Privacy Policy

Last updated: 27 August 2025

1. Data Controller

This privacy policy applies to the personal data processing carried out by:

Zuzana Arnoldová
Address: U Kublova 68/4, Praha 4, Cyech republic
Email: team@journeyapp.net
Website: https://journeyapp.net

("we", "us", or "our") in relation to the JourneyApp service ("the Service").

2. Legal Basis and Purpose of Processing

We process your personal data for the following purposes and legal bases under GDPR Article 6:

  • Account Management: Legitimate interest (Article 6(1)(f)) - to provide and maintain your account
  • Service Functionality: Legitimate interest (Article 6(1)(f)) - to deliver core features like task tracking, goal setting, and progress monitoring
  • Email Communications: Consent (Article 6(1)(a)) - to send task reminders and service updates (you can withdraw consent at any time)
  • Discord Bot Integration: Consent (Article 6(1)(a)) - to provide gratitude tracking and goal management through Discord
  • Technical Operations: Legitimate interest (Article 6(1)(f)) - for security, debugging, and service improvement

3. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Username, email address, password (hashed)
  • Profile Data: Display name, preferences, email notification settings
  • User-Generated Content: Tasks, goals, journal entries, gratitude posts, progress data
  • Discord Integration Data: Discord user ID, server information, messages sent to bot
  • Technical Data: IP address, browser type, device information, usage logs
  • Analytics Data: Page views, feature usage, session duration (via Google Analytics)

4. How We Use Your Data

Your personal data is used to:

  • Provide and maintain the JourneyApp service
  • Personalize your experience with customized tasks and progress tracking
  • Enable Discord bot functionality for gratitude tracking and goal management
  • Send optional email reminders and updates (with your consent)
  • Improve service quality and user experience
  • Ensure security and prevent abuse
  • Comply with legal obligations

5. Data Sharing and Third Parties

We do not sell, trade, or commercially exploit your personal data. We may share data with:

  • Discord Inc.: When you use the Discord bot integration (subject to Discord's Privacy Policy)
  • Google Analytics: For anonymous usage analytics (you can opt-out via browser settings)
  • SendGrid: For email delivery services (email communications only)
  • Legal Authorities: When required by law or to protect our rights

6. International Data Transfers

Some of our service providers (Discord, Google Analytics, SendGrid) may process your data outside the European Economic Area (EEA). These transfers are subject to appropriate safeguards including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Privacy frameworks recognized under GDPR

7. Data Retention

We retain your personal data for the following periods:

  • Account Data: Until you delete your account or request deletion
  • User Content: Until account deletion (you can delete individual items anytime)
  • Email Preferences: Until you withdraw consent or delete your account
  • Technical Logs: Maximum 30 days for security and debugging purposes
  • Analytics Data: 26 months (Google Analytics default retention)

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Correct inaccurate or incomplete data
  • Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing (Article 18): Limit how we process your data
  • Right to Data Portability (Article 20): Receive your data in a machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: For consent-based processing (email, Discord bot)

To exercise these rights, contact us at team@journeyapp.net. We will respond within 30 days. You can also export your data directly from the app.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • HTTPS encryption for all data transmission
  • Password hashing using industry-standard algorithms
  • Regular security updates and monitoring
  • Access controls and authentication mechanisms
  • Regular backups with encryption

While we strive to protect your data, no internet transmission is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

10. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for basic service functionality (login sessions)
  • Analytics Cookies: Google Analytics for usage statistics (anonymized)
  • Functional Cookies: Remember your preferences and settings

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

11. Children's Privacy

JourneyApp is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us to have it removed.

12. Data Breach Notification

In case of a personal data breach that may result in high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33-34.

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In Czech Republic, you can contact:

Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27
170 00 Praha 7
Website: www.uoou.cz

14. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on the website

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Contact Information

For any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:

We will respond to your inquiry within 30 days as required by GDPR.

This privacy policy complies with the EU General Data Protection Regulation (GDPR) and Czech Republic data protection laws. It was last reviewed and updated on 27 August 2025.