The Reflect app: an AI diary that encrypts everything, with a free tier that actually includes the privacy features.

Reflect is a diary app — not a note-taking app, not a productivity tool, not a habit tracker. it's a private digital diary with an AI layer. this page covers what the app does, how the encryption works, what the AI actually does, how it compares to alternatives, and what the honest limitations are.

What Reflect is (and what it's not)

Reflect is a private diary app. you write entries, they're encrypted on your device, they sync across your devices (also encrypted), and an optional AI layer surfaces patterns and insights across your history. that's the core product.

it's not a note-taking app. it's not a task manager. it's not a mood tracker that replaces text (that's Daylio). it's not a therapy tool that has a therapist AI respond to everything you write (that's Rosebud). it's a diary — a place to write about your life — with encryption and AI built into the architecture from the start rather than bolted on later.

the product philosophy is: your diary should be the one place you write the honest version of what's happening, without filtering for an audience. that requires genuine privacy — not just a passcode over a plain-text database, but actual cryptographic protection that means even the company can't read your entries. and it should be able to do things a paper diary can't: search across years of writing, surface patterns you'd never notice manually, and let you talk into your phone when you can't type.

The free tier: what you actually get without paying

the free tier of Reflect is the complete private diary. specifically:

unlimited entries. no entry limits, no character limits, no monthly caps. write as much as you want.

AES-256-GCM encryption. every entry is encrypted on your device before being stored or synced. the encryption key lives in your device's secure hardware and never leaves your phone. this is not a premium feature — it's the default for every entry on every tier.

Face ID / Touch ID / passcode lock. the app locks behind biometrics or your passcode. separate from encryption — even if someone bypassed the app lock, the entries are still ciphertext.

photo attachments. add photos to entries. photos are also encrypted before storage.

mood tracking. log your mood with each entry and track it over time on a calendar view.

multi-device sync. your encrypted entries sync across multiple devices. the sync is device-to-device ciphertext — Reflect's servers never have the plaintext.

calendar view. see your entry history on a calendar, navigate to any date.

search. search across all your entries. (search works on-device against decrypted text — the search query doesn't go to a server.)

encrypted backup and restore. back up to the cloud and restore on a new device using your recovery code. V2 backups use Argon2id key derivation so the backup is zero-knowledge — Reflect can't read it even if they have the backup file.

no ads. no selling of your data. no trial period — this is the permanent free tier.

The AI subscription: what you get by paying

the AI features are the paid layer. here's what the subscription adds:

pattern insights. after you've accumulated entries, Reflect analyzes patterns across your writing history — what themes recur, how your mood correlates with what you're writing about, what topics appear when you're feeling a certain way. these surface as weekly insight summaries and individual observations in the app.

personalized prompts. instead of generic journaling prompts, Reflect generates them based on what you've actually been writing about. if you've mentioned a specific situation, project, or relationship recently, the prompt references it. this dramatically reduces the blank-page problem.

voice transcription. record a voice memo, Reflect transcribes it into a text entry using Gemini's voice recognition (more accurate than device-native dictation for diary-style speech). the transcribed entry is stored encrypted the same way text entries are. useful for capturing thoughts when you can't type.

weekly AI summaries. a weekly summary of what you wrote, patterns Reflect noticed, and what might be worth reflecting on. arrives as a notification that opens into the summary entry.

all AI features go through Reflect's server-side proxy, which strips PII (names, locations, identifying details) before the request reaches Gemini. the AI never receives your raw encrypted entry text — it receives a de-identified version of your writing patterns.

How the encryption actually works

this section is for users who want to verify the claims rather than take them on faith.

cipher: AES-256-GCM. authenticated encryption — it encrypts the data and also produces an authentication tag that detects any tampering. used in military, financial, and national security systems worldwide.

key derivation: the master key is a 256-bit random key generated on first launch and stored in the iOS Keychain (backed by the Secure Enclave hardware) or Android Keystore. entry-level encryption keys are derived from the master key using HKDF (HMAC-based Key Derivation Function) with per-entry salts. this means each entry has a unique derived key — compromising one key doesn't compromise others.

where encryption happens: on your device, before anything is written to disk or sent over the network. Reflect's servers receive and store ciphertext. they cannot decrypt it because they don't have the master key.

cross-device backup (V2): V2 backups use a different key hierarchy designed for cross-device restore. a random 32-byte Data Encryption Key (DEK) is generated at backup time. the DEK is wrapped (encrypted) with a Key Encryption Key (KEK) derived from your recovery code using Argon2id — the Password Hashing Competition winner, designed to be computationally expensive enough to resist brute-force attacks on the recovery code. the wrapped DEK, KDF salt, and a key fingerprint are stored in the backup metadata. to restore on a new device, you enter your recovery code, Reflect re-derives the KEK, unwraps the DEK, and decrypts your entries. Reflect never receives or holds the recovery code, the KEK, or the unwrapped DEK.

audit: the encryption architecture has been through a formal 30-finding security audit. all findings were resolved. for users who want specifics, the audit covered encryption, key management, API security, backup/restore, and the AI privacy proxy.

