Your sketches. Your data.

When you sign up: an email address and a hashed password. Firebase Authentication handles the password — we never see the raw value.

Your profile: a handle (the @username), display name, optional bio, an avatar image you upload (or a generated illustration if you don't), plus follower/following counts and a count of sketches you've submitted.

Each sketch: the image you upload, an optional caption, which prompt it answers, who liked it, and any comments or replies. These are deliberately public — the whole point of the gallery is that others can see them.

Your interactions: bookmarks, likes, follows, comments, replies. Each is a tiny document that links your user id to whatever you interacted with.

Light technical: an httpOnly session cookie called diurnal_session that keeps you signed in between visits. That's the only cookie we set.

No analytics. We don't run Google Analytics, Plausible, Posthog, Mixpanel, or anything in that family. Page views aren't tracked.

No advertising. There are no ad networks integrated. We don't sell, rent, or share your data with marketers — there's nobody to share it with.

No third-party trackers, pixels, or session replay tools.

No precise location. Your IP address is briefly visible to the hosting infrastructure (Google Cloud) for serving pages and rate limiting, but we don't store it long-term.

No data harvested for AI training. The daily prompts come from Google's Gemini model running in our backend; it generates a prompt with no input about you.

Firestore (the database) and Cloud Storage (your sketch and avatar files) are configured in the eur3 multi-region — physically in Belgium and the Netherlands.

Firebase Authentication runs on Google's global infrastructure; that's the only piece that isn't EU-scoped.

Google Cloud is a sub-processor under their standard data-processing terms. They don't access your data for their own purposes.

Diurnal itself is a one-person project. There are no other internal teams, no contractors with database access, no sales or marketing org.

Export: download a JSON file containing everything we have on you — your profile, sketches, interactions, follow graph. Available from Settings → Privacy.

Delete (hard): permanently remove your account, profile, sketches, and all associated data. Cannot be undone. Available from the same Settings panel with a typed confirmation.

Delete (anonymise): keep your sketches in the public gallery but remove your name, email, and identifying details. Useful if you want your contributions to stay but don't want to be findable.

Update: change your handle, display name, bio, or avatar from Settings whenever you like.

If any of these don't work for you, email and we'll handle it manually within a few days.

Account data: until you delete your account. We don't proactively expire inactive accounts (yet — if we add that, you'll get an email first).

Server logs: a few days, then rotated out by Google Cloud's defaults.

Deleted accounts: hard-deleted data is gone from our active databases immediately. Google Cloud may retain encrypted backups for up to 30 days under their standard retention; we can't force-purge those.

For account essentials only: sign-in confirmation, password reset, and account-deletion confirmations. These come through Firebase Authentication on our behalf.

We don't run a marketing newsletter. If we ever launch one, it'll be opt-in with a clear unsubscribe in every message.

Questions, complaints, or rights requests: hello@diurnal.app.