Night Protocol9:30 PM

Privacy Policy

Draft for counsel review. Effective date, company address, and privacy contact are still to be confirmed before publication.

Who We Are

Night Protocol is owned and operated by Muir Labs, Inc. ("Muir Labs," "we," "us," or "our"). This Privacy Policy explains how Muir Labs collects, uses, discloses, stores, and protects information when you use Night Protocol, including the website, signup flow, SMS journal service, private reply links, journal links, export features, and deletion tools.

Night Protocol is an ultra-minimal SMS journal. You enter a U.S. or Canadian phone number, choose one nightly lens, and provide or allow us to infer a timezone. Night Protocol sends that lens's question by text around 9:30 PM local time. When you reply by SMS, your reply is saved as a private journal entry.

Scope

This Privacy Policy applies to Night Protocol and related websites, SMS messages, private links, journal links, export links, support interactions, and operational systems.

Night Protocol currently supports U.S. and Canadian phone numbers only. Availability outside the United States and Canada is not supported unless Muir Labs says otherwise.

It does not apply to services we do not control, including your mobile carrier, Twilio, SMS delivery networks, device operating systems, or any third-party service you use to store, forward, back up, or view SMS messages.

Information We Collect

We collect the information needed to operate Night Protocol.

  • Phone and account information, including your phone number, hashed phone number, account status, pause state, selected lens, custom nightly message if you write one, timezone, nightly delivery time, consent timestamp, consent IP address, and related timestamps.
  • Journal information, including the SMS replies you send to Night Protocol and save as private journal entries.
  • SMS delivery and audit information, including prompt delivery records, Twilio or provider message IDs, inbound message audit metadata, delivery status information, command-processing records, and related timestamps.
  • Link and token information, including magic-link token hashes, token metadata, private-link usage metadata, journal-link usage metadata, export-link usage metadata, token creation and expiration timestamps, and related security records.
  • Technical and security information, including IP addresses, device and browser information, request logs, server logs, security logs, error logs, and similar technical records when you use web features.

We may collect additional limited information through analytics, error monitoring, email, payment, or support tools if Muir Labs later uses those tools.

Sources

We collect information from you when you enter your phone number, choose a lens, set or confirm a timezone, reply to SMS messages, send commands, use private links, use journal links, export entries, request deletion, or contact us.

We collect information automatically from SMS systems, hosting systems, database systems, security systems, and ordinary server logs. We also receive information from service providers that help operate Night Protocol, including SMS delivery providers and infrastructure providers.

How We Use Information

We use information to operate Night Protocol. This includes sending nightly prompts, receiving SMS replies, saving journal entries, showing private reply links, showing journal links, exporting entries, processing deletion requests, pausing and resuming messages, and responding to SMS commands.

We use information to verify consent, maintain opt-out and suppression records, prevent abuse, secure the service, troubleshoot delivery issues, maintain logs needed for reliability and legal compliance, and improve service stability.

We use metadata to understand whether prompts were sent, delivered, failed, paused, resumed, exported, erased, or accessed through links. We do not use journal entry bodies custom nightly message, or lens selection for advertising, targeting, segmentation, or AI training.

SMS Processing

Night Protocol works through SMS. SMS is not end-to-end encrypted. Your mobile carrier, Twilio, SMS routing systems, and other delivery providers may process SMS content and metadata outside Muir Labs' control.

When you reply to a Night Protocol prompt, your reply travels through SMS delivery systems before it reaches Night Protocol. We cannot control or delete copies that may exist on your phone, in your phone backups, with your carrier, with Twilio, with SMS delivery systems, or in systems outside Night Protocol.

  • STOP opts out.
  • START resumes.
  • PAUSE pauses nightly prompts.
  • PRIVATE sends a private web reply link.
  • JOURNAL sends a journal link.
  • EXPORT exports entries.
  • ERASE begins deletion.
  • ERASE YES confirms deletion.

We may also treat other clear opt-out language as an opt-out where required by law or service-provider rules.

Journal Privacy

Journal entry bodies are encrypted by the application before database storage. Per-user journal keys are encrypted. Entry bodies are not written to audit logs or outbound message logs.

Magic links are random, stored as hashes, and currently expire after 24 hours. Muir Labs does not sell users' words, train AI models on journal entries or custom nightly messages, use journal entries for advertising, or show journal entries to support staff in ordinary operations.

