Back
Privacy Policy for Journaly
Last Updated: November 24, 2025
Thank you for using Journaly ("we," "us," or "our"). This Privacy Policy explains how we collect, use, protect, and handle your information when you use our AI-powered automatic journaling application and website at https://journaly.top (the "Service").
Your privacy is fundamental to what we do. Journaly is built with a privacy-first approach, ensuring your most personal thoughts and memories remain secure and under your control.
By using the Service, you agree to the terms of this Privacy Policy. If you do not agree with these practices, please do not use the Service.
1. Information We Collect
1.1 Account Information
- Name: To personalize your experience and address you in communications
- Email Address: For account management, authentication, service updates, and customer support
- Password: Encrypted and securely stored for account access
- Profile Information: Optional profile details you choose to provide
1.2 Journal Content
- Journal Entries: Your written journal entries, which are encrypted end-to-end
- Photos: Images you include in your journals (stored encrypted)
- Voice/Writing Samples: Optional samples provided during onboarding to train AI on your writing style
- AI-Generated Content: Journal entries automatically created by our AI based on your connected data
1.3 Connected Data Sources (Optional - Pro/Premium Features)
With your explicit permission, we may access:
- Apple Health & Fitness: Workout data, steps, sleep, heart rate, and other health metrics
- Strava: Workout activities, routes, and performance metrics
- WHOOP: Recovery scores, strain data, sleep performance
- Calendar: Events, appointments, and meeting information (metadata only)
- Gmail: Email metadata for context (we never read email content)
- Photos: Images from your photo library
- Location: Places visited and location data (only when explicitly authorized)
1.4 Payment Information
- Payment details are processed securely by Stripe, our payment processor
- We do not store complete payment card information on our servers
- We retain transaction records for accounting and subscription management
1.5 Technical and Usage Data
- Device information (type, operating system, app version)
- IP address and general location
- Usage patterns and feature interactions (anonymized)
- Error logs and crash reports (anonymized)
- We do NOT track which specific entries you read or what you write about
2. How We Use Your Information
We use your information solely to provide and improve the Journaly service:
2.1 Core Service Delivery
- Generate personalized AI journal entries in your writing style
- Sync your journal across your devices (encrypted)
- Create Memory Movies from your entries and photos
- Provide pattern insights and analytics from your data
- Enable "On This Day" flashback notifications
- Support natural language search in your journals
2.2 Account Management
- Authenticate your identity and secure your account
- Process subscription payments and manage billing
- Provide customer support
- Send important service updates and notifications
2.3 Service Improvement
- Analyze anonymized usage patterns to improve features
- Fix bugs and technical issues
- Develop new features based on user needs
We will NEVER:
- Sell your personal information or journal content to third parties
- Use your journal entries for advertising purposes
- Share your data with third parties except as required for service operation
- Read your journal entries for any purpose other than providing the service you request
3. Data Security and Encryption
We take your privacy seriously and implement multiple layers of protection:
3.1 End-to-End Encryption
- All journal entries are encrypted on your device before transmission
- Encryption keys are controlled by you, not us
- Even if our servers were compromised, your journal content would remain unreadable
3.2 Local-First Storage
- Journal entries are stored on your device first
- Cloud sync is optional and always encrypted
- You can use Journaly entirely offline if you choose
3.3 Biometric Protection
- Face ID and fingerprint authentication support
- Additional layer of security for accessing your journals
3.4 Security Measures
- Industry-standard security protocols (TLS/SSL)
- Regular security audits and updates
- Secure data centers with physical and digital protection
- Employee access strictly limited and monitored
4. Data Sharing and Third Parties
4.1 Service Providers
We share limited data with trusted service providers who help us operate:
- Stripe: Payment processing (name, email, payment information)
- MongoDB Atlas: Encrypted database hosting
- Resend: Transactional email delivery
- Cloud storage providers: Encrypted backups
These providers are contractually bound to protect your data and use it only for providing services to us.
