隐私政策

Mindful Journal AI

最后更新: 2026年7月6日

At Mindful Journal AI, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our application.

1. Information We Collect

Personal Information

  • Account Information: Email address, display name, and authentication credentials managed through Firebase Authentication (email/password and/or Google Sign-In)
  • Profile Data: Optional profile information you choose to provide
  • Authentication Data: Login sessions, authentication tokens, and device information for security purposes

Journal Content

  • Diary Entries: Your personal journal entries, including text content, timestamps, and associated metadata
  • Mood Data: Mood ratings, emotional tracking data, and wellness indicators you choose to record
  • Image Attachments: Images you attach to journal entries, uploaded through the app and stored in our media storage
  • AI Interactions: Your interactions with our AI assistant, including prompts and generated responses

Technical Information

  • Search Index Data: A word-frequency index derived from your entry text (and AI summaries when present) to enable in-app search; this is stored on our servers separately from encrypted entry bodies
  • Usage Analytics: Application usage patterns, feature interaction data, and performance metrics (only with your consent)
  • Device Information: Browser type, operating system, IP address, and device identifiers for security and optimization
  • Local Storage: Preferences, settings, and consent choices stored in your browser

2. How We Use Your Information

Core Service Functionality

  • Providing secure access to your personal journaling space
  • Generating AI-powered insights and reflections on your entries
  • Synchronizing your data across devices and sessions
  • Enabling in-app search through server-side search indexes
  • Enabling data export and backup functionality

Account Management

  • Creating and maintaining your user account
  • Authenticating your identity and securing your sessions
  • Processing subscription and payment information
  • Providing customer support and technical assistance

Service Improvement

  • Analyzing usage patterns to improve app functionality (anonymized data only)
  • Optimizing AI model performance and accuracy
  • Identifying and fixing technical issues
  • Developing new features based on user needs

3. Data Storage and Security

Infrastructure

Your data is stored using Google Firebase and related cloud services that provide:

  • Enterprise-grade security and encryption in transit (HTTPS/TLS)
  • Automatic backups and disaster recovery
  • Global data centers with high availability
  • GDPR and SOC 2 compliance at the infrastructure provider level

Encryption at Rest

🔒 Journal content encryption

Diary entry text and AI analysis results are encrypted in your browser using the Web Crypto API with AES-256-GCM. Each account receives a random 256-bit master key generated on your device. That key is stored on our servers in wrapped (enveloped) form using a system-managed encryption key, and is delivered to your browser when you sign in so you can encrypt and decrypt during your session.

This is encryption at rest, not end-to-end encryption: our services can access decrypted content when needed (for example, to build search indexes, run AI analysis you request, or provide support).

Limits you should know: (1) Some accounts or older data may still be in plaintext if encryption was not yet enabled or predates migration—check your settings in the app. (2) If you use AI analysis, your app sends decrypted text (or the portion you choose to analyze) to our backend and to Google Gemini for that request; that is separate from long-term storage and is covered under AI Processing below. (3) A search index derived from entry text (and AI summaries when present) is stored on our servers to power search and is not protected the same way as encrypted entry bodies. (4) Metadata (such as timestamps or mood fields) may be stored or processed alongside entries and is not necessarily protected the same way as entry body text. (5) Image attachments are encrypted for storage; thumbnails and delivery may involve additional server-side processing.

Access Controls

  • Email verification for email/password accounts
  • Per-user data isolation through Firestore security rules
  • Session management and sign-out
  • Optional recovery key (BIP39 mnemonic phrase) to regain access to your encryption key if you lose your password
  • Regular security reviews and vulnerability assessments

4. Third-Party Services

AI Processing

We use Google Gemini AI to generate insights and reflections. When you use these features, decrypted journal text (or the excerpt you submit) is sent from your app through our services to Google for that analysis; it is handled under Google's policies and security practices for that processing, in addition to this Privacy Policy.

Analytics (Optional)

With your explicit consent, we may use analytics services to understand how our application is used. This data is anonymized and used solely for improving the user experience.

Payment Processing

Payment information is processed by secure third-party payment processors (Paddle and FreeKassa). We do not store your payment card details on our servers.

5. Your Privacy Rights

Data Access and Control

  • Access: View and download all your personal data at any time
  • Correction: Update or correct any inaccurate personal information
  • Deletion: Request complete deletion of your account and all associated data
  • Portability: Export your data in standard formats (JSON, Markdown, PDF)

Consent Management

  • Opt-in consent for analytics and non-essential features
  • Granular control over data processing preferences
  • Easy withdrawal of consent at any time
  • Clear notification of any privacy policy changes

6. Data Retention and Deletion

Retention Periods

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Data may be deleted after 3 years of inactivity (with prior notice)
  • Deleted Accounts: All personal data permanently deleted within 30 days
  • Backup Systems: Deleted data removed from backups within 90 days

Account Deletion Process

Complete Data Deletion

When you delete your account, all your personal data, journal entries, and AI interactions are permanently removed from our systems. This action is irreversible.

7. International Data Transfers

Your data may be processed and stored in data centers located in different countries, including the United States and European Union. We ensure that all international transfers comply with applicable data protection laws and maintain the same level of security.

8. Children's Privacy

Mindful Journal AI is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the application
  • Requesting renewed consent for any new data processing activities

10. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Support: Through the in-app support system
  • Data Protection: For privacy-specific inquiries and rights requests
  • Security: For reporting security vulnerabilities

Your Privacy Matters

We believe that privacy is a fundamental right. This policy reflects our commitment to transparency and gives you control over your personal information. If you have any concerns about how we handle your data, please don't hesitate to reach out to us.