Privacy Policy for Waylet
Last updated: June 23, 2026
Waylet ("the app", "we", "us") is a personal art-journaling app made by the Seahorse Emoji project. This policy explains, in plain language, what data the app handles, what stays on your device, what is sent off your device, and who it goes to.
If you have any questions, contact us at seahorseemoji@gmail.com.
The short version
- Your journal is stored on your phone. There are no accounts and no cloud copy — your entries live on your device. In particular, your photos, your written notes, and your entry timestamps never leave your device.
- We don't use GPS or read your photos' location data. Waylet does not request location permission, use GPS, or read location (EXIF) data from your photos. Our analytics provider does estimate a coarse, city-level location from your IP address — see "What leaves your device" below.
- Some details do leave your device so the app can work and so we can understand how it's used — including the artwork title, artist, and tag labels you record (including any custom tags you create), the museum-label text you scan, and your display name if you enter one. This is described in full below.
- No sign-up. We do not collect your email, phone number, or contacts.
What stays on your device
Your entire journal is stored locally on your device. The following are stored only on your device and are never sent anywhere:
- Photos you take or choose for your journal entries.
- Your notes / reflections — the free text you write about each artwork.
- Your entry timestamps.
The complete record of each entry also lives on your device and is removed when you delete the entry or uninstall the app. Some individual fields from your entries — the artwork title, artist, and tag labels — are also copied to our analytics service, as described under "What leaves your device" below.
Text recognition (reading the text off a museum label photo) runs on your device. The photo itself is never sent anywhere as part of this.
You can export your full journal — entries and photos — as a backup file from within the app. That file is created on your device and only goes where you choose to send it (for example, saving it to your files or sharing it).
What leaves your device, and why
To identify artworks and to improve the app, a limited set of data is sent off your device:
1. Museum-label text (to identify an artwork)
When you scan a museum label, the app reads the text on your device and sends only that text (not the photo) to our backend server, which forwards it to Anthropic (the Claude AI service) to parse out the title, artist, and year. The label text is subject to Anthropic's data-handling policies. The photo of the label never leaves your device.
2. Usage and diagnostic analytics
We use PostHog (a product-analytics service, hosted in the United States) to understand how the app is used and to catch crashes. Analytics events include:
- Actions you take — e.g. capturing a photo, scanning a label, creating an entry, applying a filter — along with basic context like whether a photo came from the camera or the gallery, and counts (such as how many tags an entry has).
- Some text you enter or scan. To be transparent: certain events include the artwork title, the artist name, and the tag labels associated with an entry — including any custom tags you type yourself — as well as the museum-label text that was parsed. Your written notes/reflections are not sent.
- Your display name, if you provide one during onboarding. It is stored on your device and a copy is also attached to your analytics profile so your activity can be grouped together.
- A device identifier (a per-device ID generated by your operating system, or a random ID we create) used to group your events and to apply fair usage limits to the label-scanning service.
- An approximate, city-level location. PostHog estimates a coarse location from your IP address and attaches it to your analytics profile. This is not GPS and is not precise — it's the same kind of IP-based estimate any website can make.
- Crash and error reports, including error messages and technical details that help us fix problems. These may occasionally contain text related to the action that failed.
- Standard technical information automatically collected by analytics: your device type, operating system and version, app version, and language.
We do not record your screen, and we do not use session replay or heatmaps.
3. Network metadata
Our backend is reached through Cloudflare and hosted on DigitalOcean. As with any internet service, these providers process standard request metadata (such as your IP address) to route and protect traffic. Our backend uses your IP address to route requests, protect the service, and apply rate limits, and does not keep it in a user database. Separately, our analytics provider uses your IP address to estimate the coarse, city-level location described above.
Permissions the app asks for
- Camera — to photograph artworks and museum labels.
- Photo library — to let you choose existing photos for your entries.
That's it. Waylet does not request location, microphone, contacts, calendar, or notification permissions.
How long data is kept
- On-device data stays until you delete the entry or uninstall the app. Uninstalling removes your local journal (there is no cloud backup, so export first if you want to keep it).
- Analytics data is retained by our analytics provider (PostHog) under its retention settings. Label-parsing text is sent to Anthropic to parse and is subject to Anthropic's data-handling policies. We do not maintain our own long-term database of your entries.
Third parties we share data with
| Provider | What they receive | Purpose |
|---|---|---|
| Anthropic | Museum-label text (no photos) | Parse artwork title / artist / year |
| PostHog | Usage events, the text described above, device ID, display name, approximate (city-level) location from IP, crash reports, device/app info | Product analytics and crash reporting |
| Cloudflare | Request metadata (incl. IP) | Routing and protecting the backend |
| DigitalOcean | Server-side request data | Hosting the backend |
We do not sell your data, and we do not use it for advertising.
Your choices
- Don't scan labels if you'd prefer not to send label text off-device; you can still type artwork details in manually.
- Export and back up your journal at any time from within the app.
- Delete entries within the app, or uninstall to remove all local data.
Children
Waylet is not directed at children under 13, and we do not knowingly collect data from them.
Security
Data sent off your device travels over encrypted HTTPS connections. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect the limited data we handle.
Changes to this policy
We may update this policy as the app evolves. Material changes will be reflected by updating the "Last updated" date above.
Contact
Questions, requests, or concerns: seahorseemoji@gmail.com