Skip to main content
Insani[Tome]iumBack to Login

The Tome's Promise to You

Privacy Policy

Effective date: May 18, 2026

The Tome holds your stories. It does not read them, share them, or profit from them. What you write here is yours — completely, permanently, without reservation.

Overview

Insanitomeium is operated and maintained by us — not a third-party cloud platform. Your data lives on our server, under our care, and goes nowhere else.

This policy describes what information the Tome collects when you use it, why that information is needed, and how it is stored. Nothing here is buried in fine print. If something is collected, it is named below.

Information We Collect

When you sign in through Google or GitHub OAuth, we receive and store the following profile fields provided by your chosen OAuth provider:

  • Display name
  • Email address
  • Profile avatar URL
  • A provider-specific user ID, used to recognize your account across sessions

We do not receive, store, or ever handle your OAuth provider password, nor any access or refresh tokens issued by Google or GitHub. The handshake happens; the keys stay with them.

Your Content

Every project, document, note, and fragment you write inside the Tome is stored in the database on the server hosting this application.

That content is yours. We do not read it, analyze it, share it, or transmit it to any external service. Ever.

The Tome is a place to write — not a platform harvesting the words you trust it with.

Cookies & Sessions

When you sign in, the application sets a single cookie containing a signed JWT. This cookie is:

  • HttpOnly — inaccessible to JavaScript running in the page
  • Secure — transmitted only over encrypted connections
  • SameSite=Strict — not shared with any third-party domain

A companion refresh token cookie — carrying the same security attributes — silently renews your session when the primary token expires. You will not be interrupted mid-sentence.

We use no advertising cookies, no analytics cookies, and no third-party tracking scripts of any kind. The Tome does not watch you write.

Data Sharing

Your data is held entirely within Insanitomeium's infrastructure. We do not sell it, trade it, or share it with third parties.

No data is transmitted to external services — with one narrow exception: the OAuth handshake with Google or GitHub that occurs at sign-in. That exchange is limited, necessary, and does not include your content.

Data Retention & Deletion

Your account and all content associated with it remain in the Tome until you choose to remove it. To delete your account and everything written under it, contact us directly and we will take care of it.

The Tome does not hold onto what you ask it to release.

Security

The Tome is built with security as a foundational concern, not an afterthought:

  • JWT tokens are signed with RS256 asymmetric keys
  • CSRF protection is applied to all state-mutating endpoints
  • All database queries use parameterized statements

We are responsible for keeping the infrastructure, TLS certificates, and environment secrets current and secure. That obligation belongs to us, not to you.

Changes to This Policy

If this policy is updated, the effective date at the top of this page will reflect the revision. Continued use of the application after an update constitutes acceptance of the revised terms.

We will not obscure meaningful changes. If something important shifts, it will be plain to see.

Insani[Tome]ium

Privacy PolicyTerms of ServiceHome

Self-hosted writing software. Your words. Your server. Your Tome.