journli
Journli

Privacy Policy

Effective date: March 2026 — journli.app

1. Who we are

Journli is a private journaling application operated by an individual developer. The service is available at journli.app. For questions regarding this policy, contact: hello@journli.app.

2. Our core commitment

Journli is built on a simple principle: your journal is yours. We have designed the technical architecture so that we cannot read your journal entries even if we wanted to. This is not a policy statement — it is a technical reality described in detail in Section 4.

3. What data we collect

3.1 Account data

  • Email address — used for authentication and account recovery
  • Optional profile data: nickname, age, gender — provided voluntarily, used only to improve AI analysis context

3.2 Journal data

  • Encrypted journal entries — stored as ciphertext. We cannot read the content.
  • Entry metadata: date, word count, creation timestamp — stored in plaintext
  • Privacy flag (ai_excluded) — whether an entry is marked private from AI analysis
  • Embeddings — mathematical vector representations of entry content (768 numbers). These do not contain readable text.

3.3 Technical data

  • Session tokens — managed by Supabase Auth, expire on tab close
  • Standard server logs — IP address, request timestamps, error logs. Retained for 30 days.

3.4 What we do NOT collect

  • We do not store your password — authentication is handled entirely by Supabase Auth
  • We do not collect behavioral data, browsing history, or usage analytics
  • We do not use advertising trackers or third-party analytics
  • We do not sell data to any third party — ever
  • We do not store audio recordings from voice dictation — audio is transcribed and immediately discarded

4. How encryption works

This section describes the technical model that protects your journal entries.

When you register, Journli generates a Data Encryption Key (DEK) — a random cryptographic key unique to your account. This DEK is encrypted using a Master Key derived from your password using the Argon2id algorithm. The DEK is stored in encrypted form only. Your password is never sent to our servers in a form that could be used to derive the DEK.

Every journal entry is encrypted in your browser using XChaCha20-Poly1305 before it is sent to our servers. Our servers receive and store only ciphertext — the encrypted result. The decryption key (DEK) is held only in your browser's memory during your session and is cleared when you close the tab or log out.

Practical consequence: if Journli's database were compromised, an attacker would obtain only encrypted data that cannot be decrypted without your password. Journli staff cannot read your journal entries.

4.1 Password recovery

Because of the encryption model, standard password reset is not possible. If you forget your password, you can recover access using the 12-word recovery phrase shown once at registration. If you lose both your password and recovery phrase, your journal data is permanently inaccessible. This is an intentional design decision — it is the technical guarantee of your privacy.

5. AI analysis and data sharing

Journli offers optional AI-powered pattern analysis of your journal entries. This feature requires sending entry content to an external AI provider. Here is exactly what happens:

  • AI analysis is opt-in. Entries marked 🔒 Private are never included in any analysis.
  • When you request analysis, selected entries are decrypted in your browser, sent through Journli's servers to Google Gemini API, and the resulting insight is returned to you.
  • Plaintext entry content is present in Journli's server memory only for the duration of the API call — it is never written to disk or stored in any database.
  • Google Gemini processes your content under Google's API data processing terms. Google does not use API data to train models by default.
  • Voice dictation audio is sent to Google Gemini for transcription. Audio is not stored after transcription is complete.
  • You can disable AI analysis entirely in Settings. This means no entry content ever leaves your device in readable form.

6. Crisis detection

If AI analysis detects content suggesting a mental health crisis, self-harm, or suicidal ideation, the system will not provide pattern analysis. Instead, it will display crisis helpline resources appropriate for your region. This is a safety feature, not surveillance — the detection happens during the analysis call and no special flag or record is created.

7. Data storage and infrastructure

  • Journal data is stored in Supabase (PostgreSQL database hosted on AWS infrastructure in the EU region)
  • Authentication is handled by Supabase Auth — your password is processed exclusively by Supabase and never stored by Journli
  • Application is hosted on Vercel (edge network)
  • Supabase and Vercel are GDPR-compliant processors
  • Data is not transferred outside the EU/EEA except as required for AI analysis (Google Gemini API)

8. Your rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Right of access — contact us at hello@journli.app to request a copy of your data
  • Right to erasure — you can delete your account and all associated data from the Settings page. Deletion is permanent and immediate.
  • Right to object — you can disable AI analysis at any time in Settings
  • Right to lodge a complaint — with your national data protection authority

To exercise any of these rights, contact hello@journli.app or use the in-app account deletion feature.

9. Data retention

  • Journal entries — retained until you delete them or delete your account
  • Account data — deleted immediately upon account deletion
  • Server logs — retained for 30 days, then automatically deleted
  • Backups — Supabase maintains database backups for 7 days

10. Children

Journli is not intended for users under 16 years of age. We do not knowingly collect data from children under 16. If you believe a child has created an account, contact hello@journli.app.

11. Changes to this policy

We will notify registered users by email of any material changes to this Privacy Policy at least 14 days before they take effect. Continued use of Journli after changes take effect constitutes acceptance of the updated policy.

This Privacy Policy was last updated: March 2026. It has not been reviewed by a lawyer and should be treated as a good-faith MVP document. A legal review is planned before public launch.