We do not promise that no one could ever access journal content in every circumstance. For example, SMS delivery providers may process message content during transmission, legal obligations may apply, and extraordinary security or operational events may require limited investigation. Night Protocol is designed to avoid ordinary staff access to journal entries.

Service Providers

We use service providers to operate Night Protocol. These may include Twilio for SMS delivery, Neon/Postgres or equivalent database hosting, Vercel or equivalent hosting and deployment, and ordinary security, logging, monitoring, and infrastructure providers.

Service providers process information for us so they can provide infrastructure, SMS delivery, hosting, security, logging, troubleshooting, payment, support, or related services. They may have their own legal obligations and retention practices.

No Sale, Sharing, Advertising, Or AI Training

Muir Labs does not sell users' words. Muir Labs does not train AI models on journal entries. Muir Labs does not use journal entries for advertising.

The current product design assumes no advertising tracking and no sale or sharing of personal information as those terms are used in California privacy law. These assumptions should be confirmed before publication.

Cookies And Logs

Night Protocol may use cookies, local storage, session storage, or similar technologies where needed to operate the website, private links, journal links, export tools, security features, and token flows.

We may use server logs and security logs to detect errors, prevent abuse, investigate suspicious activity, and maintain reliability. We do not use advertising cookies unless Muir Labs later confirms and discloses that practice.

Retention

We keep information for as long as needed to operate Night Protocol, provide the service, maintain security, process deletion and export requests, comply with legal obligations, resolve disputes, and maintain appropriate business records.

Journal entries are retained until they are deleted, marked erased, or otherwise removed under the applicable retention rules for the service. Consent records, opt-out records, delivery records, security logs, audit metadata, and related operational records may be retained for longer where needed for legal compliance, security, abuse prevention, or service integrity.

Backups and logs may persist for limited periods before they expire or are overwritten. SMS providers, carriers, device backups, and other systems outside Night Protocol may retain message content or metadata under their own policies.

Export And Deletion

You may text EXPORT to export your entries. You may text ERASE to begin deletion, and ERASE YES to confirm deletion.

When you confirm ERASE, Night Protocol deletes or marks entries erased inside Night Protocol and destroys the user's journal key. This is intended to make journal entries unavailable inside Night Protocol, subject to technical and legal limits.

ERASE does not delete copies already on your phone, in your phone backups, with your mobile carrier, with Twilio, with SMS delivery providers, in provider systems outside Night Protocol, or in backups/logs outside the app's control.

We may keep limited records after deletion where needed for security, legal compliance, fraud prevention, opt-out compliance, or proof that deletion was processed.

Security

We use technical and organizational measures intended to protect Night Protocol information. Journal entry bodies are encrypted by the application before database storage. Per-user journal keys are encrypted. Magic-link tokens are stored as hashes. Entry bodies are not written to audit logs or outbound message logs.

No method of transmission or storage is perfectly secure. SMS is not end-to-end encrypted. We cannot guarantee that information will always remain secure.

Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain uses of your personal information. You may also have the right to opt out of certain processing, appeal a privacy-rights decision, or designate an authorized agent.

We may need to verify that you control the phone number or account associated with a request. You can also use the built-in SMS controls described in this policy, including STOP, PAUSE, EXPORT, ERASE, and ERASE YES.

State Privacy Rights

If applicable law requires it, we will provide additional rights and disclosures, including information about categories of personal information collected, categories of sources, purposes of use, categories of recipients, retention periods, sale/share status, sensitive personal information, and request procedures.

Based on the current Night Protocol design assumptions, Muir Labs does not sell personal information, share personal information for cross-context behavioral advertising, or use journal entries for AI training. Journal entries may contain sensitive information if you choose to write sensitive information in them. Night Protocol does not require you to include sensitive information in your journal entries.

Children

Night Protocol is intended only for users who meet the minimum age requirement, which is still to be confirmed before publication. Night Protocol is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

If Muir Labs allows users under 18, additional child and teen privacy requirements may apply.

International Users

Night Protocol is operated by Muir Labs in the United States and currently supports U.S. and Canadian phone numbers only.

If you use Night Protocol from Canada or otherwise outside the United States, your information may be processed in the United States and other locations where our service providers operate. Privacy laws in those locations may differ from the laws where you live.

Changes

We may update this Privacy Policy from time to time. The updated policy will be posted with a new effective date. If changes are material, we will provide additional notice where required by law.

Contact

Muir Labs, Inc. Company address and privacy contact are still to be confirmed before publication.

Return