Leaflo

Leaflo Legal

Effective date: June 2, 2026

Privacy Policy

These pages describe how Leaflo operates and how your data is handled.

Effective date: June 2, 2026

Leaflo ("Leaflo", "we", "us", or "our") provides a private journaling app and related services.

This Privacy Policy explains what data we collect, how we use it, where it is stored, when we share it, and what choices you have.

Operator / controller
Nikolai Skorobogatko
Belgrade, Serbia
Email: [email protected]

1. Scope

This Privacy Policy applies to:

This Privacy Policy does not apply to third-party services, websites, or app stores that may interact with Leaflo, including Apple, Google, email providers, or other providers that have their own privacy policies.

2. Age requirement

Leaflo is not intended for children under 13.

If you are under 13, you may not use Leaflo. If we learn that we have collected personal data from a child under 13, we may delete that data.

For clarity: an app-store content age rating (for example, Apple App Store 4+) is a content-classification label and does not change this age requirement in this Privacy Policy.

3. What we collect

We collect only the data we need to operate the service.

3.1 Account and login data

If you create an account using email and password, we collect:

  • your email address,
  • your password in hashed form on the server,
  • your internal account identifier.

We use this data to create your account, authenticate you, maintain your session, and send password reset emails.

3.2 Guest mode data

Leaflo can also be used in guest mode.

Important points:

  • guest mode can work without a registered email/password account,
  • when online, Leaflo may create or restore a guest cloud session (anonymous backend identity) to support metadata sync and reliability features,
  • guest sessions can still be linked to a device ID and, where available, an internal user identifier.

3.3 Note content and local encryption

Leaflo is a journaling app, so you may create personal notes and other user content.

Important points:

  • your note content is designed to be stored locally on your device in encrypted form,
  • the backend is designed as a metadata-only system for notes and meditations,
  • plaintext note content is not intended to be stored on our backend in the current release architecture.

You control the content you write in Leaflo.

3.4 Metadata sync for notes and meditations

To support cloud sync and consistency, Leaflo may process metadata records such as:

  • device_id, op_id, and internal user ID,
  • created/updated/deleted timestamps and timezone,
  • note metadata such as word_count, template_slug, template_version, template_used,
  • meditation metadata such as duration_seconds,
  • tombstone/deletion metadata used for sync conflict resolution and delete propagation.

This metadata is used for sync, idempotency, conflict resolution, and account-data consistency. It is not the plaintext content of your notes.

3.5 App Store purchase and paid-access data

If you use Leaflo paid access through the Apple App Store, Leaflo may process limited purchase-related status data needed to unlock or restore access.

Examples may include:

  • StoreKit product ID such as leaflo_trial_14d or leaflo_lifetime,
  • paid-access entitlement status,
  • trial end date derived from StoreKit entitlement state,
  • purchase result category, restore result, and related high-level error category,
  • whether Restore Purchases found active access.

Important points:

  • Apple / the App Store handles billing, taxes, refunds, payment methods, and Apple Account purchase processing,
  • Leaflo does not receive your full card number, bank account number, or full payment instrument details,
  • Leaflo does not log receipt payloads, JWS payloads, or raw transaction payloads as product telemetry.

3.6 Technical and usage data

We may collect technical and usage data such as:

  • internal user ID,
  • device ID,
  • time zone,
  • product telemetry events across app lifecycle, navigation, profile/security controls, note and meditation flows, and templates,
  • optional telemetry properties JSON object (up to 4096 bytes) with event context fields (for example screen, source, template_slug, template_version, durations, entry source, product_id, purchase result category, restore result, and entitlement state),
  • reminder telemetry context fields (where reminders are used), including values such as selected_time, authorization_status, permission result, and reminder set/cancel/open interaction source,
  • server and HTTP logs,
  • website analytics events on leaflo.app (for example page views and related technical request metadata),
  • security and rate-limit related records.

We use this data to operate the app, keep the service reliable, prevent abuse, and understand basic product usage.

3.7 Support communications

If you contact us at [email protected], we collect the information you send us, such as:

  • your email address,
  • the contents of your message,
  • related support details needed to answer your request.

3.8 Data we do not currently collect in the current release scope

In the current release scope, Leaflo does not intentionally collect the following as standard product features:

  • phone number,
  • profile photo,
  • date of birth,
  • gender,
  • precise location,
  • approximate location,
  • contacts,
  • camera data,
  • microphone data,
  • photo library data,
  • marketing preferences,
  • advertising identifiers for ad tracking,
  • third-party advertising profiles,
  • AI prompt or AI training data.

3.9 Sensitive content

Because Leaflo is a journaling app, you may choose to write personal or sensitive information in your notes. We do not ask you to submit health records or therapy records as a dedicated product category, but your self-written notes may contain sensitive personal information depending on what you decide to write.

Please only use Leaflo in a way that feels appropriate to you.

