Privacy Policy

We collect only what we need to make the Service work:

• Account info. When you sign in with Apple or Google we receive your email address, a unique provider identifier, and (where you grant it) your display name and profile picture.
• Your entries. The text you type into Log Anything, the type you tagged it as, the local time you logged it, and the structured fields the AI extracted (e.g. meal items, expense amount, mood score).
• Your settings. Default currency, expense categories, quick-log order, theme preference, custom types you create, onboarding answers.
• Subscription status. Whether your premium entitlement is active. Apple processes the payment; we never see your card number.
• Diagnostic data. Standard request logs (timestamps, error codes, device/OS string the platform sends with API calls), used to debug failures and detect abuse.

We do not collect contacts, photos (unless you explicitly upload an avatar), location, microphone audio, or device identifiers beyond what your platform sends with normal API calls. We do not run third-party analytics or advertising SDKs in the app.

• To save your entries and let you read, search, and edit them later.
• To send your entry text to an AI model so it can extract structured fields (see “AI processing” below).
• To honor your settings (currency, theme, etc.) across devices.
• To gate premium features against your active subscription, and to send you transactional notifications you’ve opted into.
• To investigate bugs, abuse, and security incidents.
• To comply with our legal obligations.

We do not use your entries to train AI models, build ad profiles, sell or rent data to third parties, or share your data with anyone outside the service providers listed below.

Legal basis. Where applicable laws require it, we process your data on the legal basis of (a) performing our contract with you to provide the Service, (b) your consent (where you grant it explicitly, such as for optional notifications), (c) our legitimate interest in operating, securing, and improving the Service, and (d) compliance with legal obligations.

When you log an entry of a type that supports AI parsing (meal, expense, mood, habit, metric, workout, person, list), the entry text — along with a small number of your most recent same-type entries to give the model context — is sent to our AI provider so it can return the structured fields we save alongside your entry.

We route requests through Vercel AI Gateway to Anthropic’s Claude models (currently Claude Sonnet 4.6 with Claude Haiku 4.5 as a fallback).

What this means for your data:

• Anthropic does notuse Log Anything API requests or responses to train its models, per Anthropic’s commercial terms. See Anthropic’s Privacy Policy and Commercial Terms of Service.
• Anthropic may retain API request and response data for a limited period for trust & safety review and abuse detection, as described in their privacy policy. You can review their current data-handling practices at the link above.
• Vercel AI Gateway routes the request to Anthropic and may log request metadata (timestamps, model used, token counts, error codes) for observability, billing, and abuse prevention. See Vercel’s Privacy Policy.
• We do not authorize either party to use your data for any purpose other than fulfilling the request and the limited operational uses described in their published policies.

Note types like note (free text) and custom entries are stored as written and are not sent to any AI model.

Your entries, settings, and avatar are stored on our database, hosted on Supabase in the United States. Our web and AI infrastructure runs on Vercel, also primarily in the United States.

If you are located outside the United States — including in India, the European Economic Area, the United Kingdom, or elsewhere — your data will be transferred to and processed in the United States. By using the Service you understand and consent to this transfer. We rely on the standard contractual protections offered by our service providers and take reasonable steps to ensure your data is protected wherever it’s processed.

We use reasonable and industry-standard practices to protect your data:

• All traffic is encrypted in transit using TLS.
• Data is encrypted at rest by our database and storage provider (Supabase).
• Database row-level security ensures a logged-in user can only ever read or modify their own rows.
• Access to production systems is restricted to authorised personnel and authenticated via strong credentials.
• We don’t store payment card data — Apple handles all subscription billing.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you and the relevant authorities as required by applicable law.

• Active accounts: we keep your entries, settings, and account data for as long as your account is active.
• Deleted accounts:when you delete your account, entries and settings are removed immediately. Provider-level backups are purged on the provider’s normal rotation, typically within 30 days.
• Inactive accounts: we may delete or anonymise accounts that have shown no activity for an extended period (24 months or more) after notifying you by email.
• Diagnostic logs: short-lived (typically rotated within 30 days).
• Subscription records: we may keep minimal records of past subscription events (start, end, identifier) for as long as necessary to comply with tax, accounting, and audit obligations.

We only share data with service providers that need it to make Log Anything work. We do not sell, rent, or trade your data with anyone, ever.

• Apple & Google — sign-in identity, and (Apple) subscription billing.
• Supabase — database, authentication, file storage.
• Vercel — web hosting and AI Gateway routing.
• Anthropic — AI model that parses your entries.
• RevenueCat — subscription state and entitlement management; receives an opaque user identifier we generate (not your email or name).

We may also disclose data if required by valid legal process (subpoena, court order, government request) or to protect the rights, property, or safety of users, third parties, or ourselves.

If we are ever acquired, merged, or sell substantially all of our assets, your data may be transferred as part of that transaction. We will give you notice and a chance to delete your data before the transfer takes effect.

Premium features are unlocked by an auto-renewing subscription sold via Apple’s in-app purchase system. Apple processes the payment, manages your subscription, and shares only the entitlement status with us via RevenueCat. We do not see, store, or transmit your payment card data.

You can manage or cancel your subscription at any time in iPhone Settings → Apple ID → Subscriptions, or from the Subscription section of the app.

You can delete your account at any time from Settings → Account → Delete account in the app. Deleting your account immediately removes:

• Your authentication record (you can no longer sign in).
• All of your log entries.
• All of your custom types, settings, and onboarding answers.
• Your uploaded avatar, if any.

The deletion is hard, immediate, and irreversible. Backups are purged on our provider’s normal rotation (typically within 30 days).

You can access and edit any of your entries directly from the app — every parsed value is editable. You can also request a copy of your data (an export) by emailing support@loganything.app; we’ll respond within 30 days.

Depending on where you live, you may have additional rights — including the right to access, correct, port, or restrict the processing of your personal data, and the right to lodge a complaint with your local data protection authority. To exercise these rights, email support@loganything.app.

If you are a Data Principal located in India, you have the following rights under the Digital Personal Data Protection Act, 2023 (“DPDP Act”):

• Right to access a summary of personal data processed and the processing activities undertaken on it.
• Right to correction and erasure of your personal data.
• Right to grievance redressal through the contact below.
• Right to nominate another person to exercise these rights in the event of your death or incapacity.
• Right to withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, or to file a grievance, contact our Grievance Officer:

Grievance Officer
Log Anything
Email: support@loganything.app

We will acknowledge your request within a reasonable period and respond within the timelines required by the DPDP Act.

Log Anything is not directed to children under 18. We do not knowingly collect personal data from anyone under that age. If you are a parent or guardian and believe a child has created an account, contact us at support@loganything.app and we will delete it.

We may update this policy as the product evolves. When we do, we’ll update the “Last updated” date at the top. Material changes will be announced in-app or by email before they take effect. Continuing to use the Service after changes means you accept the updated policy.

Questions, requests, or feedback? Email support@loganything.app.