Your data and privacy

Where your data lives

All personal data is stored in a Supabase Postgres database hosted in US East (us-east-1). This includes your prayers, journal entries, anchor completions, pillar activity, and Scripture interactions. Voice recordings are stored in Supabase Storage in the same region with the same access controls.

The database is encrypted at rest by the hosting provider. Row-level security (RLS) policies are applied at the database layer, which means every query is filtered to your user ID before results are returned. Your data is not accessible to other users, and our admin tooling cannot read the content of your individual prayer and journal entries. Aggregate metrics (counts, dates, pillar activity) are visible for billing and system monitoring; private content is not.

Encryption

Beyond database-level encryption at rest, AnchoredTime applies additional encryption to the most sensitive fields:

• BYOK API keys. Encrypted with AES-256-GCM. The encryption master key is stored outside the database in a separate secret store.
• Data in transit. All communication between your device and our servers uses TLS 1.2 or higher. There is no unencrypted path to your data.

For the full technical security picture, see our security page.

AI and your content

When you use AI features (Faithful Actions, Smart Recall, weekly summaries, journaling prompts), AnchoredTime passes relevant content to the AI provider for that specific request. That content is not stored by the provider beyond the request, and it is not used to train AI models, per the current API policies of Anthropic and OpenAI.

AnchoredTime itself never uses your prayers, journal entries, or any personal content to train models. We do not share your content with third parties for any purpose other than completing the feature you explicitly invoked.

If you use BYOK, your content goes directly to your provider account. You have the same protections, and the provider relationship is yours.

Exporting your data

You can export everything at any time. Go to Settings and tap Export My Data. AnchoredTime will package every prayer, journal entry, Scripture interaction, anchor completion record, and voice transcript into a JSON file, upload it to encrypted storage, and email you a signed download link. The link expires after 24 hours.

The export is GDPR-compliant and includes all personal data associated with your account. It does not include aggregate billing records or anonymized usage data, which do not contain personal identifiers.

You do not need to cancel your subscription to export your data. You can export at any time, as many times as you want.

Deleting your account

Go to Settings and tap Delete Account. The following happens immediately:

• Your BYOK API keys are hard-deleted from the database.
• Your prayers, journal entries, anchor records, and voice files are deleted.
• Your usage ledger rows are anonymized: the financial record is retained for accounting accuracy, but your personal identifier is removed from it.
• Your authentication record is removed.

Account deletion is permanent and cannot be undone. If you have an active paid subscription, canceling it before deletion will stop any future charges. If you delete without canceling first, your subscription is also canceled at the point of deletion.

Cookies and tracking

AnchoredTime uses session cookies for authentication. We do not use third-party advertising trackers. We do not sell your data.

We use Vercel Analyticsto understand how the product is being used. Vercel Analytics collects anonymized page views and custom funnel events (signup, onboarding completion, first anchor, subscription changes). These events contain only your Supabase user ID - no email address, display name, or IP address. No personal content (prayers, journal entries, Scripture interactions) is ever included in analytics data. You can read Vercel’s privacy policy at vercel.com/legal/privacy-policy.

Your rights

Regardless of where you live, you have the right to access, export, correct, and delete your data. Email privacy@anchoredtime.com for any request that the in-app tools do not cover. We respond within 30 days and typically much faster.

See our full privacy policy for the complete legal picture.