Private by design.

What we collect

Nothing about you as a person. Tessera has no servers of its own, no analytics SDKs, no crash reporters, no advertising identifiers, no newsletters, and no accounts. We do not see your memories, metadata, search queries, device identifiers, IP address, or usage patterns.

The one exception is purchase state. When you subscribe or buy the lifetime license, Apple's StoreKit framework tells your copy of Tessera whether you have an active entitlement — enough to unlock the paid surfaces. That verification happens on your device, against a transaction Apple has cryptographically signed; we never receive your payment details, your Apple ID, or your transaction history, and we never send this information off your device.

Subscriptions and in-app purchases

Billing is handled entirely by Apple. You can review, change, or cancel your subscription at any time in Settings → Apple ID → Subscriptions on iOS, or System Settings → Apple ID → Media & Purchases on Mac. Refunds are requested through Apple, not us.

If your subscription lapses, Tessera enters a read-only state: every memory you've ever written stays visible, and the Export action in Settings continues to work so you can take your library with you. We do not hold your writing hostage behind a renewed payment.

Where your memories live

Memories, eras, tags, and moods are stored locally on your device and — if you are signed in to iCloud and have iCloud Drive enabled for Tessera — mirrored to your private iCloud database. This is the same Apple-run, end-to-end encrypted storage that backs Health, Notes, and Messages in iCloud. Little Lumen Labs has no access to it.

Who can read your data

Only you, on devices signed in to your Apple ID, after passing the lock screen you configure (Face ID, Touch ID, or device passcode). Your writing is never read, indexed, analyzed, or used to train any model.

Biometric authentication

When you enable the lock screen, Tessera asks iOS or macOS to verify your face, fingerprint, or passcode. Biometric data never leaves the Secure Enclave; the app only receives a pass/fail result.

Notifications

If you opt in to gentle reminders to reflect or write, those notifications are scheduled locally on your device using Apple's notification framework. They are not sent through any server.

Export and deletion

You can export every memory to a folder of Markdown files at any time, with no prompts or upsells. Deleting the app removes the local copy; deleting the CloudKit data from Settings → Apple ID → iCloud → Manage Storage → Tessera removes the synced copy permanently.

Third parties

None. Tessera uses only first-party Apple frameworks and Apple's CloudKit for sync. There are no third-party SDKs.

Children

Tessera is a private journaling tool intended for personal use. It does not knowingly collect information from anyone, which includes children under 13.

Changes to this policy

If we ever change how Tessera handles your data, we will update this page and note the change in the app's release notes before the change takes effect.

Contact

Questions or concerns? Write to privacy@littlelumenlabs.com.