Privacy Policy

Privacy Policy

The operator of Unsent Diary (the "Operator") sets out the following Privacy Policy (the "Policy") regarding the handling of personal information of users in the service "Unsent Diary" (the "Service").

1. Private by design

The Service is a private place for the user's own words. It is not designed for evaluation or distribution. The Operator does not view, publish, or provide the user's diary or memory content to any third party — including AI training datasets — without the user's consent.

2. Information we collect

  • Authentication data: identifier (LINE ID, Google sub), display name, profile image obtained via the user's chosen sign-in provider.
  • Usage data: text (diaries, memories) and images uploaded by the user.
  • Access logs: usage information, IP address, browser metadata.

We do not collect government-issued IDs, payment card data (PCI), protected health information (PHI), credentials, or perform behavioral profiling for advertising.

3. How we use it

  1. Operating, providing, and authenticating the Service.
  2. Reflective notifications (Memory Notification) that surface the user's own past entries.
  3. Executing features the user has explicitly enabled, including external AI integrations (ChatGPT Apps SDK / MCP, Claude MCP).
  4. Responding to user inquiries.
  5. Improving the Service and investigating system issues.

4. ChatGPT / external AI integration

When the user connects Unsent Diary as an App inside ChatGPT (or another MCP host such as Claude), the user's diary text — including full content of entries returned by analysis tools — is transmitted to the AI host (e.g. OpenAI) only in response to the user's own actions inside that host (saving an entry, asking for a list, or requesting an analysis).

The user can disconnect the integration at any time from the AI host's settings. Disconnection revokes the OAuth token and stops further data transmission. Diary content already transmitted in past sessions is governed by the AI host's privacy policy.

5. Third-party disclosure

The Operator does not provide personal information to third parties without the user's consent, except:

  1. When the user has explicitly enabled an external integration (ChatGPT Apps SDK / MCP) and authorized it to read or write data.
  2. When necessary to protect a person's life, body, or property.
  3. When required by law.

6. Storage and retention

  1. Data is stored in a secure database and cloud object storage (Cloudflare R2).
  2. When the user deletes their account, the Operator immediately and permanently deletes the user's data (diaries, images, integration links). There is no retention period after account deletion.
  3. Operational logs are retained for up to 90 days for incident investigation and then deleted.

7. User rights (GDPR / CCPA)

Users in the European Economic Area (GDPR) and California, USA (CCPA / CPRA) have the right to access, correct, export, or delete their personal information, and to withdraw consent at any time. To exercise these rights, contact the address below. We respond within 30 days. We do not sell personal information.

8. Pricing

Unsent Diary is currently free for all users with no usage limits. There is no subscription, no in-app purchase, and no advertising network.

9. Contact

For questions about this Policy, please contact:
Email: support@unsent.jp

Effective date: April 25, 2026