Privacy Policy

Last updated: May 8, 2026

Effective date: May 8, 2026

This Privacy Policy describes how InnerBase ("the App", "we", "us", or "our"), published by Chongqing Walling Tech Co., Ltd. ("Walling Tech"), handles information when you use InnerBase on iPhone or iPad. We have designed InnerBase to be a private, on-device journal: by default, no diary content, conversation, voice recording, or behavioral data ever leaves your device.

If you do not agree with this Policy, please do not install or use the App.

1. Summary

We do not collect personal information. We have no server-side account system, no telemetry, no analytics, and no third-party tracking SDKs.
All journal entries, chat conversations, voice transcriptions, biometric settings, and AI-generated content stay on your iPhone or iPad.
The App makes a one-time outbound network request, on first launch, to download an AI model from our content delivery network. That request transmits only the standard information any HTTPS download requires (your device's IP address, requested URL, request headers). We do not log or retain it.
The only personally identifiable transaction we observe is your Apple-issued purchase receipt for the optional one-time "Lifetime Unlock" in-app purchase, which Apple — not us — processes.

2. Information We Do Not Collect

We do not collect any of the following:

Diary entries, drafts, mood, keywords, or summaries
Chat messages between you and the on-device AI
Voice recordings, microphone audio, or transcripts
Photos you select as diary backgrounds
Your name, nickname, pronoun, or any profile data you set inside the App
Device identifiers (IDFA, IDFV, UUIDs, MAC addresses)
Location data (GPS, cell, Wi-Fi, IP-derived)
Contacts, calendar, or other apps' data
Browsing or app usage history
Any analytics, crash logs, or behavioral telemetry

3. Information Stored Locally On Your Device Only

The following data is created and persisted entirely within your device's app sandbox. We have no access to it. We cannot read it, recover it, or transmit it. Reinstalling the App or deleting it removes this data.

Data type	Storage layer	Why it exists
Diary entries (title, summary, mood, keywords, photo background)	UserDefaults / FileManager (app sandbox)	Core journaling feature
Chat sessions and messages	UserDefaults (app sandbox)	Chat tab continuity
Voice transcription text	UserDefaults (only after you confirm a transcription becomes a diary draft)	Voice-to-text journaling
App lock passcode hash	iOS Keychain (`kSecAttrAccessibleWhenUnlockedThisDeviceOnly`)	App-level passcode lock
Biometric (Face ID / Touch ID) preference	UserDefaults	App-level biometric unlock
First-launch timestamp & lifetime unlock status (cached)	UserDefaults	Trial countdown and faster launch UI
AI model files	App-Support FileManager directory, excluded from iCloud backup	On-device inference
User interface language override	UserDefaults	Language preference

4. Permissions We Request

The App requests four iOS permissions, each used only as described below. All processing is on-device.

Face ID / Touch ID (NSFaceIDUsageDescription) — Used to unlock the App quickly when you have enabled the App lock. Apple's biometric framework returns only a yes/no result; we never see fingerprint or facial geometry data.
Microphone (NSMicrophoneUsageDescription) — Used to convert your speech to text inside diary entries. Audio is processed on-device by Apple's SFSpeechRecognizer with requiresOnDeviceRecognition = true. No audio leaves your device.
Photo Library (NSPhotoLibraryUsageDescription) — Used only when you tap "select a photo" while creating a diary entry. The selected photo is stored locally as part of that diary entry.
Speech Recognition (NSSpeechRecognitionUsageDescription) — Required by iOS in addition to microphone permission for the on-device voice-to-text feature described above.

You may revoke any of these permissions at any time in iOS Settings → InnerBase. The corresponding feature will simply stop working.

5. Outbound Network Activity

InnerBase makes one category of outbound network call: downloading the AI model file from our content delivery network on first launch.

Domain: cdn-sg.wallingtech.com (Apple-style HTTPS only, TLS 1.2 or higher)
Purpose: Fetch the AI model bundle suited to your device tier
Frequency: Once per install, plus update checks when a newer model is published

The CDN servers do not receive your name, your diary, your chat, your photos, your microphone audio, or any locally stored data. They receive only what every HTTPS request transmits: your IP address, the requested URL, and standard HTTP request headers. We do not maintain access logs that retain your IP address.

InnerBase does not:

Send any analytics, crash, or telemetry events
Use third-party analytics or attribution SDKs (no Firebase, no Mixpanel, no AppsFlyer, no Adjust, no Crashlytics, no Sentry)
Sync diary or chat content to iCloud or any other cloud
Use background fetch or background processing for any purpose other than continuing the model download

6. In-App Purchase

InnerBase offers a 7-day free trial of all AI features. After 7 days, AI features lock unless you purchase the one-time "Lifetime Unlock" in-app purchase. Diary reading and writing remain free.

The purchase is processed entirely by Apple's App Store. We do not see, receive, or store your payment information. We receive only an Apple-signed entitlement record indicating that your Apple ID owns the unlock. Apple's privacy practices apply to the purchase itself; see Apple's Privacy Policy at https://www.apple.com/legal/privacy/.

7. Children

InnerBase is not directed at, nor intended for use by, children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect any information from children. If you are a parent or guardian and believe your child has installed the App and provided information, contact us at the address below and we will take appropriate action — although, given that InnerBase collects no information server-side, in practice all data is already on the child's device and may be removed by deleting the App.

8. Your Rights (GDPR, CCPA, PIPL)

Because we do not collect personal information server-side, most data-subject rights (access, rectification, erasure, portability) apply only to the data on your own device. You may exercise those rights at any time by:

Editing or deleting individual diary entries within the App
Tapping Settings → Delete all local data to wipe every piece of locally stored data
Uninstalling the App, which removes the entire app sandbox

If you believe we are processing personal information about you in any other way and wish to exercise rights of access, rectification, erasure, restriction, portability, or objection under the European Union General Data Protection Regulation, the California Consumer Privacy Act, or the People's Republic of China Personal Information Protection Law, contact us at privacy@wallingtech.com.

9. Security

We follow the platform's recommended practices: passcode hashes are stored in iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly, all network traffic is HTTPS-only, model files are excluded from iCloud backup. The most robust security here is structural: there is no server holding your data to be breached.

10. Changes To This Policy

We may update this Privacy Policy when we add features or to comply with legal requirements. The "Last updated" date at the top reflects the most recent version. Substantive changes will be notified inside the App before they take effect.

11. Contact

Questions about this Privacy Policy can be sent to:

Chongqing Walling Tech Co., Ltd.

Email: privacy@wallingtech.com

Web: https://i.wallingtech.com/privacy