Back to Sanctuary

Trust

Privacy Policy

Last reviewed: June 2026

DRAFT. This document describes how Sanctuary actually operates today. It has not yet been reviewed by qualified legal counsel and is not a substitute for legal advice. Review with counsel before relying on it at public scale.

Sanctuary is built so you can be honest without being identified. This page explains what we collect, how it is stored, who can see it, and how to ask us to delete it.

What we collect

Account information

When you sign up we store the email address you use to sign in, an opaque user id assigned by our authentication system, and an optional display name and avatar. We do not collect your real name, address, or date of birth.

Voice recordings

When you record a voice confession, voice note, or voice letter, the audio is stored in a private storage bucket. The file path begins with your opaque user id so the system knows you authored it, but no other user can see the path, your id, or any link between the recording and you. Voice content is served only through short-lived signed URLs created by a server function that re-checks permission for each request.

Voice letters

Voice letters are private by default. You can mark a letter as shared anonymously, in which case it becomes eligible to appear in the Library and Radio without your identity attached. You can revoke this at any time from the letter's page.

Prayer submissions, vents, and confessions

These are stored under your account so we can let you edit or delete them, but the public views that the rest of Sanctuary reads from do not expose author ids. Prayer candle totals are never returned to clients. We do not show like counts, reaction counts, or popularity rankings for any of this content.

Journal entries and Ask reflections

Journal entries and personal Ask Sanctuary reflections are owner-only. They are never shared, never indexed by search, and never used to train any model.

Anonymous participation

Several surfaces — Vent Wall, Voice Confessions, anonymously shared Voice Letters, prayer companion responses — are designed so that even we cannot easily attribute a single contribution to a real person through normal application use. The only path back to an author goes through a deliberate admin action with an audit log.

AI companion interactions

When you talk to the Aura Companion or Ask Sanctuary, your prompt is sent to a third-party language model provider through the Lovable AI gateway. We send your message and the assistant persona. We do not include other users' content, your journal, your voice letters, or your private reflections in the prompt. Your conversations are stored under your account so you can return to them; they are not used to fine-tune any model.

Search behavior

Search only queries content that is already public to signed-in users (shared prayers, shared voice notes, anonymously shared voice letters, published library entries, public vents). It cannot surface drafts, private letters, journal entries, or admin-only content.

Audio storage

All audio buckets are private. Direct file listing is disabled for everyone except administrators. Playback always goes through a server function that mints a signed URL valid for at most ten minutes.

How long we keep it

Active account data is kept while your account exists. When you delete content, the underlying audio file is removed from storage in the same operation; we do not retain a hidden copy. Server access logs are kept for up to 30 days for security investigations and then discarded.

Data deletion requests

You can delete any individual recording, letter, prayer, or journal entry from inside the app. To delete your entire account and all associated content, email us from the address on the account. We respond within 30 days. Once we confirm, the deletion is permanent and cannot be reversed.

Who can see what

  • You can see everything you have created.
  • Other signed-in members can see content you have explicitly shared.
  • A small number of administrators can see private content only when investigating a safety report. Every such read is recorded in an immutable moderation log.
  • We never sell, rent, or transfer your content to advertisers or data brokers. Sanctuary has no advertising.

Security practices

  • All traffic is encrypted in transit.
  • Audio and media buckets are private with row-level access rules.
  • Sensitive operations (admin actions, payment webhooks) are gated by server-side checks, not by anything the browser claims.
  • We follow a documented incident-response runbook and keep automated daily backups of the database.

Children

Sanctuary is not designed for people under 16. If you believe a child has created an account, contact us and we will remove it.

Changes to this policy

If we change how Sanctuary handles your data, we will update this page and surface the change inside the app before it takes effect.

Contact

Privacy and deletion requests: hello@auraversesanctuary.life.