Simeon Pashley

Writing Privacy in the Age of Cloud Tools: How WriteDaily Thinks About Your Data

I’ve been thinking about privacy lately — partly because the conversation around cloud tools has shifted, and partly because WriteDaily holds nearly four years of personal writing from its users.

If you’re writing 750 words a day — journaling, processing emotions, working through ideas — the contents are intimate by definition. So what does WriteDaily do to protect them?

What WriteDaily Collects (and Doesn’t)

We collect:

  • Your entries (obviously — that’s the product)
  • Word counts and pace data (to power the stats you see)
  • Sentiment analysis results (derived from your text, stored alongside it)

We don’t collect:

  • Analytics or tracking scripts of any kind
  • Email open rates (the monthly summary is a simple send, no pixels)
  • Social graph data (there is no social layer)
  • Anything resold or shared with third parties

Where the Data Lives

WriteDaily runs on a single server. Your entries sit in a database with no external replication, no cloud backups to services I don’t control, and no CDN caching of user content. Backups are encrypted and stored offline.

This isn’t enterprise-grade security. It’s the security model of a tool built and maintained by one person. But that simplicity is a feature: fewer moving parts means fewer attack surfaces.

The Sentiment Analysis Question

The LIWC parser runs on the server. Your text is processed in memory, analysed against the LIWC2007 dictionary, and the results are stored. The raw text is never sent to an external API — the entire analysis pipeline is self-contained.

If you’re uncomfortable with server-side processing of private writing, the export feature — introduced in 2014 — lets you take your data anywhere. Every word you’ve written at writedaily.co can be downloaded as plain text or Markdown.

A Privacy Roadmap

Things I’m considering for the future.

Running LIWC in the browser would mean your text never touches the server unencrypted. The LIWC2007 dictionary is about 4,500 tokens — well within what a browser can handle.

End-to-end encryption for entries — encrypting with a key only you hold, decrypted in the browser on load — is non-trivial technically but increasingly expected.

A one-click account deletion that verifiably removes all data, including backups, is on the roadmap.

I don’t know when these will ship — the framework migration to Laravel is a year or two out. But I want to be clear about the direction.

If you care about where your writing lives, WriteDaily is designed to respect that.

logo

I Create Reach.
I Generate Impact.
I Amplify.