technical transparency

how your private journals are protected

when you save a journal entry privately (without sharing), it's encrypted using fernet symmetric encryption before being stored in the database.

what this means:

• your journal content is scrambled into an unreadable format
• only you can read it when logged in (we decrypt it for you)
• admins cannot read your private journals—they only see encrypted gibberish
• even with database access, your entries are protected

technical details:

• encryption: fernet (AES 128-bit in CBC mode with PKCS7 padding)
• key storage: server environment variable (not in database)
• implementation: python cryptography library
• code location: backend/services/encryption_service.py

what's NOT encrypted:

• public posts (shared anonymously—visible to community)
• your email address (needed for login)
• your three-word identity (public)
• metadata (timestamps, session counts)

what happens when you click "analyze"

1. your content is sent to anthropic's claude api

when you click analyze, your journal content is sent to anthropic's servers. per their policy, data is retained for 30 days for trust & safety, then deleted.

2. claude analyzes based on your chosen intent

we have 7 different prompt modes:

• processing - helps you see what you might not be seeing
• agreeing - validates your perspective while adding depth
• challenging - offers respectful alternative perspectives
• solution - helps you understand what made it work
• venting - validates without agreeing with every thought
• advice - helps clarify the actual question
• reflecting - helps you see progress you might miss

3. safety check runs automatically

claude checks if your content is safe to share publicly. it rejects if:

• contains identifying information (names, company names, locations)
• contains harmful content (threats, self-harm, abuse)
• shows signs of mental health crisis (suggests professional help)
• is purely rage without insight
• would violate someone else's privacy

4. suggested post is always created

even if safety check fails, claude creates an anonymized version you can edit and share. this removes identifying details while preserving emotional truth.

what claude does NOT see:

• your email address
• your user id
• your three-word identity
• any other journal entries you've written

prompt caching for cost efficiency:

we use anthropic's prompt caching to cache our master system prompt. this reduces api costs by 90% on repeated requests. the master prompt defines claude's personality and values—it never changes between analyses.

view all prompts in the codebase:

how we find similar posts

when you search or view a post, we use vector embeddings to find similar content.

how it works:

• when a post is published, we send it to openai's embedding api
• openai returns a 1536-dimensional vector (array of numbers)
• this vector represents the semantic meaning of the post
• we store it using postgresql's pgvector extension
• when you search, we compare vectors using cosine similarity
• posts with similar meanings appear in results

what openai sees:

• only the PUBLIC post content (not private journals)
• data retained for 30 days per openai policy
• no user information, just text

✓ admins CAN see:

• public posts (same as any user)
• application submissions (email, what you're building, why you want to join)
• flagged posts and comments
• aggregate analytics (total builders, sessions, posts)
• your email address (needed for approvals)
• your three-word identity (public)

✗ admins CANNOT see:

• your private journal entries (encrypted—even with database access)
• your otp login codes
• individual reading or browsing behavior
• which posts you've reacted to or commented on (unless they check each post)
• your ai analysis content (private reflection)

admin capabilities:

• approve/reject applications
• delete public posts that violate community guidelines
• view platform analytics
• search users by email or identity (for moderation)

what we track (aggregate only)

• api token usage - daily input/output tokens, cache hits, costs
• builder growth - new signups per day, total builders
• session activity - writing sessions completed per day
• post creation - public posts shared per day

what we do NOT track

• individual user behavior (no per-user analytics)
• reading patterns (which posts you view)
• ip addresses (not stored)
• device fingerprints
• time spent on pages
• click patterns

view analytics code:

where your data lives

• database - postgresql on neon.tech (encrypted at rest)
• anthropic - journal content sent for analysis (30 day retention)
• openai - post content for embeddings (30 day retention)
• sendgrid - email delivery for otp codes (not stored)

retention policy

• encrypted journals: stored until you delete them
• public posts: stored indefinitely (you can delete anytime)
• applications: stored for admin review
• analytics: aggregate metrics stored indefinitely
• otp codes: deleted after 10 minutes or use

your rights

• delete your account anytime (contact us)
• export your data (contact us)
• delete individual journal entries or posts
• reset your three-word identity once

the entire letsfindsanity codebase is open source under the MIT license. this means you can:

• audit every line of code
• verify encryption implementation
• review ai prompts
• fork and customize for your own use
• contribute improvements
• use commercially

repository

github.com/tejassudsfp/letsfindsanity

built with claude code 1.0

if something isn't clear or you want more technical details, we're here to help.

• email: fred@letsfindsanity.com
• github issues: report issue
• github discussions: ask questions

transparency isn't optional—it's foundational to trust.