Digital Shadow — Privacy Policy
Effective: 21 April 2026
This Privacy Policy explains what personal data Digital Shadow ("we", "us", the "Service") collects, how we use and store it, and who we share it with. It sits alongside our Usage Policy and Terms of Service.
Digital Shadow is a personal memory system. Almost everything you do on it is personal data about you — sometimes deeply so. We take that seriously. This policy is written to be short and honest rather than comprehensive, and we will update it as the Service changes.
1. What We Collect
1.1 Account data
When you register, we collect your name, email address, and — if you link it — your WhatsApp phone number. If you sign in with Google, we receive your name, email, and profile identifier from Google.
1.2 Your Content
Everything you submit to the Service:
- Text you write into the app.
- Voice recordings and conversation audio, along with the resulting transcripts.
- Images you upload.
- Messages you send to the Service through WhatsApp.
- Questions you ask the recall feature and the answers we generate.
1.3 AI-derived data
From Your Content, the Service automatically generates and stores additional information to make recall and search work — for example, summaries, moods, tags, topics, reminders, references to people or places mentioned in your entries, and numerical representations ("embeddings") used for search and, in the case of images, for face matching.
1.4 Technical data
We log what we need to run the Service reliably: IP address, device type, operating system, browser, approximate location derived from IP, timezone, and timestamps of activity. We log errors and usage metrics, including the cost and performance of calls to our AI providers.
1.5 What we don't collect
We do not ask for payment card numbers (any future billing will be handled by a third-party processor), government IDs, or biometric data beyond the face-matching representations described in §1.3.
2. How We Use It
We use your data only to operate the Service:
- To store, enrich, search, and show Your Content back to you.
- To generate summaries, transcripts, search results, and reminders.
- To deliver notifications and reminders (in-app and email).
- To send invite emails, password resets, and essential service messages.
- To monitor performance, debug errors, and prevent abuse.
- To enforce our Usage Policy.
We do not use Your Content to train AI models. We do not build our own AI models — we route requests to third-party providers (see §4) under terms that prohibit training on API data.
We do not sell your data. We do not share it with advertisers. There are no advertisers.
3. Where It Lives
Your account and the content you submit are stored in a way that keeps your data isolated from other users' data. The Service runs on cloud infrastructure; images and audio are stored on cloud object storage. Data may be processed in any region where our hosting provider or our AI providers operate.
4. Third Parties We Send Data To
To deliver core features, Your Content is transmitted to third-party processors. The relevant categories today are:
| Category | Purpose |
|---|---|
| AI model providers | Generating text, summaries, transcripts, and search results |
| Speech services | Transcription and speaker separation for voice and conversations |
| Vision services | Detecting faces and labels in uploaded images |
| Messaging gateway | Sending and receiving WhatsApp messages |
| Email delivery | Transactional email |
| Cloud hosting and storage | Running the Service and storing files |
The specific providers in each category may change over time. A current list of sub-processors is available on request through the in-app feedback channel.
Based on each provider's standard API terms as of the effective date of this policy, we understand that:
- None of the AI, speech, or vision providers listed above use API inputs or outputs to train their models by default.
- Providers typically retain API inputs and outputs for a short period (commonly around 30 days) for abuse monitoring and safety enforcement.
- "Zero Data Retention" tiers exist for some providers but are generally opt-in or enterprise-only; unless explicitly stated otherwise, assume we use standard API tiers.
These practices are set by the providers and can change. We will update this section as our integrations or their terms change, but we cannot guarantee what each provider does inside its own systems. You should review their privacy policies if this matters to you.
5. How Long We Keep It
- Active account. We keep Your Content for as long as your account is active, until you delete it.
- After you (or we) disable the account. Your Content is retained for 30 days. During this window, access is blocked but data is recoverable if you ask us to reinstate the account.
- Permanent deletion. After the 30-day window, or sooner if you explicitly request it, Your Content is permanently deleted. A minimal record (email, deletion timestamp, reason) is retained to prevent abuse.
- Operational logs. Error logs, usage records, and session history are retained for up to 12 months for security, debugging, and cost accounting, and then deleted or aggregated.
- Backups. Backups may contain data for up to 30 days after deletion from the live system before they are rotated out.
- Third-party copies. We cannot delete data from the abuse-monitoring logs of AI providers; those expire on the provider's schedule (typically around 30 days — see §4).
6. Security
We protect your data with industry-standard measures: encrypted transport (HTTPS), authenticated sessions, data isolation between users, and restricted administrative access that is logged. Access to user data by the operator is limited to what is needed for support, debugging, or enforcing the Usage Policy.
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you without undue delay.
7. Your Choices
You can, at any time:
- View, edit, and delete your entries, images, audio, and related data through the app.
- Correct mistakes the AI makes about the people, places, or relationships it identifies.
- Export your data.
- Disable your account, and later request permanent deletion.
- Sign out of specific devices.
To exercise any of these, use the Settings area of the app or contact the operator through the in-app feedback channel.
Regardless of your location, we will honour reasonable requests to access, correct, or delete your personal data, subject to what is technically possible (for example, we cannot retrieve data already purged from third-party provider logs).
8. Children
The Service is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.
9. Changes
We will update this policy as the Service evolves. Material changes will be communicated in-app or by email. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy.
10. Contact
For privacy questions, data requests, or complaints, contact the operator through the in-app feedback channel.
This Privacy Policy is written to be short and direct. It is not a comprehensive legal instrument and does not cover every jurisdiction-specific right you may have under local law. If you have specific statutory rights (for example, under GDPR, UK GDPR, the DPDP Act, CCPA, or similar), we will honour them to the extent they apply.