Privacy Policy

Last Updated: December 25, 2025

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address - Used for login and communication
• Password - Stored securely using industry-standard hashing
• Username (optional) - For friend discovery features
• Birthday (optional) - For zodiac insights
• Location (optional) - City and country for weather data

1.2 Journal Content

We collect and store:

• Journal entries - Your written content (encrypted at rest)
• Entry metadata - Dates, mood tags, energy levels
• Media attachments - Images, audio, video files you attach
• Goals and habits - Your personal tracking data
• Captures - Books, movies, places, people you track

1.3 Automatically Collected Information

• Usage data - Pages viewed, features used, time spent
• Device information - Browser type, operating system
• IP address - For security and fraud prevention
• Cookies - Session management and preferences

2. How We Use Your Information

2.1 Core Service

• Provide journaling features - Store and display your entries
• AI analysis - Sentiment analysis, mood trends, insights generation
• Generate reviews - Year in Review, monthly summaries
• Track goals & habits - Progress monitoring and statistics

2.2 Account Management

• Authentication - Log you in securely
• Communication - Send important account updates
• Support - Respond to your questions and issues

2.3 Improvement & Security

• Service improvement - Understand how features are used
• Bug fixes - Identify and resolve technical issues
• Fraud prevention - Detect and prevent abuse

3. How We Protect Your Data

3.1 Encryption

Your journal entries are encrypted at rest. We use industry-standard Fernet encryption (AES-128 in CBC mode) to encrypt all journal entry titles and content before storing them in our database.

This means:

• Even if someone gains unauthorized access to our database, they cannot read your entries
• Database backups are encrypted
• Database administrators cannot read your private thoughts

3.2 Transport Security

• HTTPS/TLS - All data transmitted over secure connections
• Secure cookies - Session data protected from interception

3.3 Access Controls

• Limited employee access to user data
• Access logged and monitored
• Multi-factor authentication for internal systems

4. Data Sharing & Third Parties

4.1 We DO NOT Sell Your Data

We will never sell, rent, or trade your personal information or journal entries to third parties for marketing purposes.

4.2 Service Providers We Use

We share limited data with trusted third-party services:

• Stripe - Payment processing (email, billing info only)
• Email provider - Transactional emails (email address only)
• Hosting provider - Infrastructure (encrypted database storage)
• Analytics - Anonymized usage statistics (no personal content)

These providers are contractually bound to protect your data and use it only for specified purposes.

4.3 POV (Point of View) Sharing with Friends

Reflekt includes a feature that allows you to share specific portions of your journal entries with friends using POV blocks:

How POV Sharing Works:

• Selective Sharing - You can share specific paragraphs or thoughts from your entries, not entire entries
• Friends Only - POV blocks can only be shared with users you've added as friends on Reflekt
• Automatic Injection - When you share a POV, the content is automatically added to your friend's journal entry for that date
• Clear Attribution - Shared POVs are clearly marked with your username so recipients know who wrote it
• Recipient Control - Recipients can delete POV content from their journal at any time
• Optional Replies - Recipients can reply to your shared POVs, creating threaded conversations
• Notifications - Friends receive notifications when you share POVs with them

What's Shared:

• Only the specific POV content you mark for sharing (using {pov} tags)
• Your username (so friends know who shared it)
• The date of your entry
• Any replies to the shared POV

What's NOT Shared:

• The rest of your journal entry remains private
• Your other entries are never shared unless you explicitly create POV blocks in them
• Media attachments, mood data, and other metadata remain private

Important: Once you share a POV, it becomes part of your friend's journal entry. While they can delete it, you cannot remotely remove it from their journal after sharing. Only share content you're comfortable with your friends keeping.

4.4 Family Plan Data Sharing

Reflekt offers Family Plans that allow one subscriber to provide premium access to up to 5 family members.

Information Visible to Family Plan Administrators:

• Family Member List - Administrators can see the names and email addresses of family members in their plan
• Join Dates - When each member was added to the family plan
• Membership Status - Whether invitations are pending or accepted

Information NOT Visible to Family Plan Administrators:

• Journal Entries - Family plan administrators CANNOT see family members' journal content
• Usage Statistics - Activity, streaks, and other usage data remain private
• Goals & Habits - Personal tracking data is never shared
• Captures - Books, movies, places, and people tracked remain private
• Friends List - Your friend connections remain private

Automatic Friend Connection:

• When you join a family plan, you automatically become friends with the plan administrator
• This friendship connection follows the same privacy rules as all friendships
• Your journal entries remain private unless you explicitly share POV blocks
• You can unfriend the administrator, but you will remain in the family plan

Family Plan Invitations:

• When administrators invite you, we send an email to your registered email address
• The invitation email contains information about who invited you and what accepting entails
• We share your email address with the person who invited you (only if you accept)

Privacy Guarantee: Being in a family plan does not grant the administrator any access to your journal content or personal data beyond what's listed above. Your journal entries remain completely private and encrypted.

4.5 Legal Requirements

We may disclose your information if required by law:

• Valid subpoena or court order
• Legal process compliance
• Protection of our rights or safety of users
• Investigation of fraud or security issues

We will notify you of legal requests unless prohibited by law.

5. Your Rights & Controls

5.1 Access Your Data

• View all your journal entries, goals, habits, and captures
• Export your data in standard formats (JSON, CSV)
• Request a complete copy of all your personal data

5.2 Update Your Data

• Edit or delete entries at any time
• Update account settings and preferences
• Change email address or password

5.3 Delete Your Account

You can permanently delete your account at any time:

• All journal entries will be permanently deleted
• All personal data will be removed from our systems
• Backups are purged within 30 days
• This action is irreversible

5.4 Data Portability

You can export your data in machine-readable formats to move to another service.

6. Data Retention

• Active accounts - Data retained indefinitely while account is active
• Deleted accounts - Data purged within 30 days
• Inactive accounts - We may delete accounts inactive for 2+ years after notice
• Backups - Encrypted backups retained for 30 days

7. Children's Privacy

Reflekt is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete such information immediately.

8. International Data Transfers

Your data may be transferred to and stored in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. Cookies & Tracking

We use cookies for:

• Essential cookies - Required for login and core functionality
• Preference cookies - Remember your settings
• Analytics cookies - Understand how the service is used (anonymized)

You can disable cookies in your browser, but some features may not work properly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• We'll update the "Last Updated" date at the top
• We'll notify you via email for material changes
• Continued use after changes constitutes acceptance

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

• Email: privacy@reflekt.com
• Support: Contact us through the app

12. Specific Rights by Region

12.1 GDPR (European Users)

If you are in the European Economic Area, you have additional rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

12.2 CCPA (California Users)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we don't sell data)
• Right to deletion
• Right to non-discrimination for exercising these rights

---

Read Terms of Service Back to Home