Inward
Effective: 2026-06-23
The gist
Inward is an app for self-discovery. To work, it has to handle some genuinely personal content — your reflections, your answers, your conversations with our AI guide (Sherp). We take that seriously.
Here's what's worth knowing up front:
The rest of this document is the formal version.
Inward is operated by Inward Journeys, Inc., a Delaware corporation, with a primary contact address at 61 Richardson St, Apt PHH, Brooklyn, NY 11211. References to "Inward," "we," "us," or "our" mean Inward Journeys, Inc.
For privacy questions, contact us at privacy@getinward.com.
This policy covers the Inward iOS app and any web property at getinward.com. It does not cover third-party services you reach through links we publish — those services have their own policies.
| Purpose | What we use |
|---|---|
| Run the app — generate Sherp replies, build your Inner Map, save progress | Episode responses, Sherp conversations, Personal File, account info |
| Monitor AI quality and cost — catch regressions, track token usage, debug latency | AI prompts + completions (via PostHog LLM Analytics) |
| Diagnose bugs and crashes | Crash reports (via Sentry) |
| Understand product usage in aggregate — how many users complete an arc, where drop-off happens | Anonymized + aggregated event data (via PostHog) |
| Communicate with you about your account or service updates | Email address |
| Comply with legal obligations and prevent abuse | Server logs, account info |
Because this is the most personal data flow in Inward, it gets its own section.
When you talk to Sherp — either inside an episode or in advisor chat — the full text of your message and Sherp's response is sent to PostHog, our analytics provider, as a "$ai_generation" event. PostHog stores it. We use it to:
PostHog is a third-party processor; we have a Data Processing Agreement with them. Their retention for these events is 1 year on our current plan, after which the events are deleted automatically. PostHog does not use your content for any purpose other than to provide service to us.
If you'd prefer your transcripts not be logged this way, the only option today is not to use Sherp. We expect to add an opt-out toggle for AI logging in a future release; until then, this is the trade-off the app makes to ship reliable quality.
Inward uses the following service providers ("subprocessors") to operate the app. Each receives only the data needed for its function. None of them sell your data.
| Subprocessor | What it does | What it sees | Location |
|---|---|---|---|
| Anthropic (Claude API) | Generates Sherp's replies and most synthesis output | Your messages to Sherp + system prompts + AI responses | USA |
| OpenAI (when enabled) | Alternative LLM provider; routed for some calls when our internal AI-provider flag is set to OpenAI | Same as Anthropic, when used | USA |
| Supabase | Database, authentication, file storage | All persisted user data — account, responses, transcripts, Personal File, synthesis | USA (AWS regions) |
| Vercel | Hosting and serverless compute for the backend API | All request/response data (in-flight only — Vercel does not persist your content beyond logs) | USA |
| PostHog | Product analytics + LLM observability | Event data + AI prompt/completion content (see §5) | USA |
| Sentry | Error and crash monitoring | Stack traces, errors, request metadata (no transcript content) | USA |
| Apple | Sign in with Apple, App Store, push notifications (if you opt in) | Sign-in identity, subscription metadata, device push token | Per Apple |
On AI training. Anthropic's API terms (anthropic.com/legal/commercial-terms) and OpenAI's API terms (openai.com/enterprise-privacy) both prohibit using API content to train their models. This is different from their consumer products (e.g., ChatGPT or claude.ai). Inward uses only the API path. We ourselves do not train models on user content.
On data location. All current subprocessors store data primarily in the United States. If you are in the EU, UK, or another region with cross-border transfer rules, see §10.
Changes. We may update subprocessors over time. Material changes are announced in-app, and the current list always lives at the latest version of this policy.
| Data type | Retention |
|---|---|
| Account and content (responses, conversations, Personal File, synthesis) | Kept while your account is active. Soft-deleted when you delete your account; hard-deleted from primary storage within 30 days of soft delete. |
| Database backups | Rotating, with a maximum age of 30 days. Hard-deleted content is purged from backups within 30 days. |
| AI events in PostHog (prompt + completion content) | 1 year from event date, then auto-deleted |
| Aggregate analytics events in PostHog | 1 year from event date |
| AI provider logs (Anthropic, OpenAI) | Up to 30 days for abuse monitoring per their API terms, then deleted |
| Server logs (Vercel) | 30 days |
| Error reports (Sentry) | 90 days |
Account deletion is initiated from the app settings screen. We process deletion requests within 30 days. Some information may be retained longer if required by law (e.g., billing records).
Regardless of where you live, you can:
If you are a California resident, you have additional rights:
To exercise any of these rights, email privacy@getinward.com. We may need to verify your identity (typically by confirming your account email).
If you are in the EU, UK, Switzerland, or another region with GDPR-style rules, you also have:
Inward is rated for users 17 and older. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe a child under 13 has provided us personal information, contact us at privacy@getinward.com and we will delete it.
Inward is operated from the United States. By using the app, you understand that your information will be processed in the United States and other countries where our subprocessors operate. Different countries have different privacy laws; we apply the protections in this policy globally.
We use industry-standard practices:
No system is perfect. If we discover a security incident affecting your data, we will notify you in line with applicable law.
We update this policy as the product evolves. Material changes (new subprocessors, new categories of data, new uses) will be announced in-app with at least 30 days notice before they take effect. The "Effective" date at the top of this document reflects the most recent revision.
A change history is maintained in our public repository so you can see what changed and when.
Get in touch
Inward Journeys, Inc.
61 Richardson St, Apt PHH, Brooklyn, NY 11211