Your story lives in your vault, not ours.
LifeCharted is built on the principle that your life data belongs to you — and nobody else. Here's exactly what that means in practice.
Our privacy commitments
Everything you add to LifeCharted is private unless you actively choose to share it. No event, chapter, or document is ever visible to anyone else without your explicit action. Sharing controls are per-event and per-document.
We have no advertising business model. Your data is never sold to third parties, never used for ad targeting, and never used to build audience segments. We make money when you find value in the product — full stop.
Every AI feature in LifeCharted is optional. When you use one, the relevant data from your account is sent to our AI provider (Anthropic's Claude) to generate your response. Your data is never used to train AI models. If you don't use AI features, your data never touches an AI system.
Your life history belongs to you. You can download a full export of your data at any time — events, people, relationships, everything — in open formats. We will never lock you in or make it difficult to leave.
You have the right to access your data, correct it, and delete it entirely at any time — directly from your account settings. Cookie consent is managed before any tracking occurs. We do not use dark patterns to obscure your choices.
All data is encrypted in transit over HTTPS. Data at rest is stored in encrypted Postgres databases (Supabase) with row-level security policies — meaning your data rows are isolated from other users at the database level, not just at the application level.
How your data is stored
LifeCharted stores your data in a Postgres database hosted on Supabase — a platform built on open-source software with strong data residency and encryption standards. Here's how the architecture protects you:
- Row-level security (RLS) policies enforce that no user can read another user's data — even if the application layer had a bug.
- All data in transit is protected by HTTPS/TLS. Data at rest is encrypted by the database host.
- Photos are stored in an isolated storage bucket with access tokens that expire. No photo URL is guessable.
- Share links use cryptographically random tokens. Expired or revoked shares return nothing — the URL stops working.
- We use privacy-respecting analytics (Google Analytics) that only load after you give explicit cookie consent. We collect anonymous usage events — no session replay, no behavioral profiling, no advertising pixels. If you decline cookies, no analytics code runs at all.
Ready to chart your story safely?
Read our full privacy policy, or join the beta and see for yourself.