Last updated: 7 May 2026 Effective date: 7 May 2026
This Privacy Policy explains how Tomaž Pernovšek s.p. ("Journail", "we", "us", or "our") collects, uses, stores, and protects personal data when you use journail.app (the "Service"). It is written to comply with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR"), the Slovenian Personal Data Protection Act (ZVOP-2), and Regulation (EU) 2024/1689 (the EU AI Act).
We treat your journal entries as among the most sensitive content we handle. The principles below are not marketing language — they are commitments we are accountable for.
1. Data Controller
The data controller responsible for your personal data is:
Tomaž Pernovšek s.p. Dolinškova ulica 10a, 1000 Ljubljana, Slovenia Tax number: SI11630876 Registration number (matična številka): 8841373000 Email: info@journail.app
You may contact us at any time using the email address above for questions about this policy or to exercise your rights under the GDPR.
We are not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR, but you can reach our designated privacy contact at info@journail.app.
2. Plain-Language Summary
Before the legal detail, here is what we want you to know:
- Your journal entries are not used to train AI models. Not by us, not by our AI providers. This is contractually enforced.
- We collect only what we need to run the Service, send you emails, and provide AI features.
- We do not sell your data to anyone. We do not run advertising. There are no third-party trackers in your account.
- You can export everything you have written, in Markdown or JSON, at any time.
- You can delete your account and all associated data permanently from within the Service.
- AI providers process your text in real time to generate responses. We tell you exactly which providers below.
- We host your data in the European Union wherever feasible, and use Standard Contractual Clauses where transfers outside the EU are necessary.
3. What Personal Data We Process
We process the following categories of personal data:
3.1 Account data
- Email address, full name (optional), hashed password, account creation date, language preference, time zone, login timestamps, IP address at registration and most recent login.
- If you sign in with Google OAuth, we receive your email, name, and Google profile picture URL. We do not receive your Google password.
3.2 Content you create
- Journal entries (morning briefs, evening debriefs, free-form notes, generated daily entries).
- Goals (yearly, monthly, weekly), their titles, descriptions, deadlines, status, and history of changes.
- Tasks you create directly in Journail or import from Todoist, including titles, due dates, completion status, and notes.
- Conversation history with the AI assistant, including the prompts you send and the responses generated.
3.3 Integration data
- Todoist: OAuth tokens (encrypted at rest), task titles, due dates, project names, completion status, and the timestamps of any changes synchronised between Journail and Todoist.
- Google Calendar: OAuth tokens (encrypted at rest), event titles, start and end times, attendees you have included, location field, and the calendar(s) you have authorised us to read.
- We request the minimum scopes necessary in each case (e.g. read-only for Google Calendar; read/write for Todoist tasks).
3.4 Email and communication preferences
- Whether you have enabled morning and evening emails, your preferred send times, weekend skipping, language, and any vacation/absence periods you have configured.
- Records of emails we have sent you (timestamp, type, delivery status), retained for delivery troubleshooting.
3.5 Payment data
- We use Paddle.com Market Limited ("Paddle") as our Merchant of Record. Paddle collects your billing information (name, billing address, payment method, VAT identification if applicable) and processes the payment.
- We never receive or store your full payment card number. We receive only the order ID, plan tier, billing cycle, transaction amount, currency, and the last four digits of the card or the payment method type (e.g. "Visa ending 4242").
- Paddle's privacy practices are governed by Paddle's own privacy policy, which you should review separately.
3.6 Technical and usage data
- IP address, browser type and version, operating system, device type, referrer URL, pages viewed, features used, error logs, and timestamps.
- We use PostHog in privacy-preserving mode (no third-party cookies, IP anonymisation enabled) for product analytics. We use Sentry for error tracking.
3.7 Support data
- Any messages, screenshots, or attachments you send to us via support requests, in-app messages, or email.
3.8 Special categories of data
We do not ask you for special categories of data under Article 9 GDPR (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation).
However, you may write about such matters in your journal entries. Where you do so, you are voluntarily providing this information, and you give your explicit consent under Article 9(2)(a) GDPR for us to process it solely to provide the Service to you. You can withdraw this consent at any time by deleting the relevant entries or your account.
4. Why We Process Your Data (Lawful Bases)
Under Article 6 GDPR, we rely on the following lawful bases:
| Processing activity | Lawful basis |
|---|---|
| Creating and operating your account | Contract (Art. 6(1)(b)) |
| Generating AI responses, plans, and journal entries | Contract (Art. 6(1)(b)) |
| Sending morning and evening emails you have enabled | Contract (Art. 6(1)(b)) |
| Synchronising with Todoist and Google Calendar | Contract (Art. 6(1)(b)) |
| Processing payments and issuing invoices | Contract (Art. 6(1)(b)) and Legal obligation (Art. 6(1)(c)) |
| Retaining invoices and accounting records | Legal obligation (Art. 6(1)(c)) — Slovenian tax law |
| Sending product update emails to existing customers | Legitimate interests (Art. 6(1)(f)) — soft opt-in |
| Marketing emails to non-customers (newsletters) | Consent (Art. 6(1)(a)) |
| Non-essential cookies and analytics | Consent (Art. 6(1)(a)) |
| Security monitoring, fraud prevention, error logging | Legitimate interests (Art. 6(1)(f)) |
| Processing journal entries that may contain Article 9 data | Explicit consent (Art. 9(2)(a)) |
You have the right to object to processing based on legitimate interests at any time (see Section 11).
