Privacy Policy

Last updated: February 2026

1. Introduction

Journtell ("we," "us," or "our") operates the Journtell platform at journtell.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service. We are committed to protecting your privacy and aim to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) where it applies.

2. Information We Collect

We collect the following categories of personal data:

• Account data: Your name, email address, and hashed password when you register for an account.
• Story content: Text entries and voice recordings you submit as memories, as well as AI-generated chapters based on those memories.
• Technical and operational data: Basic request, device, and error information generated when you use the platform, such as IP address, timestamps, and diagnostic logs used for security and reliability.
• Browser storage and similar technologies: We currently use browser local storage (not cookies) for authentication session persistence in the web app. See our Cookie Policy for details.

3. How We Use Your Information

We use your personal data for the following purposes:

• Service delivery: To create and manage your account, process your memories, and generate story chapters.
• AI processing: To send your text and voice inputs to our AI pipeline for chapter generation and story team interactions.
• Communication: To send you account-related emails such as verification, password resets, and important service updates.
• Security: To protect against fraud, abuse, and unauthorized access to our platform.
• Operations and support: To troubleshoot issues, maintain service reliability, and respond to support requests.

4. AI Processing

Journtell uses artificial intelligence to transform your memories into professionally crafted story chapters. Your text and voice inputs are processed by third-party AI providers through OpenRouter, an API routing service. We do not use your content to train Journtell's own AI models. Third-party providers may process your data according to their own terms and privacy policies, and retention/training settings may vary by provider. We choose providers and configurations with privacy in mind, but provider behavior is ultimately governed by the provider's policies.

5. Data Sharing

We do not sell your personal data. We share data only with the following categories of service providers, strictly as needed to operate the platform:

• AI providers: Third-party language model providers (via OpenRouter) that process your memories to generate chapters.
• Email service: Mailgun, for sending transactional emails such as account verification and password resets.
• Infrastructure: Cloud hosting and database providers that store and serve your data.

6. Family Threads

Journtell allows you to invite family members to contribute their own memories and perspectives to your story through Family Threads. When you invite someone, they receive an email with a link to a response page. Their submitted responses are associated with your story. You are responsible for obtaining appropriate consent from anyone you invite to participate.

7. Data Storage and Security

We take the security of your data seriously. Your data is stored in databases and supporting infrastructure with reasonable technical and organizational safeguards. Passwords are hashed using bcrypt. Authentication is handled via JSON Web Tokens (JWT). We use HTTPS in production and implement measures such as rate limiting, security headers, and HTML sanitization in relevant content flows. No method of transmission or storage is completely secure.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request that we correct inaccurate or incomplete personal data.
• Right to erasure: You can request that we delete your personal data, subject to legal retention requirements.
• Right to data portability: You can request your data in a structured, commonly used format.
• Right to restrict processing: You can request that we limit how we use your data.
• Right to object: You can object to certain types of data processing.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at privacy@journtell.com. We will respond within the timeframes required by applicable law (typically within 30 days for GDPR requests).

9. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including by our AI providers and infrastructure partners. Where such transfers occur, we seek to rely on appropriate safeguards available through our vendors and service providers (for example, Standard Contractual Clauses (SCCs) or adequacy decisions), where required by law.

10. Children's Privacy

Journtell is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email: privacy@journtell.com
• General inquiries: hello@journtell.com
• Contact page: journtell.com/contact

Journtell
Florida, United States