How private is your journal, really? This document breaks down the trust and risk involved at each level of journalling — from pen and paper to frontier AI — and shows how character-sheet can fit into any of them.
| Level | Method | Your data lives… | Who can read it | Risks | Controls | character-sheet fit |
|---|---|---|---|---|---|---|
| 0 | Pen and paper | On the physical page | Anyone who finds it | Loss, theft, physical discovery, no search/sync | Lock it away, hide it, destroy entries you don’t want found | Use as inspiration for your entries; the app can visualise themes you track manually |
| 1 | Local digital (no AI) | On your device only | Anyone with device access | Device theft, no backups by default, loss if device fails | Full-disk encryption, strong login password, local backups | Store character-sheet.html locally; import/export JSON manually; no internet required |
| 2 | Cloud storage (no AI) | On your device + provider servers | Provider (Google, iCloud, Dropbox…) + anyone who compromises your account | Provider access, account breach, government requests, terms-of-service changes | Strong password + 2FA, review provider privacy policy, end-to-end encrypted options (e.g. Cryptomator) | Store character-sheet.html in Google Drive or iCloud; syncs across devices while data stays in localStorage |
| 3 | AI-assisted (local model) | On your device only | Anyone with device access | Model capability limits (smaller parameter counts = less nuanced reflection), higher technical setup bar | Same as level 1; model weights stay local | Journal with a local LLM (e.g. Ollama, LM Studio); paste AI output into character-sheet manually |
| 4 | AI-assisted (frontier model) | On your device + AI provider’s servers | AI provider (Anthropic, OpenAI…) + anyone who compromises your account | Provider data retention, potential training data use, account breach, jurisdiction-dependent legal access | Opt out of training data in provider settings, review retention policy, use a pseudonym, keep entries vague | The default setup: journal with Claude or GPT-4 using instructions.md; data.json lives in project knowledge |
| 5 | AI-assisted (frontier model + 3rd-party wrapper) | On your device + AI provider + 3rd-party app’s servers | All of the above, plus the wrapper company | All level-4 risks, plus the wrapper storing your data independently, narrower control over how it’s used | Read the wrapper’s privacy policy carefully; prefer providers that are explicit about not storing journal content | Third-party apps built on Claude/GPT APIs (e.g. Purpose, Rosebud); character-sheet avoids this layer entirely |
The gold standard for privacy by default: no network, no server, no account. The risk is entirely physical. A locked box, a fireproof safe, or simply being choosy about where you keep it covers most of the threat surface. The downside is massive friction to usage, no search, no AI reflection, no long-term pattern tracking.
A plain text file, an offline app, or character-sheet with no AI connected. Full-disk encryption (FileVault on Mac, BitLocker on Windows) is the most important control — if someone steals your laptop, encryption is what stands between them and your journal. Backups matter here: a local-only journal lost to a hard drive failure is gone.
Adds device sync and automatic backup at the cost of storing data on a provider’s infrastructure. Google, Apple, and Dropbox all have privacy policies that grant them broad rights. End-to-end encrypted alternatives (Proton Drive, Cryptomator layer on top of any provider) close most of this gap. Government legal requests are a theoretical but real risk in some jurisdictions.
Running a model locally means no data leaves your machine. The practical tradeoff is capability: models that run on consumer hardware (7B–34B parameters) are less nuanced than frontier models at deep reflection tasks, though the gap is narrowing quickly. Setup is more technical. This is the highest-privacy option that still gives you AI assistance.
The most capable reflection partner available. The cost is trust: your journal content travels to the provider’s servers and is subject to their data retention and privacy policies. Most providers offer a way to opt out of using your data for model training — find and enable this setting if it matters to you. Note that opting out of training doesn’t necessarily mean your data isn’t stored at all; the retention period and legal access policies are separate questions.
What Anthropic says: Claude has an opt-out for model training, but stored conversations are still retained according to their standard policy. Check Anthropic’s privacy policy for current details.
Apps like Purpose, Rosebud, or Reflectly use frontier model APIs under the hood. You’re trusting the AI provider and the app company. The app often stores your journal content in its own database for features like search and history — check whether it does. character-sheet deliberately avoids this layer: it talks to no server, stores nothing remotely, and the only third party in the chain is the AI provider you choose.
| Level | How to use it |
|---|---|
| 0 | Browse Steve’s demo, use the tab structure as inspiration for what to reflect on, journal on paper using the same categories |
| 1 | Download character-sheet.html, open locally in Firefox, use as a standalone offline tracker — no AI needed |
| 2 | Store the file in Google Drive or iCloud to enable sync across devices |
| 3 | Journal with a local model (Ollama + Open WebUI); paste the AI’s JSON output into character-sheet manually |
| 4 | The default setup: Claude Projects + instructions.md + data.json in project knowledge |
| 5 | Use a journalling app that connects to Claude; import its output into character-sheet if it can produce JSON |
| Threat | Mitigation |
|---|---|
| Physical discovery of journal | Lock/hide physical journal; consider what you write down |
| Device theft | Full-disk encryption + strong login password |
| Account compromise | Strong unique password + 2FA on AI provider account |
| AI provider trains on your data | Opt out in provider settings; use a pseudonym; use a local model |
| AI provider data retention | Review their privacy policy; prefer providers with short retention windows |
| Third-party app storing your data | Read the app’s privacy policy; prefer apps that don’t store journal content server-side |
| Browser data loss | Export JSON regularly; keep a copy in AI project knowledge |
character-sheet is designed to give you as much control as possible: no server, no account, no telemetry. The AI layer is optional and entirely your choice.