Privacy Policy

Last updated: August 25, 2025

1. Our Privacy Commitment

Lucive is built with privacy as our foundation. Your journal entries are your most personal thoughts, and we've designed every aspect of our service to ensure they remain completely private. Whether you're using Lucive on your Mac or iPhone, your data stays under your control.

2. How Lucive Works

Local-First Architecture

• Your entries stay on your devices – All journal content is stored locally on your device in an encrypted SQLite database
• End-to-end encryption – When you choose to sync between devices, your entries are encrypted using XChaCha20-Poly1305 AEAD cipher before leaving your device
• Zero-knowledge design – Even when using our sync service, we cannot read your journal entries

Platform-Specific Storage

• macOS: Encrypted SQLite database with macOS Keychain integration via Tauri secure store
• iOS: Encrypted storage with iOS Keychain integration

3. Optional Sync Service

If you choose to enable device synchronization, here's what happens:

What the Relay Server Sees

• Device identifiers – Temporary, randomized IDs used only for routing messages
• Encrypted message envelopes – We route encrypted data between your devices but cannot decrypt it
• Connection metadata – Basic connection information (timestamps, message sizes) for service operation
• No personal data – The relay server has zero knowledge of your journal content, titles, or any personal information

What the Relay Server Doesn't See

• Your journal entries – All content is end-to-end encrypted before transmission
• Entry titles or metadata – Everything is encrypted on your device
• Your identity – No user accounts, emails, or personal identifiers required for sync
• Search queries – All search happens locally on your device

How Device Pairing Works

1. Generate a QR code on one device containing a temporary pairing secret
2. Scan the QR code with your other device
3. Both devices derive a shared encryption key
4. All future communication is end-to-end encrypted
5. The relay server only facilitates the connection—it never has access to your encryption keys

4. What We Collect

For the macOS and iOS Apps

• Nothing – The apps themselves collect no data, analytics, or telemetry

For the Marketing Website (lucive.app)

• Basic analytics – Page view counts via Vercel Analytics (no cookies, no cross-site tracking, fully anonymized)
• Purchase data – Email address and Stripe checkout ID for license validation and download delivery (macOS version only)
• Support inquiries – Email address and message content when you contact support

For the Sync Service (Optional)

• Service metrics – Anonymous usage statistics (connection counts, bandwidth usage) for service reliability
• Error logs – Anonymized error reports to improve service stability
• No journal content – We never have access to your encrypted journal data

5. What We Don't Collect

We explicitly do not collect:

• Journal entries, titles, or any content
• Personal identifiers (unless you purchase a license or contact support)
• Location data
• Device contacts or calendar information
• Browsing history
• Biometric data
• Advertising identifiers
• Cross-app tracking data

6. Data Security

Encryption Standards

• At rest: AES-256 encryption for local storage
• In transit: XChaCha20-Poly1305 for end-to-end encryption plus TLS 1.3 for transport security
• Key management: Device-specific keys stored in platform keychains (macOS Keychain and iOS Keychain)

Infrastructure Security

• Relay server: Hosted on Fly.io with automatic security updates
• No data persistence: The relay server doesn't store messages—it only routes them in real-time
• Connection limits: Rate limiting and connection throttling to prevent abuse

7. Third-Party Services

Required Services

• None – Lucive works completely offline without any third-party services

Optional Services (Only if you enable sync)

• Fly.io – Hosts our relay server (processes only encrypted data)
• No analytics services – We don't use Google Analytics, Facebook Pixel, or any tracking services

For Purchases (macOS version)

• Stripe – Processes payments (we don't store credit card information)
• Email delivery – For sending download links and license keys

8. Data Retention and Deletion

Your Journal Data

• Full control – Delete your data anytime from within the app
• Complete removal – Deleting the app removes all local journal data
• No cloud backup – Unless you explicitly export and back up your data yourself

Sync Service

• No message storage – Messages are routed in real-time and never stored
• Connection data – Temporary connection metadata is automatically purged
• Immediate disconnect – Stop using sync at any time; no data is retained

Purchase Records

• Deletion on request – Email us to remove your purchase record
• 30-day processing – We'll delete your data within 30 days of request
• License revocation – Deleting purchase records will revoke your license

9. Children's Privacy

Lucive doesn't knowingly collect data from children under 13. The app is a general-purpose journaling tool without age-specific features or content.

10. Your Rights

You have the right to:

• Access – Export all your journal data at any time
• Portability – Export in standard formats for use elsewhere
• Deletion – Remove all your data instantly from the app
• Opt-out – Use Lucive without any sync or online features
• Transparency – This policy explains everything we do with data

11. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We'll notify you of significant changes through:

• The app's release notes
• Our website
• Email (only if you've provided it for purchases or support)

12. Contact Us

For privacy-related questions, data deletion requests, or concerns:

Email: support@lucive.app
Response time: Within 48 hours for privacy-related inquiries

13. Legal Basis for Processing (GDPR)

For users in the European Union:

• Legitimate interests – Operating the sync service (if you choose to use it)
• Contract fulfillment – Processing purchases and providing downloads
• Consent – For optional features you explicitly enable

14. California Privacy Rights (CCPA)

California residents have additional rights:

• Know – What personal information we collect (detailed above)
• Delete – Request deletion of your information
• Opt-out – We don't sell personal information
• Non-discrimination – Equal service regardless of privacy choices

Summary

Your privacy is paramount. Lucive is designed so that your journal entries never leave your control. Even when using our optional sync service, we use end-to-end encryption to ensure that only you can read your entries. We don't track you, we don't profile you, and we can't read your journal. Your thoughts remain yours alone.

This privacy policy is effective as of August 25, 2025 and applies to Lucive for macOS and iOS (currently in TestFlight beta) and our sync service.