4. How we use data

We use data for the following purposes:

  • to create and manage accounts,
  • to authenticate users and maintain sessions,
  • to provide the core journaling functionality,
  • to support guest mode and app usage,
  • to sync notes/meditations metadata across cloud-capable sessions,
  • to determine paid-access entitlement status and restore App Store purchases,
  • to provide password reset and service communications,
  • to operate, secure, and maintain the service,
  • to analyze product usage at a basic operational level,
  • to support reminder UX reliability and reminder-related product analytics where reminder features are enabled,
  • to respond to support, privacy, and deletion requests,
  • to comply with legal obligations,
  • to protect the rights, safety, and security of users, Leaflo, and others.

We do not currently use your data for:

  • third-party advertising,
  • cross-app tracking,
  • ad retargeting,
  • AI model training,
  • automated profiling for marketing.

5. Legal bases

Depending on where you are located, we may rely on one or more of the following legal bases:

  • performance of a contract — to provide the app and account features you request,
  • legitimate interests — to secure, maintain, and improve the service in a limited and proportionate way,
  • consent — where consent is required by law,
  • legal obligation — where we must keep or disclose certain information under applicable law.

6. Where data is stored

Leaflo uses a privacy-oriented storage model:

  • your note content is designed to remain primarily on your device,
  • login data, telemetry, and technical logs are stored on servers located in Germany,
  • current infrastructure is intended to use Hetzner-hosted servers in Germany for backend-related storage and processing.

Because Leaflo is available worldwide, your data may be accessed from different countries depending on how you use the service, your device, your email provider, or the app store you use.

If we ever transfer personal data outside the EEA where required, we will use an appropriate legal mechanism where applicable, such as standard contractual clauses or another valid transfer mechanism.

7. Sharing of data

We do not sell your personal data.

We may share limited personal data with service providers only where needed to operate Leaflo, for example:

  • hosting and infrastructure providers,
  • email delivery providers used for password reset or support,
  • authentication-related providers if social login is enabled in the future,
  • storage and CDN providers for non-note application assets.

We may also disclose data:

  • if required by law,
  • to respond to lawful requests,
  • to protect rights, safety, security, or prevent fraud or abuse,
  • in connection with a business transfer, merger, or similar transaction, if that ever happens.

8. Social login

At the time of this policy, social login methods such as Apple Sign-In or Google Sign-In are not described here as currently available user-facing login methods unless and until they are enabled in the released product.

If we enable them later, we may update this Privacy Policy accordingly.

9. Cookies and website tracking

The website at leaflo.app currently uses privacy-oriented website analytics to measure traffic and page usage.

Current intended approach:

  • analytics is used for product/website performance insights, not third-party advertising,
  • we do not use analytics for cross-site ad retargeting,
  • if we materially change tracking scope, or introduce non-essential cookies where consent is required, we will update this Privacy Policy and provide any required notice/consent mechanism.

10. Retention

We keep data only for as long as reasonably necessary for the purposes described in this Privacy Policy.

Current retention approach:

  • account data: until you delete your account or it is otherwise removed,
  • sync metadata (notes/meditations metadata and operation logs): while needed to provide and maintain cloud sync behavior, and generally until account deletion or service cleanup,
  • support communications: as long as reasonably necessary to handle the request and keep support records,
  • telemetry events: retained for up to 90 days (older telemetry is purged by scheduled backend retention jobs),
  • operational records and security logs: as long as reasonably necessary for service operation and security,
  • backups: may remain in rotating backups for up to 30 days before being overwritten.

If we no longer need data, we may delete it, anonymize it, or retain only what is legally required.

11. Account deletion and data deletion

You can request deletion of your Leaflo account and associated data.

Our intended launch-state process is:

  • an in-app delete account path,
  • identity verification or re-authentication before deletion,
  • deletion of the account and associated data without a soft-delete holding period,
  • deletion of telemetry linked to your account user ID and/or known device IDs associated with that account,
  • backups aging out through backup rotation.

Some information may be retained where required by law, needed for security, or still present in short-lived backup systems until rotation completes.

More details are available at leaflo.app/delete-account.

12. Your rights

Depending on your location, you may have the right to request:

  • access to your personal data,
  • correction of inaccurate personal data,
  • deletion of personal data,
  • export of certain data,
  • restriction or objection to some processing.

To make a request, email us at [email protected].

We may need to verify your identity before we process the request. We aim to respond within a reasonable time and, where applicable, within legally required deadlines.

13. Security

We use reasonable technical and organizational measures to protect data.

Examples include:

  • HTTPS in transit,
  • encrypted note storage on device,
  • keychain-based local security for app-side secrets,
  • hashed password storage on the server,
  • access controls for administrative systems,
  • rate limiting and related protective mechanisms.

No system is perfectly secure, and we cannot guarantee absolute security.

14. Third-party stores and platforms

If you download Leaflo through the Apple App Store or Google Play, those platforms may collect their own data under their own terms and privacy policies.

Their data practices are not governed by this Privacy Policy.

For App Store purchases, Apple may process purchase, account, billing, tax, refund, and payment-method data under Apple's own terms and privacy rules. Leaflo only processes the limited purchase-entitlement and product telemetry data described in this Privacy Policy.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may update the date above and take other reasonable steps to inform users where appropriate.

16. Contact

If you have questions, support requests, privacy requests, or deletion requests, contact:

Email: [email protected]

Operator: Nikolai Skorobogatko
Address: Belgrade, Serbia