5. How AI Processes Your Data
This is the section we encourage you to read most carefully.
5.1 What AI does in Journail
The Service uses large language models to:
- Read your goals, today's calendar events, and your task list, and propose a focused daily plan.
- Hold a guided conversation with you in the morning to clarify priorities.
- Hold a guided conversation with you in the evening to reflect on what happened.
- Compose a daily journal entry from your evening conversation.
- Search your archive (when you ask) and return relevant prior entries.
5.2 Which AI providers we use
We currently use:
- OpenAI Ireland Limited (models in the GPT-4.1 family, including GPT-4.1 and GPT-4.1 Nano), under their Business Terms and Data Processing Addendum.
- Anthropic PBC (Claude models), where used for specific reasoning tasks, under their Commercial Terms and Data Processing Addendum.
We may add or replace providers in the future. When we make a material change, we will update this policy and the sub-processor list in Section 14, and we will notify users in advance where required.
5.3 What we send to AI providers
When you use an AI feature, we transmit to the relevant provider only the data necessary to generate the response. This typically includes:
- Your current message in the conversation.
- A relevant slice of context: your active goals, today's tasks and calendar events, and (if necessary) recent journal entries.
- A system prompt that defines the assistant's behaviour.
We do not send your email address, full name, payment information, or unrelated journal history to AI providers.
5.4 What AI providers do with your data
Both OpenAI and Anthropic are contractually our data processors. Under our agreements with them:
- They process your data only on our instructions to generate the response we requested.
- They do not use your inputs or the model's outputs to train, fine-tune, or improve their models.
- They retain transient logs only for the period required for abuse monitoring and operational stability — currently up to 30 days for OpenAI under the API zero-retention or short-retention configuration we have selected, and as specified in Anthropic's Commercial Terms.
- They are bound by confidentiality and security obligations equivalent to ours.
5.5 Limitations of AI
AI responses are generated probabilistically. They may be incomplete, inaccurate, or occasionally wrong. AI output in Journail is not professional advice — not medical, legal, financial, or psychological. Treat it as a thoughtful conversational partner, not a substitute for qualified human judgement.
5.6 Automated decision-making
We do not make decisions producing legal effects or similarly significant effects about you using solely automated means, within the meaning of Article 22 GDPR. The AI suggests, drafts, and reflects — you decide.
5.7 AI transparency notice (EU AI Act)
In line with Article 50 of Regulation (EU) 2024/1689 (the EU AI Act), we explicitly inform you that you are interacting with an AI system whenever you use the morning brief, evening debrief, journal generation, archive search, or any conversational feature in Journail. The AI label is visible in the Service interface, and this notice serves as the formal disclosure.
6. Who We Share Your Data With
We share personal data only with the following categories of recipients, all of whom are bound by data processing agreements compliant with Article 28 GDPR:
6.1 Sub-processors
A current list is maintained in Section 14 of this policy.
6.2 Other recipients
- Tax authorities and accountants — invoices and accounting data, where legally required.
- Legal counsel — only if we are involved in a dispute or are required to defend legal claims.
- Law enforcement or courts — only on receipt of a binding legal order, and only the minimum required.
We do not sell, rent, or trade your personal data to anyone, and we never will. The Service contains no advertising and no third-party advertising trackers.
7. International Data Transfers
We host the Service primarily in EU data centres. However, some of our sub-processors are based outside the European Economic Area (EEA), most notably in the United States.
When personal data is transferred outside the EEA, we rely on one or more of the following safeguards:
- EU–US Data Privacy Framework certification, where the recipient is certified.
- Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by appropriate technical and organisational measures (including encryption in transit and at rest, access controls, and audit logging).
- Adequacy decisions of the European Commission, where applicable.
You can request a copy of the relevant transfer mechanisms by writing to info@journail.app.
8. How Long We Keep Your Data
| Data category | Retention period |
|---|---|
| Active account data and content | For as long as your account exists |
| Journal entries, goals, tasks | For as long as your account exists, unless you delete them earlier |
| Account data after account deletion | Permanently deleted within 30 days of deletion request |
| Backup copies | Purged from rolling backups within 35 days |
| Invoices and accounting records | 10 years (mandatory under Slovenian tax law) |
| Email delivery logs | 90 days |
| Server access logs and security logs | 90 days |
| Support tickets | 3 years from closure |
| AI provider transient logs | Up to 30 days at the provider, per our sub-processor agreements |
| Marketing consent records | Until consent is withdrawn, plus 3 years (proof of consent) |
After the relevant retention period expires, data is either permanently deleted or irreversibly anonymised.
9. How We Protect Your Data
We apply the following technical and organisational measures:
- Encryption in transit: TLS 1.3 for all client–server traffic and all server-to-sub-processor traffic.
