🔒 Security & Privacy

Your privacy and security are our top priorities. Here's how we protect your personal data and ensure your journal entries remain completely private.

🛡️Data Protection

  • • All data encrypted in transit (HTTPS/TLS)
  • • Database encrypted at rest
  • • Passwords hashed with bcrypt
  • • No plain text storage of sensitive data

🔐Access Control

  • • JWT-based authentication
  • • Session management with secure tokens
  • • Rate limiting on all endpoints
  • • Automatic session expiration

📝Your Journal Data

Complete Privacy: Your journal entries are private to your account only. We never read, analyze, or share your personal thoughts with anyone—including our team.

AI Processing: When you request an AI reflection, your entry is sent securely to OpenAI's API for processing. This data is not stored by OpenAI and is only used to generate your reflection.

Data Ownership: You own 100% of your data. You can export it anytime, and request complete deletion of your account and all associated data.

⚙️Technical Security Measures

Infrastructure Security

  • • Hosted on secure cloud infrastructure
  • • Regular security updates and patches
  • • DDoS protection and monitoring
  • • Automated backups with encryption

Application Security

  • • Input validation and sanitization
  • • SQL injection protection
  • • Cross-site scripting (XSS) prevention
  • • CSRF protection on all forms

💳Payment Security

Stripe Integration: All payments are processed securely through Stripe, a PCI DSS Level 1 certified payment processor. We never see or store your credit card information.

Secure Checkout: Payment forms are hosted by Stripe and protected by their enterprise-grade security measures, including fraud detection and encryption.

Webhook Security: Payment confirmations are verified using cryptographic signatures to prevent tampering.

📋Compliance & Standards

GDPR Compliance: We follow GDPR principles and provide you with full control over your data, including the right to access, export, and delete your information.

Data Minimization: We only collect the data necessary to provide our service. No unnecessary personal information is requested or stored.

Transparency: Our privacy policy clearly explains what data we collect, how we use it, and your rights regarding your information.

⚖️Your Rights & Control

Data Control

  • • Export all your data anytime
  • • Delete your account completely
  • • Update or correct your information
  • • Opt out of communications

Account Security

  • • Change password anytime
  • • Enable/disable email notifications
  • • View account activity
  • • Secure password reset process

📞Questions & Support

If you have any questions about our security practices or privacy measures, we're here to help. Your trust is important to us.

Contact SupportPrivacy Policy

🛡️ Built with Security in Mind

🔒
End-to-End Security
From your browser to our servers
🔐
Industry Standards
Following security best practices
Regular Updates
Continuous security improvements
🌟Every story matters. Today is a new page—write yours with courage and kindness.