your entries are yours.

what petal stores

• your email, so you can sign in.
• a salted argon2 hash of your password. we never see the password.
• your mood and the line you write each day, encrypted before they ever leave your device. we hold the box, you hold the key.
• a session cookie so you do not have to log in every time.

what petal does not store

• analytics. no google, no plausible, no mixpanel, no fathom.
• third-party trackers. there are zero scripts on this site that are not ours.
• your ip address, beyond the few seconds it takes to serve a request.
• ad ids, device fingerprints, or anything that follows you elsewhere.

where it lives

hosted in europe. end-to-end encrypted: the contents of your entries are scrambled on your device before being sent, and only your password can unscramble them. our server can store them, back them up, and serve them back — but it cannot read them. neither can we.

one practical consequence: if you forget your password, we cannot recover your old entries. that is the price of a real lock.

we never train AI on your entries

we couldn't if we wanted to — your entries are encrypted on the way out of your device. we also wouldn't if we could.

leaving

you can delete your account from settings. it is one button. it removes every entry, every session, your email, and the password hash. backups containing it expire within 30 days. nothing remains after that.

questions

write to hello@petal.app. a real person reads it, usually within a day or two.