Privacy by Design: Why Your Secrets Stay Yours in TreeHole
When you tell an AI your deepest fears, you're handing over the most intimate part of your inner world. For a lot of people the thing holding them back isn't the technology — it's the simple question of where those words go. So before anything else: here is where they go, and where they don't.
Privacy is the foundation, not a feature
It would be easy to bolt a padlock icon onto a finished product and call it "secure." We didn't want that. What you write in a treehole is among the most private writing there is, so the protection has to be part of the design from the first line — not an afterthought stapled on at the end.
Many AI apps send your words to a third-party cloud to be processed and stored — infrastructure the app's own makers don't fully control. TreeHole takes the other road: the language model is independently operated on our own servers, not handed off to someone else's cloud, so your words stay inside a space we're responsible for end to end.
An architecture of trust
- Encrypted at rest (the vault). Every conversation and diary entry is sealed with AES-256-GCM encryption at rest, under its own per-account key. Even if a disk were stolen or a database were copied, the content stays unreadable without it.
- Walled off per account (the private room). Your conversations and diary are isolated at the data layer. Your words live in their own space; no one else's search or request can ever reach into it.
- Kept only as long as needed. Raw transcripts are fleeting; the diary is what lasts. TreeHole keeps the word-for-word transcript only long enough to turn it into a diary entry, then purges it (within 30 days). The memory that matters stays; the rest fades.
- Yours to erase. You own it. Delete your account and your diary, search index, and records all go with it — permanently. There are no ghost copies left behind.
Honest about the limits
Here is the part most products leave out. Because TreeHole runs on its own servers instead of a third-party cloud, we control the whole environment — but that also means the running app holds the keys and can technically decrypt your content to do its work.
We're not going to pretend otherwise. We won't tell you "no one can ever see it," because that wouldn't be true. What we can tell you is what we actually do: we don't browse it, we don't sell it, and we don't share it. The honest boundary is written plainly into our Terms of Use and Privacy Policy, and removing even the operator from that trust boundary is a direction we're actively working toward.
A promise you can verify is worth more than one that sounds perfect.
In short
Your privacy is the most valuable thing you bring to a tool like this. TreeHole is built so that when you speak into the treehole, you're speaking into a space that encrypts what you say, walls it off from everyone else, holds on to only what helps you, and is honest with you about the rest.
A private place to think
Talk about your day; it becomes an encrypted diary only you can open; and the next time you talk, your past self is there with you.
