readable form?

If the answer is yes, the app is not private. It might be secure (your data is protected from outside attackers), but the company itself can read what you wrote. Most journaling apps fall into this category, including some of the largest ones.

True privacy means the company can't hand over what they don't have. End-to-end encryption with keys held only on your device is the version where 'we can't read your entries' is actually true.

End-to-end encryption vs. 'encrypted in transit'

These are not the same thing, but they get conflated constantly in marketing copy.

Encrypted in transit means data is protected on its way from your device to the server. This is the bare minimum any modern app should do. Once your data hits the server, it's typically readable by the company. This is what most 'encryption' claims actually refer to.

End-to-end encrypted means your entries are scrambled before they leave your device with a key only you have. The server stores ciphertext. The company can't read it, even if they wanted to. If a privacy page is vague about which version they mean, assume the weaker one.

What 'your data stays on your device' should actually mean

If the app syncs across devices, your data has to travel somewhere. The question is what form it travels in and what the receiving server can do with it.

Some apps store everything locally with no sync at all. That's the strongest privacy guarantee, but you lose the journal if you lose the phone. A better model: sync, but everything that leaves the device is encrypted with a key the server doesn't have.

The business model question

If a journaling app is free and shows ads, ad networks are part of how it makes money. That usually means some form of behavioral data leaves the device, even if the entry content itself doesn't. Crash logs, usage patterns, time-of-day data: all of it can be analyzed and sold.

Subscription-funded apps don't have this conflict. The business runs on whether you renew, not on what advertisers can learn about you. This is worth paying for if you're writing the kind of things journals actually hold.

The export and delete test

Try both before you trust an app with a year of writing:

• Export: can you get every entry out in a usable format (markdown, text, JSON)? If not, your writing is hostage to the app's survival.
• Delete: when you delete an entry or your whole account, does the app explain what actually happens? Is the data removed from backups within a reasonable window? Vague answers are a red flag.

The trust question for closed-source apps

Most apps are closed-source, meaning the privacy claims can't be independently verified by reading the code. That doesn't automatically mean the claims are false. It means trust is based on the company's reputation, their incentive structure, and their transparency about how the app actually works.

Ask: does the company explain technical details when pressed? Have they had third-party security audits? Is the privacy policy specific, or full of escape hatches like 'except as required by law' and 'we may share with partners'?

A short checklist

• End-to-end encryption, explicitly named, not vague 'encryption' claims.
• Keys held on your device, not on the company's servers.
• Business model that doesn't depend on your data.
• Working export to a portable format.
• Specific deletion policy, not vague phrasing.
• Privacy policy without broad sharing clauses.

The Innera version

Innera is built around this checklist. End-to-end encrypted with keys on your device only. Subscription-funded, so the business doesn't depend on your entries. Full export. Specific deletion. The privacy claim is what the app is actually for, not a marketing line on the landing page.

Run this checklist on whichever app you're considering. Most fail at least two of these. The ones that pass are the only ones worth trusting with the things you can't say out loud.