Last updated: December 12, 2025
1. Introduction
This Privacy Policy explains how Daily Journal ("we", "us", or "our") collects, uses, and protects your
personal information when you use our journaling service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, password (encrypted), and name (if using OAuth)
- Journal Content: Your journal entries and any content you create within the Service
- Preferences: Your journal field preferences, reminder time, and timezone settings
2.2 Automatically Collected Information
- Session Data: IP address and user agent when you log in
- Authentication Tokens: Secure tokens for magic link authentication
- Timestamps: When you create or modify journal entries
3. How We Use Your Information
We use your information to:
- Provide and maintain the journaling service
- Authenticate your access to the Service
- Send daily email reminders at your preferred time
- Store and retrieve your journal entries
- Improve and optimize the Service
- Communicate with you about the Service
4. Data Storage and Security
Your data is stored securely using industry-standard practices:
- Passwords are encrypted using bcrypt hashing
- All connections use HTTPS/SSL encryption
- Database stored on secure servers
- Magic link tokens expire after 24 hours and are single-use
5. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share information only in these limited circumstances:
- With your explicit consent
- To comply with legal obligations
- To protect our rights and safety, or the rights and safety of others
- With service providers who help operate the Service (e.g., email delivery), under strict confidentiality agreements
6. Third-Party Services
If you choose to authenticate using Google OAuth:
- We receive your email address and name from Google
- Google's privacy policy applies to their authentication service
- We do not store your Google password
7. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service.
You may delete your account at any time, which will permanently delete all your journal entries and
personal information.
8. Your Rights
You have the right to:
- Access: View all personal information we have about you
- Correction: Update or correct your information
- Deletion: Request deletion of your account and all associated data
- Export: Download a copy of your journal entries
- Opt-out: Unsubscribe from daily reminder emails (though this is a core feature)
9. Cookies and Tracking
We use session cookies to maintain your login state. These cookies are essential for the Service to function
and are deleted when you log out or close your browser. We do not use tracking cookies or analytics services.
10. Children's Privacy
The Service is not intended for users under 13 years of age. We do not knowingly collect information
from children under 13.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate
safeguards are in place to protect your information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting
the new policy on this page and updating the "Last updated" date.
13. Contact Us
If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us
through the Service or via email.
14. GDPR Compliance (EU Users)
If you are in the European Union, you have additional rights under GDPR:
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
Our legal basis for processing your data is your consent (when you create an account and accept our terms).