4.2 Legal Requirements
We may disclose information if required by law, such as:
- Complying with legal processes (subpoenas, court orders)
- Enforcing our Terms of Service
- Protecting our rights, property, or safety, or that of our users
4.3 Business Transfers
If Journaly is acquired or merged, your information may be transferred to the new entity. You will be notified of any such change and given options regarding your data.
We do NOT:
- Sell or rent your data to advertisers or data brokers
- Share your journal content with anyone
- Use your data for marketing purposes beyond our own service
5. Your Rights and Control
You have complete control over your data:
5.1 Access and Export
- View all data we have about you at any time
- Export your entire journal in multiple formats (Markdown, PDF, JSON)
- Download all your data for use elsewhere
5.2 Correction and Deletion
- Edit or correct your personal information
- Delete individual journal entries
- Request complete account deletion (we'll permanently delete your data within 30 days)
5.3 Data Portability
- Take your data with you if you leave Journaly
- No lock-in or proprietary formats
5.4 Connection Management
- Enable or disable connected data sources at any time
- Control which data categories are shared
- Revoke access to third-party services
5.5 Communication Preferences
- Opt out of non-essential emails
- Control notification settings
- Choose how we contact you
To exercise these rights, contact us at bartzalewskidev@gmail.com or use the settings within the app.
6. GDPR Compliance (European Users)
If you're in the European Economic Area (EEA), you have additional rights under GDPR:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
Legal basis for processing:
- Contract: To provide the service you've subscribed to
- Consent: For optional features like data connections
- Legitimate interests: To improve and secure our service
7. California Privacy Rights (CCPA)
California residents have the right to:
- Know what personal information we collect and how it's used
- Request deletion of personal information
- Opt-out of the sale of personal information (we don't sell data)
- Non-discrimination for exercising privacy rights
8. Data Retention
- Journal Entries: Retained until you delete them or close your account
- Account Information: Retained while your account is active
- Deleted Data: Permanently removed within 30 days of deletion request
- Backup Copies: May persist in encrypted backups for up to 90 days
- Legal Requirements: Some data may be retained longer if required by law
9. Children's Privacy
Journaly is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at bartzalewskidev@gmail.com, and we will delete it promptly.
10. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Encryption during transfer and at rest
- Regular security assessments
11. Cookies and Tracking
We use minimal cookies and tracking:
Essential Cookies:
- Authentication and session management
- Security and fraud prevention
- Service functionality
Analytics (Optional):
- Anonymized usage statistics
- Performance monitoring
- Crash reporting
We do NOT use:
- Advertising cookies
- Cross-site tracking
- Behavioral profiling for marketing
You can control cookie preferences through your browser settings.
12. AI and Data Processing
Our AI processes your data to provide personalized journaling:
- Voice Learning: AI analyzes your writing samples to match your style (encrypted and private)
- Entry Generation: AI creates journal entries based on your connected data
- Pattern Recognition: AI identifies insights and correlations in your data
- On-Device AI: Free tier uses on-device processing (data never leaves your device)
- Cloud AI: Pro/Premium tiers offer advanced AI refinement (data encrypted in transit)
AI processing is designed to serve you, not to extract value from your data for other purposes.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in our practices
- New features or services
- Legal or regulatory requirements
When we make significant changes:
- We'll update the "Last Updated" date
- We'll notify you via email
- We'll provide a summary of key changes
- Continued use after changes constitutes acceptance
You can always view the current policy at https://journaly.top/privacy-policy
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data:
Email: bartzalewskidev@gmail.com
Website: https://journaly.top
For data protection inquiries: Include "Privacy Request" in your email subject line
We will respond to all legitimate requests within 30 days.
---
By using Journaly, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
Your privacy is not just a legal requirement for us—it's a core value. We built Journaly to help you remember your life, not to extract value from it.