Get started

Privacy Policy

Last updated: February 28, 2026

1. Information We Collect

Account information

When you create an account, we collect your email address, full name, and password. Authentication is handled by Supabase.

Journal content

We store the journal entries you write, including all text fields (impact, ownership, growth, focus, and forward-looking prompts). Entries are stored as structured data in our Supabase-hosted PostgreSQL database.

Payment information

If you subscribe to the paid plan, payment is processed by Stripe. We do not store your credit card number or full payment details. We store your Stripe customer ID and subscription ID to manage your subscription.

Usage data

We may collect basic usage information such as pages visited, feature usage, and error logs to improve the Service. Our hosting provider (Vercel) may collect standard web server logs including IP addresses.

2. How We Use Your Information

  • Providing the Service: Your journal entries are stored to display your timeline and enable search. Entries are used to generate AI-powered rollups and promotion narratives when you request them.
  • Email communications: We send weekly reminder emails via Resend to help you maintain your journaling habit. You can unsubscribe at any time.
  • Billing: We use Stripe to process payments and manage subscriptions.
  • Improving the Service: We may use aggregated, anonymized usage data to understand how the Service is used and make improvements.

3. Third-Party Services

We use the following third-party services to operate Impact Journal:

  • Supabase — Authentication and database hosting. Your account data and journal entries are stored in Supabase-managed PostgreSQL databases.
  • Stripe — Payment processing. Stripe handles all payment card data and is PCI-DSS compliant.
  • OpenAI — AI-powered rollup and narrative generation. When you generate a rollup, your journal entries are sent to OpenAI's API for processing. We do not use your content to train AI models.
  • Resend — Transactional and reminder emails.
  • Vercel — Application hosting and deployment.

4. Data Retention

Your journal entries are retained as long as your account is active. Deleted entries are soft-deleted and may be recovered within 30 days. After 30 days, deleted entries may be permanently removed.

If you delete your account, all associated data (entries, rollups, profile information) will be permanently deleted within 30 days.

5. Data Security

We implement appropriate technical and organizational measures to protect your data. All data is transmitted over HTTPS. Database access is controlled through row-level security (RLS) policies, ensuring you can only access your own data.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your journal entries
  • Opt out of reminder emails

To exercise any of these rights, contact us at the email address below.

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Supabase sets authentication tokens as secure, HTTP-only cookies.

8. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect information from children under 16.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, please contact us at support@impactjournal.app.