Ditto ("we," "our," or "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.
What We Collect
When you use Ditto, we collect the following:
- Audio recordings — voice recordings you make within the app, stored securely for transcription and future playback.
- Transcripts and journal entries — the text transcription of your recordings, along with AI-generated summaries, mood tags, and insights.
- Account information — your name and email address, collected during onboarding and when you sign in with Apple or Google.
- Usage data — how you interact with the app (screens visited, features used), collected via Mixpanel analytics.
- Subscription status — whether you have an active subscription, managed via RevenueCat.
How We Use Your Data
We use your data solely to provide and improve the Ditto service:
- Audio recordings are sent to OpenAI's Whisper API for transcription and stored securely for features like audio playback.
- Transcripts are sent to OpenAI's GPT-4o-mini to generate summaries, mood tags, pull quotes, and reflection questions.
- Your journal entries and insights are stored securely in our database so you can access them across sessions.
- Usage data helps us understand how the app is used and where to improve it.
We do not sell your data. We do not use your journal entries for advertising.
Third-Party Services
Ditto uses the following third-party services to operate:
- Supabase — database, authentication, and file storage. Your entries and account data are stored on Supabase infrastructure.
- OpenAI — transcription (Whisper) and AI analysis (GPT-4o-mini). Audio and transcripts are transmitted to OpenAI for processing.
- Mixpanel — usage analytics. Event data is anonymized and does not include journal content.
- RevenueCat — subscription management and payment processing via the App Store. We share your email and name with RevenueCat to identify your account.
- Apple — Sign in with Apple authentication.
- Google — Sign in with Google authentication.
Each of these services operates under their own privacy policies. We encourage you to review them if you have questions about how they handle data.
Data Retention
Your journal entries and audio recordings are retained for as long as your account is active. If you delete your account, all data including entries, audio, and AI-generated insights is permanently removed from our systems within 30 days.
Data Security
Your data is encrypted in transit (HTTPS) and at rest (server-side encryption). Access is controlled by row-level security, meaning only you can access your entries. Audio files are stored in authenticated storage buckets and require your login credentials to access.
Your Rights
You have the right to:
- Access the data we hold about you
- Request deletion of your account and all associated data
- Export your journal entries
To exercise these rights, contact us at dittosupport@gmail.com.
Children's Privacy
Ditto is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.
Contact
If you have any questions about this privacy policy or how we handle your data, contact us at dittosupport@gmail.com.