How we handle your stuff

Your data is yours

Every file, evidence item, and journal entry is locked to your account at the database level. We use row-level security policies so that even our own code can't pull another user's data when acting as you.

Files live in a private bucket

Screenshots, PDFs, photos, and audio you upload go into a private storage bucket. Each file's path is prefixed with your user ID, and access is gated by a policy that only lets you read or write files inside your own folder. Files are accessed via short-lived signed URLs that expire in minutes.

Audit log

Every create, update, and delete of your evidence and journal entries is recorded in an append-only audit log scoped to your account. You can review it at any time. We can't edit or remove entries from it after the fact.

AI processing

We use AI to OCR your screenshots, transcribe your voice memos, and extract dates, people, and places. AI calls go through Lovable's AI gateway. Your content is sent to the gateway to perform the requested task and is not used to train models. We don't store AI prompts beyond what's needed to produce the result you asked for.

Deletion

Deleting a file removes all of its evidence and journal entries, and removes the associated uploads from the private bucket. The audit log keeps a record that the deletion happened (so you have a paper trail), but not the deleted content itself.

What we don't do

• We don't sell your data. To anyone. Ever.
• We don't use third-party analytics that capture your content.
• We don't share your evidence with the other person in your dispute.
• We don't promise this is a substitute for legal advice — talk to a real lawyer.