Legal
Privacy Policy
Your privacy is the foundation of Reflekto. A journal is one of the most personal things a person can keep, and we built this product around the principle that your words belong to you — not us. This policy explains clearly what we collect, why, and how you stay in control.
1. What We Collect
We collect only what is necessary to provide the Service:
| Data | Why we collect it |
|---|---|
| Email address | Account creation, password reset, and service notifications |
| Display name | Personalising your experience |
| Password (hashed) | Account authentication — we never store your plain-text password |
| Journal entries & content | Storing and displaying your journals to you |
| Tags & entry dates | Organising and filtering your entries |
| Photos you upload | Displaying cover photos on your entries |
| App preference settings | Saving your display preferences |
We do not collect your location, track your device, run analytics on your writing, or use any third-party advertising pixels.
2. How We Use Your Data
We use your data exclusively to:
- Create and maintain your account
- Store, retrieve, and display your journal entries
- Send transactional emails (e.g. password reset) — nothing promotional unless you opt in
- Improve the reliability and performance of the Service
We do not use your data for advertising, profiling, or any purpose beyond delivering the Service to you.
3. Who We Share It With
We do not sell, rent, or share your personal data with third parties for their own purposes.
We use a small number of trusted infrastructure providers to operate the Service:
- Database hosting — to store your data securely
- Email delivery — to send transactional emails (e.g. password reset)
These providers are bound by strict data processing agreements and process your data only as necessary to provide their services to us. We do not authorise them to use your data for any other purpose.
We may disclose your data if required by law, court order, or governmental authority, and only to the extent required.
4. Data Retention
Your data is retained for as long as your account is active. When you delete your account:
- All your journals, entries, photos, and tags are permanently deleted from our database
- Deletion is completed within 30 days
- Backups may retain your data for up to an additional 30 days before being purged
You can delete your account at any time from Settings → Delete Account.
5. Your Rights
You have the following rights regarding your personal data:
- Access — You can view all your data by using the app
- Export — You can export your data from Settings → Export
- Correction — You can update your name and email from Settings
- Deletion — You can delete your account and all associated data from Settings
To exercise any of these rights or for questions we can't answer in the app, contact us at support@reflekto.app.
6. Cookies & Local Storage
Reflekto uses only:
- Session cookies — to keep you logged in. These expire when you close your browser or log out.
- Local storage — to remember your in-app preferences (e.g. chosen writing font). This data never leaves your device.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
7. Security
We take the security of your data seriously:
- Passwords are stored using industry-standard bcrypt hashing — your plain-text password is never stored
- All data transmission is encrypted using HTTPS/TLS
- Database access is restricted and not publicly accessible
- We regularly review our security practices
If you discover a security vulnerability, please report it responsibly to support@reflekto.app.
8. Children's Privacy
Reflekto is not directed to children under the age of 13. We do not knowingly collect personal data from anyone under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
10. Contact Us
Questions or concerns about this Privacy Policy? We're here to help:
Reflekto
Email: support@reflekto.app