Inward

Privacy Policy

Effective: 2026-06-23

The gist

Inward is an app for self-discovery. To work, it has to handle some genuinely personal content — your reflections, your answers, your conversations with our AI guide (Sherp). We take that seriously.

Here's what's worth knowing up front:

The rest of this document is the formal version.

01Who we are

Inward is operated by Inward Journeys, Inc., a Delaware corporation, with a primary contact address at 61 Richardson St, Apt PHH, Brooklyn, NY 11211. References to "Inward," "we," "us," or "our" mean Inward Journeys, Inc.

For privacy questions, contact us at privacy@getinward.com.

02Scope

This policy covers the Inward iOS app and any web property at getinward.com. It does not cover third-party services you reach through links we publish — those services have their own policies.

03What we collect

3.1 Account information

3.2 Content you create in the app

3.3 Device and usage information

3.4 What we do not collect

04How we use your information

PurposeWhat we use
Run the app — generate Sherp replies, build your Inner Map, save progressEpisode responses, Sherp conversations, Personal File, account info
Monitor AI quality and cost — catch regressions, track token usage, debug latencyAI prompts + completions (via PostHog LLM Analytics)
Diagnose bugs and crashesCrash reports (via Sentry)
Understand product usage in aggregate — how many users complete an arc, where drop-off happensAnonymized + aggregated event data (via PostHog)
Communicate with you about your account or service updatesEmail address
Comply with legal obligations and prevent abuseServer logs, account info

05Sherp transcripts and PostHog

Because this is the most personal data flow in Inward, it gets its own section.

When you talk to Sherp — either inside an episode or in advisor chat — the full text of your message and Sherp's response is sent to PostHog, our analytics provider, as a "$ai_generation" event. PostHog stores it. We use it to:

PostHog is a third-party processor; we have a Data Processing Agreement with them. Their retention for these events is 1 year on our current plan, after which the events are deleted automatically. PostHog does not use your content for any purpose other than to provide service to us.

If you'd prefer your transcripts not be logged this way, the only option today is not to use Sherp. We expect to add an opt-out toggle for AI logging in a future release; until then, this is the trade-off the app makes to ship reliable quality.

06Subprocessors

Inward uses the following service providers ("subprocessors") to operate the app. Each receives only the data needed for its function. None of them sell your data.

SubprocessorWhat it doesWhat it seesLocation
Anthropic (Claude API)Generates Sherp's replies and most synthesis outputYour messages to Sherp + system prompts + AI responsesUSA
OpenAI (when enabled)Alternative LLM provider; routed for some calls when our internal AI-provider flag is set to OpenAISame as Anthropic, when usedUSA
SupabaseDatabase, authentication, file storageAll persisted user data — account, responses, transcripts, Personal File, synthesisUSA (AWS regions)
VercelHosting and serverless compute for the backend APIAll request/response data (in-flight only — Vercel does not persist your content beyond logs)USA
PostHogProduct analytics + LLM observabilityEvent data + AI prompt/completion content (see §5)USA
SentryError and crash monitoringStack traces, errors, request metadata (no transcript content)USA
AppleSign in with Apple, App Store, push notifications (if you opt in)Sign-in identity, subscription metadata, device push tokenPer Apple

On AI training. Anthropic's API terms (anthropic.com/legal/commercial-terms) and OpenAI's API terms (openai.com/enterprise-privacy) both prohibit using API content to train their models. This is different from their consumer products (e.g., ChatGPT or claude.ai). Inward uses only the API path. We ourselves do not train models on user content.

On data location. All current subprocessors store data primarily in the United States. If you are in the EU, UK, or another region with cross-border transfer rules, see §10.

Changes. We may update subprocessors over time. Material changes are announced in-app, and the current list always lives at the latest version of this policy.

07Retention

Data typeRetention
Account and content (responses, conversations, Personal File, synthesis)Kept while your account is active. Soft-deleted when you delete your account; hard-deleted from primary storage within 30 days of soft delete.
Database backupsRotating, with a maximum age of 30 days. Hard-deleted content is purged from backups within 30 days.
AI events in PostHog (prompt + completion content)1 year from event date, then auto-deleted
Aggregate analytics events in PostHog1 year from event date
AI provider logs (Anthropic, OpenAI)Up to 30 days for abuse monitoring per their API terms, then deleted
Server logs (Vercel)30 days
Error reports (Sentry)90 days

Account deletion is initiated from the app settings screen. We process deletion requests within 30 days. Some information may be retained longer if required by law (e.g., billing records).

08Your rights

8.1 Everyone

Regardless of where you live, you can:

8.2 California residents (CCPA / CPRA)

If you are a California resident, you have additional rights:

To exercise any of these rights, email privacy@getinward.com. We may need to verify your identity (typically by confirming your account email).

8.3 EU, UK, and other GDPR-aligned regions

If you are in the EU, UK, Switzerland, or another region with GDPR-style rules, you also have:

09Children's privacy

Inward is rated for users 17 and older. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe a child under 13 has provided us personal information, contact us at privacy@getinward.com and we will delete it.

10International users

Inward is operated from the United States. By using the app, you understand that your information will be processed in the United States and other countries where our subprocessors operate. Different countries have different privacy laws; we apply the protections in this policy globally.

11Security

We use industry-standard practices:

No system is perfect. If we discover a security incident affecting your data, we will notify you in line with applicable law.

12Changes to this policy

We update this policy as the product evolves. Material changes (new subprocessors, new categories of data, new uses) will be announced in-app with at least 30 days notice before they take effect. The "Effective" date at the top of this document reflects the most recent revision.

A change history is maintained in our public repository so you can see what changed and when.

13Contact

Get in touch

Inward Journeys, Inc.

61 Richardson St, Apt PHH, Brooklyn, NY 11211

privacy@getinward.com