- Encryption at rest: AES-256 for the database and dedicated encrypted columns for sensitive fields including journal entries and OAuth tokens.
- Password storage: Argon2id hashing with per-user salts. We never store passwords in plain text.
- Access controls: Role-based access; only the founder and explicitly authorised contractors can access production systems, and only when strictly necessary.
- Audit logging: Production data access is logged.
- Backups: Encrypted, tested, geographically redundant within the EU.
- Vulnerability management: Dependencies are continuously scanned; security patches are applied promptly.
- Rate limiting and abuse prevention on authentication and API endpoints.
- Incident response: A defined process for assessment and notification of personal data breaches within 72 hours where required by Article 33 GDPR.
No system is perfectly secure. If you believe your account has been compromised, contact info@journail.app immediately.
10. Cookies and Similar Technologies
We use cookies and similar technologies as follows:
10.1 Strictly necessary cookies
These are required for the Service to function (authentication session, security tokens, language preference). They are set on the basis of contractual necessity and do not require your consent.
10.2 Functional cookies
These remember your preferences (e.g. theme, dashboard layout). Set only after you accept them.
10.3 Analytics cookies
We use PostHog to understand how the Service is used. We have configured PostHog to:
- Anonymise IP addresses.
- Disable third-party cookies.
- Disable session recording on pages containing journal entries.
These cookies are set only after you provide consent.
10.4 Marketing cookies
We do not use marketing cookies. The Service does not run advertising and does not embed third-party advertising trackers.
A full list of cookies, their purposes, and durations is provided in our Cookie Policy and in the cookie consent banner shown on first visit. You can change your preferences at any time via the "Cookie settings" link in the footer of journail.app.
11. Your Rights Under the GDPR
You have the following rights with respect to your personal data:
- Right of access (Art. 15): Obtain confirmation of whether we process your data, and a copy of it.
- Right to rectification (Art. 16): Correct inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Right to restriction of processing (Art. 18): Restrict how we process your data in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (Markdown and JSON), or have it transmitted to another controller where technically feasible.
- Right to object (Art. 21): Object to processing based on legitimate interests, including any direct marketing.
- Right to withdraw consent (Art. 7(3)): Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
- Right not to be subject to automated decision-making (Art. 22): As noted, we do not engage in solely automated decision-making with legal or similarly significant effect.
How to exercise your rights
Most rights can be exercised directly in the Service:
- Access and portability: Settings → Export data (Markdown or JSON).
- Rectification: Edit your profile and entries directly.
- Erasure: Settings → Delete account.
- Withdraw consent: Settings → Email preferences; or "Cookie settings" in the footer.
Alternatively, you may write to info@journail.app. We will respond within one month of receipt, extendable by a further two months for complex requests, in which case we will inform you within the first month.
We will not charge for these requests, except where they are manifestly unfounded or excessive (Art. 12(5) GDPR).
Right to lodge a complaint
You have the right to lodge a complaint with the Slovenian Information Commissioner:
Informacijski pooblaščenec Dunajska cesta 22, 1000 Ljubljana, Slovenia Email: gp.ip@ip-rs.si Web: www.ip-rs.si
You may also lodge a complaint with the supervisory authority in your EU country of residence or work.
12. Children
The Service is not intended for, and we do not knowingly collect personal data from, children under the age of 16. If you believe we have inadvertently collected data from a child, please contact info@journail.app and we will delete it.
13. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated to you by email and via an in-app notice at least 14 days before they take effect, where required.
A historical version log is available on request.
14. List of Sub-processors
The following are our current sub-processors. We update this list when we add, replace, or remove a sub-processor.
| Sub-processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| OpenAI Ireland Limited | AI model inference | Ireland (EU); some processing in the US | Intra-EU + SCCs for US |
| Anthropic PBC | AI model inference | United States | SCCs |
| Paddle.com Market Limited | Payments, billing, tax remittance (Merchant of Record) | United Kingdom + EU | UK adequacy + SCCs |
| Resend, Inc. | Transactional email delivery | United States; EU regional infrastructure | SCCs |
| PostHog Inc. | Product analytics (privacy-preserving configuration) | EU region (Frankfurt) | Intra-EU |
| Sentry (Functional Software, Inc.) | Error monitoring | EU region | Intra-EU |
| Better Stack | Uptime and status-page monitoring | EU region | Intra-EU |
| Cloud hosting provider | Application hosting, database, storage | EU (Frankfurt or equivalent) | Intra-EU |
| Google LLC (only when you authorise Google integration) | OAuth identity, Google Calendar API | United States | SCCs + DPF where applicable |
| Doist Inc. (only when you authorise Todoist integration) | Todoist API | United States | SCCs |
We notify users in advance of material changes to this list, and you have the right to object on reasonable grounds.
15. Contact
For any privacy-related question, request, or complaint:
Tomaž Pernovšek s.p. Dolinškova ulica 10a, 1000 Ljubljana, Slovenia Email: info@journail.app
We aim to respond to privacy correspondence within 5 working days, and to formal GDPR requests within the statutory one-month deadline.