How the AI privacy layer works

the tension at the center of "private diary with AI" is this: useful AI requires the AI to see your entries. but if the AI sees your entries, and it runs on a cloud server, then your private diary is passing through cloud infrastructure in a readable form. most apps resolve this by choosing one side — either skip AI (Apple Journal) or accept that entries go to an AI cloud (Day One, Journey, Rosebud).

Reflect's approach: a server-side proxy sits between your entries and Gemini. before any AI request reaches the AI model, the proxy runs a PII-stripping pass — removing names, specific locations, and other personally identifying details from the text. the AI sees a de-identified version of your writing patterns; it does not see "last Tuesday I had a fight with [person's name] about [specific situation]" in readable form.

this is not a complete privacy guarantee. the AI still processes a version of your writing. but it's a meaningfully different architecture than sending your full diary to GPT-4o in plaintext, and it's the closest any consumer diary app gets to AI + zero-knowledge in a single product.

you can use Reflect's encrypted diary without ever using AI features — the encryption is identical either way. if you subscribe to AI and later cancel, your encrypted diary keeps working. the AI is an optional layer, not a dependency.

How Reflect compares to other diary apps

vs. Day One: Day One has better writing UX — markdown, multiple journals, templates, and a more refined editor. Day One uses cloud sync with server-side encryption (Day One holds the keys). Reflect has stronger privacy guarantees (device-side encryption, zero-knowledge backup) and a meaningful free tier that includes the privacy features. Day One's AI features require a premium subscription; so does Reflect's. Day One is the right choice if writing UX is the priority. Reflect is the right choice if encryption and privacy are the priority.

vs. Journey: Journey is the most cross-platform option — iOS, Android, Mac, Windows, web. Reflect is currently iOS-only (Android coming). Journey has AI features (Journey AI) that process entries through its AI service. Reflect has stronger per-entry encryption. if you need Windows or web access, Journey wins by default. if you need zero-knowledge encryption, Reflect wins.

vs. Rosebud: Rosebud has the most emotionally intelligent AI journaling experience — GPT-4o, therapist-designed prompts, genuine conversation capability. Rosebud's privacy model is standard cloud AI: entries go to OpenAI. Reflect's AI is less conversationally sophisticated but substantially more private in architecture. if emotional AI intelligence is the priority, Rosebud. if AI + privacy is the combination you need, Reflect.

vs. Apple Journal: Apple Journal is more private by design — local-only, no account, no cloud. Reflect has AI features and cross-device sync that Apple Journal doesn't. Apple Journal is iPhone-only. the choice is: maximum local privacy with no AI and no cross-device (Apple Journal), or zero-knowledge encrypted cloud sync with optional AI (Reflect).

vs. Penzu: Penzu is web-first (works in a browser). Reflect is mobile-first (no web app). Penzu encrypts on its servers (company holds the key). Reflect encrypts on your device (company cannot decrypt). if you need browser access, Penzu. if you need genuine zero-knowledge, Reflect.

Honest limitations of the Reflect app

a page about an app that we built should be honest about what it doesn't do:

iOS-only right now. Android is in development, but if you're on Android today, Reflect isn't available yet. Journey is the best cross-platform alternative.

no web app. if you want to journal from a browser, Reflect doesn't do that. Penzu or Journey cover this use case.

no Windows or Mac app. if you need to write on a desktop, Reflect requires your phone. Day One has a Mac app; Journey has Windows and Mac.

AI requires a subscription. the AI features are paid. the free tier is genuinely complete for a private diary, but if AI is your primary reason for choosing an app and you don't want to pay, Reflect's free tier won't satisfy that.

AI is not zero-knowledge. the PII stripping reduces what the AI sees, but it's not the same as "the AI sees literally nothing about your real life." for users who need absolute AI privacy, the right answer is to not use AI diary features at all — Reflect's encrypted diary works identically without them.

export. entries can be exported. the format and flexibility of export is a common question — the app supports standard formats, but if you have specific export requirements (markdown, specific JSON schema, PDF), verify that Reflect's export meets your needs before committing years of writing.

Who Reflect is for

Reflect is the right diary app for people who:

— want a private diary that actually encrypts their entries on-device, not just locks the app with a passcode.

— want a free diary app where the free tier includes the privacy features, not just stripped-down access.

— are curious about AI journaling but don't want to hand their entire diary to a cloud AI model in plaintext.

— use iPhone and want a mobile-first diary that works well on phone, with photos and voice entries.

— want something between "paper diary" (maximally private, no features) and "AI chatbot diary" (maximally featured, minimal privacy) — the middle path of real encryption with optional AI.

Reflect is not the right choice for people who:

— need a Windows or web-accessible diary (no desktop or web app).

— are on Android right now (coming soon, not live).

— want the most polished freeform writing and editing experience (Day One is better for this).

— want the most emotionally intelligent AI conversation in a diary context (Rosebud is better for this).