Privacy Policy

Last updated: March 22, 2026

1. Introduction

Humanity Says ("we," "us," or "our") operates humanitysays.com(the "Service"). This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Service.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Data We Collect

2.1 Account Data

  • Email address— collected when you sign in via magic link or Google. Used as your account identifier.
  • Account creation date and entry count.

2.2 Diary Entries

  • Entry text (up to 15,000 characters), optional title, and optional display name.
  • Photos (up to 3 per entry, JPEG/PNG/WebP).
  • Country, region, and city — detected from server-side headers on Vercel. You may override this before submitting.
  • Time of day (morning, afternoon, evening, or late-night).
  • Mood and language— classified automatically by AI (see Section 3.2).

2.3 Newsletter Subscription

  • Email address and optional country/region preference.

2.4 Automatically Collected Data

  • IP address— used temporarily for rate limiting only. Not stored permanently.
  • Geolocation— derived from server-side headers (country, region, city). Your precise coordinates are never collected.

2.5 Donations

Donations are processed by Stripe. We do not collect or store credit card numbers, billing addresses, or other payment details. Stripe's privacy policy governs your payment data.

3. How We Use Your Data

3.1 Core Service

  • Display your diary entries on the public feed and map.
  • Provide your private entry history via "My Entries."
  • Send authentication emails (magic links) and newsletter digests.
  • Process donations through Stripe.

3.2 AI Processing

Your entry text is sent to a third-party large language model (via OpenRouter) for:

  • Mood classification— assigning an emotional tone to your entry (e.g., hopeful, reflective, anxious).
  • Content moderation— detecting hate speech, explicit content, personal information (PII), spam, and self-harm indicators.
  • Language detection— identifying the language of your entry.

This processing is necessary to operate the mood map, maintain community standards, and support multilingual content. Your entry text is sent to the AI provider but is not used to train their models.

3.3 Archival Program

Our mission is to create a permanent record of humanity. Published entries may be compiled into archives for preservation. Only the entry text, date, location (country), and mood are included — never your email address or account details.

3.4 Rate Limiting

Your IP address is temporarily stored (approximately 1 hour) in Redis for rate limiting purposes. It is not linked to your account or entry data.

4. Anonymous Entries

When you submit an entry as "anonymous," your display name is not shown publicly. However, your entry text, location (country, region, city), and metadata are still stored and processed as described in this policy. If you are signed in, the entry is linked to your account internally but displayed without your name.

5. Third-Party Services

We share data with the following service providers:

ServicePurposeData Shared
Google Cloud / FirebaseData storage, authenticationAll account and entry data
OpenRouterAI mood & moderationEntry text only
ResendEmail deliveryEmail address, message content
StripeDonation processingPayment details (handled by Stripe)
UpstashRate limitingIP address (temporary)

We do not sell, rent, or trade your personal data to any third party. We do not use advertising networks or tracking pixels.

6. Cookies

We use only essential cookies:

  • hs_user_session— an encrypted session token for authentication. HttpOnly, secure, expires after 30 days.
  • theme— your light/dark mode preference. Expires after 1 year.

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

7. Data Retention

  • Account data— retained while your account is active.
  • Published entries— retained as part of the permanent archive. This is core to our mission.
  • Deleted accounts— all personal data (account, entries, photos, subscriptions) is purged within 30 days of deletion.
  • Rate limiting data— automatically expires after approximately 1 hour.
  • Newsletter subscriptions — retained until you unsubscribe, at which point your record is immediately deleted.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access— request a copy of all data we hold about you. Use the "Download my data" feature in My Entries.
  • Deletion— request deletion of your account and all associated data. Use the "Delete account" feature in My Entries.
  • Correction— request corrections to inaccurate personal data by contacting us at privacy@humanitysays.com.
  • Portability— download your data in a machine-readable JSON format via My Entries.
  • Withdraw consent— you can delete your account at any time to withdraw consent for data processing.
  • Complaint— you have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@humanitysays.com and we will delete the data promptly.

10. International Data Transfers

Your data is processed and stored using services based in the United States (Google Cloud, Upstash, Resend, Stripe, OpenRouter). If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Security

We implement reasonable security measures to protect your personal data, including:

  • Encrypted session cookies (HttpOnly, Secure, SameSite).
  • Server-side authentication with signed JWT tokens.
  • Rate limiting on API endpoints.
  • HTTPS encryption for all data in transit.
  • AI-powered content moderation to detect and remove personal information.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. If the changes are significant, we will make reasonable efforts to notify you (for example, via a banner on the site or an email to registered users).

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

privacy@humanitysays.com