Privacy Policy

Last updated: 24th September 2025

1. Introduction

Welcome to Journnl (“we”, “our”, “us”). Your privacy is important to us. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use journnl.com and our journaling and productivity features. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using Journnl, you agree to the terms of this Privacy Policy.

2. Data We Collect

We collect and process the following types of personal data: Account Data (if you sign up): email address, display name. Content Data: journal entries, gratitude logs, habit tracking, to-dos, weekly reviews, reading notes, and thought practice logs. Usage Data: interactions with the app (e.g., streaks, completion statistics), device/browser information, IP address (for security). Technical Data: cookies and similar technologies (see Section 7). Sensitive content (your private journal entries, thoughts, and notes) remains private to you and is never shared with third parties.

3. How We Use Your Data

We process your data for the following purposes: To provide the journaling and productivity features (core functionality). To store your entries securely in our database. To improve the user experience and app performance. To send service-related emails (e.g., login links, account support). To ensure security, prevent misuse, and comply with legal obligations. We do not sell or share your personal data with advertisers.

4. Legal Basis for Processing

Under GDPR, we rely on the following legal bases: Contract: to provide you the service you requested (e.g., saving journal entries). Consent: for optional features like email newsletters. Legitimate Interests: to improve app performance and ensure security. Legal Obligation: where required by law.

5. How We Store and Share Your Data

Storage: Data is stored securely on servers hosted by our provider (Vercel for hosting, MongoDB Atlas for database). Authentication: We use NextAuth for secure sign-in. Access Control: Only you can access your journal entries. Our team does not access your private content unless required for technical support (and only with your explicit permission). Third-Party Services: Hosting: Vercel Database: MongoDB Atlas Authentication: NextAuth These providers act as processors under GDPR, with appropriate data protection agreements in place.

6. Data Retention

Your data is kept for as long as you maintain an account. You can delete entries or your entire account at any time. Backups may persist for up to 30 days before being fully erased.

7. Cookies and Tracking

We use minimal cookies for: Authentication (session cookies). Basic analytics (aggregate, non-identifiable usage data). No third-party advertising cookies are used.

8. Your Rights (GDPR)

As an EU/UK user, you have the right to: Access your personal data. Rectify inaccurate data. Request deletion (“Right to be Forgotten”). Restrict or object to processing. Data portability (export your entries). Withdraw consent (where processing is based on consent). To exercise these rights, email us at [insert contact email].

9. Security

We take appropriate technical and organizational measures to protect your data, including: Encrypted connections (HTTPS). Secure passwordless authentication. Role-based access control for our internal systems. Regular monitoring and backups.

10. Children’s Privacy

Journnl is not directed at children under 16. We do not knowingly collect personal data from children.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page.

12. Contact Us

If you have any questions or requests regarding this Privacy Policy or your data, please contact us: Journnl Email: hello@journnl.com. Website: https://www.journnl.com