← Mulu

Privacy Policy

Last Updated: March 22, 2026

Mulu ("we," "our," or "the App") is a journaling and mindfulness application developed by Aleksandr Borisov. We are committed to protecting your privacy and being transparent about how we handle your data.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data. By using Mulu, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

When you use Mulu, you may provide the following information:

  • Profile information: Your name, date of birth, and gender (provided during onboarding)
  • Journal entries: Your written reflections, mood ratings, and emotional descriptions
  • Mood data: Mood-before and mood-after scores recorded with each journal entry
  • Preferences: Journal reminder time, snooze duration, writing goal length, selected theme
  • App blocking selections: The apps and app categories you choose to block (stored as opaque tokens — we never see the actual app names)
  • Feature requests: Ideas and votes you submit through the Feature Requests section
  • Signature: A visual commitment signature drawn during onboarding

1.2 Information Collected Automatically

When you use the App, certain information is collected automatically:

  • Usage analytics (PostHog): We track anonymized usage patterns such as which onboarding steps you complete, journal completion rates, and feature engagement. This helps us understand where users encounter difficulties and improve the App experience.
  • Device information: Device model, operating system version, app version, and language settings — collected as part of standard analytics.
  • Subscription data (RevenueCat): Purchase status, subscription type, and transaction identifiers are processed by RevenueCat to manage your subscription.
  • Application lifecycle events: App opens, background transitions, and session duration.

1.3 Information Stored Locally on Your Device

The following data is stored exclusively on your device and is never transmitted to our servers:

  • All journal entries, mood data, and personal reflections
  • Your profile information (name, date of birth, gender)
  • Streak history, settings, and preferences
  • Signature image
  • Voice recordings (processed on-device for speech-to-text, then immediately discarded — only the transcribed text is saved locally)
  • App blocking selections and Screen Time data

2. How We Use Your Information

  1. Providing the service: Storing your journal entries, tracking streaks, managing app blocking, and delivering personalized journal prompts.
  2. Improving the App: Analyzing anonymized usage patterns to understand user behavior, identify issues, and improve the onboarding experience and overall functionality.
  3. Managing subscriptions: Processing and verifying premium subscription purchases through RevenueCat and the Apple App Store.
  4. Community features: Enabling the Feature Requests system where users can submit and vote on ideas (stored in Apple CloudKit).
  5. Notifications: Sending local push notifications to remind you to journal at your chosen time.
  6. AI-powered prompts: Generating personalized journal questions using the Claude API (Anthropic). Only your onboarding preferences — not your journal entries — are used to generate questions.

3. Third-Party Services

Mulu integrates with the following third-party services, each with their own privacy policies:

ServicePurposeData Shared
RevenueCatSubscription managementPurchase transactions, subscription status
PostHogProduct analyticsAnonymized usage events, device info
Apple CloudKitFeature requests storageFeature request titles, descriptions, votes
Anthropic Claude APIAI journal prompt generationOnboarding preferences (no journal content)
Apple App StoreApp distribution & purchasesStandard App Store data
Apple Screen Time APIApp blocking functionalityOpaque app tokens (no app names or usage data leaves the device)
Apple Speech FrameworkVoice-to-text transcriptionAudio is processed entirely on-device; no audio data is transmitted

4. Data Retention

  • Local data (journal entries, profile, settings): Retained on your device until you delete the App or clear its data. You can archive or permanently delete individual entries within the App at any time.
  • Analytics data (PostHog): Anonymized event data is retained for up to 12 months, after which it is automatically purged.
  • Subscription data (RevenueCat): Retained for the duration of your subscription and in accordance with RevenueCat's data retention policy.
  • Feature requests (CloudKit): Retained in Apple's CloudKit infrastructure until you delete them or the feature is discontinued.
  • AI prompt data (Anthropic): Requests to the Claude API are not stored by Anthropic beyond the processing window, as per their data retention policy.

5. Data Security

We take the security of your data seriously:

  • Local encryption: Journal entries and personal data are stored in the iOS app sandbox, protected by the device's built-in encryption.
  • Transit encryption: All network communications use HTTPS/TLS encryption.
  • No central database: Your personal journal data never leaves your device. There is no central server storing your entries.
  • Minimal data collection: We follow the principle of data minimization — we only collect what is necessary to provide and improve the service.
  • Screen Time data isolation: App blocking uses Apple's opaque token system, meaning we never have access to the names of blocked apps or any Screen Time usage data.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: You can view all your data directly within the App (journal entries, profile, settings).
  • Export: Premium users can export their journal data in JSON or CSV format.
  • Deletion: You can delete individual entries (archive or permanent delete), or delete all data by uninstalling the App.
  • Opt-out of analytics: You can request to opt out of PostHog analytics by contacting us.
  • Notification control: You can enable or disable push notifications at any time through iOS Settings or within the App.
  • Subscription management: You can manage or cancel your subscription through the Apple App Store.

For EU/EEA Residents (GDPR)

If you reside in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data.
  • Right to portability: Receive your data in a structured, commonly used format.
  • Right to restrict processing: Request limitation of how we process your data.
  • Right to object: Object to the processing of your data for specific purposes.

To exercise any GDPR rights, please contact us at support@alexanderosso.com with the subject line "GDPR Request." We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

7. Children's Privacy

Mulu is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will take steps to delete such information.

Users between 13 and 18 years of age should use the App with parental or guardian consent.

8. Push Notifications

Mulu uses local push notifications only to remind you to journal at your scheduled time. These notifications are:

  • Generated entirely on your device
  • Not sent through any external push notification service
  • Fully customizable (time, on/off) within the App and iOS Settings

We do not use push notifications for marketing or promotional purposes.

9. Voice Recording & Speech Recognition

When you use the voice journaling feature:

  • Audio is captured by the device microphone and processed entirely on-device using Apple's Speech Recognition framework.
  • The audio is converted to text in real-time and is immediately discarded after transcription.
  • No audio recordings are stored, transmitted, or shared with any third party.
  • Speech recognition uses the language set on your device.

10. App Blocking & Screen Time

Mulu uses Apple's Screen Time API (FamilyControls framework) to block distracting apps:

  • You select which apps to block through Apple's standard app picker.
  • App selections are stored as opaque tokens — we cannot see or access the actual names of your apps.
  • Screen Time data never leaves your device.
  • All blocking logic runs locally on your device.
  • You maintain full control: you can modify blocked apps, use snooze, or perform an emergency unlock at any time.

11. Cookies & Tracking

  • Mulu does not use cookies.
  • Mulu does not use advertising trackers or share data with ad networks.
  • Mulu does not track you across other apps or websites.
  • We do not use IDFA (Identifier for Advertisers).
  • PostHog may use similar technologies for analytics purposes within the App only.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • The "Last Updated" date at the top will be revised.
  • For material changes, we will notify you through an in-app notice.
  • Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We aim to respond to all inquiries within 30 days.