Privacy Policy
Effective date: July 13, 2026 (beta)
Provided by: the Loomy team (“we”, “us”, “our”)
Loomy is in an invite-only beta. This policy reflects the app's actual
data practices during the beta and will be finalized (including formal legal review) before
general availability. 本政策以英文版本为准。
The short version
Loomy is a private, local-first journal. Your entries, photos, voice notes,
location history, and health readings are stored on your device — we do not keep
a copy of your journal on a server.
- Your journal is never uploaded to us. It lives in an on-device database;
beta access is granted with an invite code.
- No advertising, no analytics, no trackers, and no sale of your data. Ever.
- Cloud AI is used only when you choose an AI feature (writing
a summary, transcribing a recording, generating an album cover, or a health report). At that
point the relevant content is sent for processing and a result is returned — see
AI features.
- Connecting a wearable (Whoop or Oura) or Apple Health is optional and
you authorize it yourself. Apple Health data is read on your device and is not sent to us.
- You can export all your data at any time and erase everything from
the device with one tap.
This is a summary; the full policy below controls.
1. Scope
This policy explains how the Loomy mobile app handles information. It does not cover
third-party services you connect to Loomy (such as a wearable service or your device platform), which are
governed by their own privacy policies.
2. Information stored on your device
Loomy keeps your content locally in an on-device database and file storage.
This includes, depending on how you use the app:
- Journal entries — text, and the AI-polished versions of them.
- Media — photos you attach and voice recordings you make.
- Location history — GPS points collected in the background (if you grant the
permission), and the “stays”/trips derived from them, plus any places you name.
- Health & wellness data — recovery, sleep, strain, steps, active energy,
workouts and similar metrics synced from a connected wearable or read from Apple
Health (on-device, iOS only), and the mood/energy/body ratings you enter.
- Preferences & settings — language, timezone, reminder time, and similar.
- Credentials — access tokens for wearables you connect are stored in the
device's secure keystore (iOS Keychain / Android Keystore).
We do not transmit this on-device data to us. Some of it is sent to third-party processors
only in the specific situations described in Sections 3–5.
3. AI features and what gets sent
When you use an AI feature, Loomy sends the content that feature needs to a third-party
AI provider, which processes it and returns a result. Requests are relayed through
our own service, which does not store your content.
| When you… | What is sent for processing |
| Compose / “lay out” a day | The day's journal text, a compact digest of that day's metrics, and place/timeline context |
| Transcribe a voice note | The audio recording for that clip |
| Generate an album cover | A short text prompt derived from the day's summary |
| Generate a health report | A de-identified statistical digest (averages, correlations, symptom counts) — not your raw entries |
The provider processes this data on our behalf, solely to return the result, under its own
terms. We do not use your content to train any model. If
you never use AI features, no journal content leaves your device through this path.
AI output can be wrong or incomplete and is not professional, medical, or
mental-health advice (see the Terms of Service).
4. Location, weather, and maps
If you grant location permission, Loomy logs your location in the background to build your
daily “footprint” and timeline. This processing happens on your device — your raw
location trace is not uploaded to us or to a routing service. Narrow exceptions send limited
location data to third parties so those features work:
- Weather: approximate coordinates are sent to retrieve local
weather for an entry from a weather service.
- Naming a place / address search: the coordinates or text you search are sent
to a mapping and places provider to resolve a place name.
- Map tiles: map-tile coordinates near your locations are
requested to draw the faint background map.
You can decline or later revoke location permission in your device settings; those features
degrade gracefully.
5. Third parties who may process your data
- AI provider — generates summaries, transcriptions, images and reports, as above.
- Mapping / places provider — resolves place names when you search for one.
- Whoop, Oura — if you connect them, Loomy fetches your data from their APIs using
access you grant via their login. Your relationship with them is governed by their policies.
- Apple Health (HealthKit) — if you enable it (iOS only), Loomy reads health
metrics from the Health app locally on your device. This is an on-device read; your
Apple Health data is not transmitted to us or to any third party, and is used only within the
app (and never for advertising).
- Weather provider — weather lookups.
- Map-tile provider — map tiles.
- Hosting / infrastructure provider — runs the service that relays AI requests.
To prevent abuse, basic request metadata (such as IP address) is processed for rate-limiting;
it is not used to profile you, and your journal content is not stored there.
- Apple / Google (platform) — app distribution, local notifications, and — if you
have device backup enabled — your app's data may be included in your encrypted
iCloud/Google device backup, controlled entirely by your own device account settings
(not by us).
We have no advertising, analytics, attribution, or crash-reporting SDKs in the
app, and we do not sell or rent your information to anyone.
5a. The waitlist (loomyjournal.com)
If you ask for an invitation on our website, we store the email address you give
us, the optional note you write, and the language you were reading the site in. That
is the only personal data we collect on a server, and we use it for exactly one purpose: to send
you an invitation code. We do not add you to a newsletter, we do not use it for advertising, and
we do not share or sell it.
Your journal is not connected to this in any way — signing up to the waitlist does
not create an account, and no journal content ever reaches our servers.
Write to us at the address in Section 13 and we will delete your waitlist entry.
6. Permissions we request
- Location (incl. background) — to auto-capture your daily footprint, stays, and
weather/city context. Optional.
- Microphone — to record voice notes you dictate. Optional.
- Photo library — to attach photos to entries and to save generated album covers.
Optional.
- Notifications — to deliver your daily reminder. The notification text never
contains your health data or entry content. Optional.
- Face ID / Touch ID — only if you enable App Lock, to unlock the app. Biometric
data never leaves the device and is handled entirely by the OS.
- Apple Health (HealthKit) — only if you connect Apple Health (iOS), to read
steps, active energy, and sleep. Read on-device; nothing is written back. Optional.
7. Retention and deletion
Because your data lives on your device, you control retention:
- Export your full journal (entries, media, locations, places) to a file at any
time from Settings → Data Management.
- Reset All Data erases your entries, media, locations, saved places, and
generated covers from the device.
- Uninstalling the app removes its on-device data (a device backup you made may
still contain a copy until it expires per your platform's settings).
- To stop wearable syncing, disconnect the integration; to revoke Loomy's access entirely,
also remove it in your Whoop/Oura account. To stop Apple Health access, revoke it in iOS
Settings → Privacy & Security → Health → Loomy.
8. Security
Your data stays on your device. Wearable tokens are stored in the OS secure keystore, and optional App
Lock adds a biometric/passcode gate. No method of storage or transmission is 100% secure, and we
cannot guarantee absolute security.
9. Children
Loomy is not directed to children under 13, and we do not knowingly collect data from them.
If you believe a child has used Loomy, contact us and we will help.
10. International users
Some processors above may process data in the United
States or
other countries. By using AI or connected features you understand that the relevant data may be
processed in those locations.
11. Your rights
Because Loomy is local-first, you already hold your data directly: you can
access and export it, correct it by editing, and delete it — all from within the app, without
contacting us. Depending on where you live, you may have additional rights under laws such as
the GDPR or CCPA; contact us to exercise them.
12. Changes
We may update this policy. Material changes will be reflected by a new effective date and,
where appropriate, an in-app notice.
13. Contact
Questions or requests: hello@loomyjournal.com.