Lost in Thought

Privacy Policy

Effective Date: April 9, 2026

Last Updated: April 9, 2026

Our Privacy Pledge

Lost in Thought will never sell your data. We will never use your journal entries, mood data, or any personal health information to train AI or machine learning models, our own or anyone else's. Your mental health data belongs to you. Full stop.

This is not a legal formality. It is a founding principle. In an industry where companies have repeatedly treated mental health data as a product to be monetized. Many healthtech companies are tech first, privacy and compliance second. The industry has a trust problem. Lost in Thought makes the opposite choice.

Mental health data is among the most sensitive personal information a person can generate. The moment you journal about your anxiety, your relationships, or your experiences, you are extending trust. We take that trust seriously.

Introduction

Lost in Thought ("we," "our," "LiT," or "us") is a privacy-first mental health journaling platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application.

By using the App, you agree to the practices described in this Privacy Policy.

Information We Collect

Information You Provide

  • Account information: Email address, username, and password when you create an account
  • Journal content: Text entries, voice recordings, photos, and any other content you add to your journal
  • Profile information: Optional profile details you choose to provide

Information Collected Automatically

  • Usage data: How you interact with the App, features used, and time spent — used only in de-identified form for product improvement
  • Device information: Device type and operating system version
  • Log data: IP address and access times for security purposes

Information from Third-Party Authentication

  • Authentication services: If you sign in through Apple Sign-In or Google, we receive only the basic profile information those services provide and you authorize

How We Use Your Information

Core App Functionality

  • Journal storage and sync: Storing and synchronizing your journal entries across your devices
  • Account management: Creating and maintaining your user account
  • Intelligent features: Providing AI-powered insights, summaries, and pattern detection features

What Our Intelligent Features Do and Do Not Do

Lost in Thought uses AI to power features like weekly insight summaries, mood pattern detection, and personalized prompts. These features process your journal content to deliver value back to you. They do not feed your data into any training pipeline.

Specifically:

  • Your journal entries are sent to a dedicated Google Vertex AI processing service solely to generate your personal insights. They are processed in real time and not retained by AI providers for training or any other purpose.
  • No journal content, mood data, or personal health information is ever used to train AI or machine learning models. Not our own, not third-party providers', not anonymized, not aggregated.
  • All AI features are optional. A user who never reads an insight summary still receives full value from the journaling practice itself.

De-Identified Analytics

We use de-identified, aggregated data to understand how the product is used and to improve it. This analytics pipeline never touches raw journal content. No personal health information flows through any analytics system.

Data Storage and Security

Infrastructure

Lost in Thought stores your data on Supabase, a secure cloud database provider. All data is encrypted in transit and at rest.

  • Encryption at rest: All data is encrypted at rest using industry-standard encryption
  • Encryption in transit: All data in transit uses TLS encryption
  • Access controls: Access to your data is strictly limited to systems and team members with a specific need
  • Data minimization: Raw journal content is never accessible in any analytics pipeline

Third-Party Services

  • Supabase: Database storage and user account management
  • Authentication services: Supabase authentication. Additional optional services users can leverage include native biometric authentication for iOS and Android devices to authenticate with Supabase.
  • AI language model services: AI processing for insight features; your content is processed in real time and not retained for training
  • Analytics services: De-identified app usage analytics only

Data Sharing and Disclosure

Our Baseline Commitment

We do not sell, trade, or rent your personal information to third parties. We do not share your data with advertisers. We do not provide your data to any party for commercial purposes. Ever.

Limited Sharing Circumstances

  • Service providers: Infrastructure and authentication providers (Supabase, Apple, Google) for the sole purpose of operating the App
  • AI insight providers: AI processing services to generate your personal insights, as described above. These providers do not retain your content.
  • Legal requirements: We may disclose data as required by law, in response to valid court orders, or to protect the safety of our users or the public
  • Business transfers: In a merger or acquisition, your data would transfer to the new entity subject to the same privacy protections. You will be notified before any such transfer.

Your Rights and Choices

Data Access and Control

  • Access: Request a copy of all personal data we hold about you
  • Correction: Update or correct inaccurate information in your profile
  • Deletion: Request permanent deletion of your account and all associated data
  • Portability: Export your complete journal history in a standard format at any time

Account Deletion

You can delete your account at any time through App settings. Upon deletion:

  • All journal entries are permanently deleted
  • Account information is removed from our systems
  • Some data may be retained for legal or security purposes as required by law

Research and Future Partnerships

If Lost in Thought ever pursues research partnerships that would involve user data, we will obtain explicit, informed, separate consent. Never bundled into Terms of Service or assumed from app usage. Any such partnerships will be disclosed publicly.

Children's Privacy

Our App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information, please contact us at jack@lostinthoughtapp.com.

Data Retention

We retain your information only for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Journal entries are retained until you delete them or close your account. Account information may be retained for a reasonable period after account closure for legal and administrative purposes.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt-out of the sale of personal information — we do not sell personal information
  • Right to non-discrimination for exercising your CCPA rights

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy in the App and on our website
  • Sending an email notification if you've provided an email address
  • Displaying a notice when you next open the App

Your continued use of the App after any changes constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: jack@lostinthoughtapp.com

Website: https://lostinthoughtapp.com/privacy_policy

Your data belongs to you. Always.