Privacy Policy

Last Updated: November 2024

TL;DR: For cloud accounts, we can't read your journal entries. Your entry content is encrypted on your device with AES-GCM-256 before it reaches Firebase Firestore. We don't sell your data. Demo mode does not send entries to our servers.

1. Data Collection

For cloud accounts, we store your email address (for authentication), entry metadata (dates, tags), and encrypted journal entries. Entry content is encrypted on your device using AES-GCM-256 before reaching Firebase Firestore, so it is unreadable to us. Demo mode does not send entries to our servers; demo entries are stored locally in your browser as plain JSON and are cleared on logout.

2. How We Use Your Data

We use your data solely to provide the journaling service. We do not analyze, sell, or share your personal thoughts with advertisers or third parties. If you use the optional AI analysis, your entry content is sent to our backend Cloud Function proxy and then to Google Gemini.

3. Encryption

We use client-side encryption. For cloud accounts, your entries are encrypted on your device using AES-GCM-256 before being sent to Firebase Firestore. We do not store your encryption password and cannot recover your data if you lose it. Demo mode is not encrypted.

4. Third Parties

We use Google Firebase for email/password authentication and encrypted data storage, and Stripe for payment processing. These services are GDPR-compliant.

5. Contact

Blog ยท For privacy inquiries, contact: mindskeepsupport@gmail.com