Privacy & Data Security

Data Collection

JRNL collects the following information to provide our service:

  • Account Information: Username, email address, and a hashed password for authentication
  • Contact Information: Names and optional contact details (phone numbers, etc.) that you choose to enter
  • Health Data: Encounter dates, sexual activities, symptoms, test results, and notes
  • Metadata: Timestamps and location information (if provided)

Privacy Tip: You control what information you enter. Consider using pseudonyms or initials for contact names to minimize personally identifiable information exposure.

Data Storage

Your data is stored securely in a managed database hosted by our infrastructure provider. All data is isolated by user account—you can only access your own records.

  • Data is stored in a managed database service with industry-standard security measures
  • All connections to our servers use TLS/SSL encryption (HTTPS)
  • User data is isolated by account—each user can only access their own information
  • Passwords are hashed using industry-standard algorithms before storage

Encryption

In Transit

All data transmitted between your device and our servers is encrypted using TLS/SSL. This ensures that your information cannot be intercepted during transmission.

At Rest

Sensitive personally identifiable information (PII) in your contacts—specifically names, contact details, and notes—is encrypted before being stored in our database. This means that even if someone were to gain access to the database, this sensitive information would remain protected.

Non-sensitive data such as encounter dates, activities, and test results are stored in a standard format to enable the application's functionality.

Data Access & Control

You have full control over your data:

  • You can view, edit, or delete any information you've entered
  • You can export all your data at any time from your dashboard
  • You control what information you choose to enter—only add what you're comfortable storing
  • You can delete your account and all associated data at any time

Data Sharing

We do not share, sell, or rent your personal information to third parties. Your data is used solely to provide the JRNL service. We do not use third-party analytics or tracking services that would expose your information.

Security Practices

We follow industry best practices to protect your data:

  • Regular security updates and patches to our infrastructure
  • Secure authentication mechanisms
  • Access controls that ensure users can only access their own data
  • Regular backups to prevent data loss

Limitations & Important Notes

Important: JRNL is not a HIPAA-compliant medical record system. While we implement security best practices, this application is designed for personal health tracking and is not intended as a medical record system.

Please store only information you are comfortable tracking. Consider using pseudonyms or initials for contact names to minimize privacy risk.

Data Breach Response

In the unlikely event of a data breach, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about what data was potentially compromised
  • Recommend steps to protect your information
  • Work immediately to remediate the issue

Questions or Concerns

If you have questions about how we handle your data or concerns about privacy, please reach out to us directly. We're committed to transparency and will address any concerns you may have.

Last updated: 1/17/2026

Terms & Conditions