Last updated May 24, 2026
Your journal is private by design. Here's how we keep it that way.
Every record is scoped to its owner with row-level security at the database — your queries can only ever return your own data. Shared views (like a cohort mentor's read access) are explicit and opt-in.
Chart screenshots live in a private storage bucket. They're never public — the app serves them through short-lived signed links generated only for you.
All traffic is over TLS. Data is encrypted at rest by our infrastructure providers (Supabase, Vercel). Privileged keys are server-only and never exposed to the browser.
Card details are handled entirely by Stripe — Tapeline never sees or stores your card number.
Found a vulnerability? Please email security@tapeline.app with the details before disclosing publicly. We'll acknowledge and work with you to fix it.
This is a plain-language starting template, not legal advice. Have it reviewed by counsel before you rely on it. Questions: support@tapeline.app.