DeepJournal

Privacy Policy

DeepJournal Privacy Policy

Last updated: February 11 2026

1. Introduction

DeepJournal is a privacy-first, end-to-end encrypted (E2EE) AI journaling application. Your journal is private by design: encryption happens on your device, and DeepJournal cannot access your journal content or encryption keys.

This Privacy Policy explains how Andicop (“DeepJournal”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data when you use DeepJournal’s applications, website, and related services (the “Service”).

This Policy is designed to comply with:

  • The EU General Data Protection Regulation (GDPR)
  • The French Data Protection Act
  • The Swiss Federal Act on Data Protection (FADP)
  • Applicable US state privacy laws

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

Company name: Andicop

Registered address: Dijon, France

Country of incorporation: France

Andicop is the data controller for personal data processed through DeepJournal.

For privacy-related inquiries:

👉 support@deepjournal.app

We are not required to appoint a Data Protection Officer under Article 37 GDPR.

3. Minimum Age

DeepJournal is not intended for users under 16 years of age.

We do not knowingly collect personal data from children under 16. If we become aware of such data collection, we will delete the data and close the account.

4. Personal Data We Collect

A. Account Data

  • Email address
  • Authentication credentials (password hashes)
  • OAuth identifiers (Google, Apple, Microsoft if used)
  • Subscription status and billing identifiers

Payments are processed by Stripe. We do not store full payment card details.

B. Encrypted Journal Content

  • Journal entries
  • Notes
  • States and structured memory logs
  • Local encrypted database files
  • Wrapped encryption keys

All journal content is encrypted end-to-end on your device.

We cannot access plaintext journal data or encryption keys.

C. Technical and Usage Data

  • App version
  • Feature usage (non-content metadata only)
  • Crash and error reports
  • Basic web analytics

We do not log IP addresses at the application level.

D. Communication Data

  • Messages sent to support
  • Email correspondence
  • Marketing preferences (opt-in / opt-out status)

5. Lawful Basis for Processing

We process personal data under the following legal bases:

Contractual Necessity

To provide the Service (account management, authentication, syncing, AI features).

Legitimate Interests

To ensure security, prevent abuse, improve reliability, and maintain performance.

Legal Obligations

To comply with tax, accounting, and regulatory requirements.

Consent

For sending marketing or product update emails (see Section 9).

You may withdraw consent at any time.

6. How We Use Personal Data

We use personal data to:

  • Provide and maintain the Service
  • Authenticate users
  • Process subscriptions
  • Enable encrypted synchronization
  • Provide customer support
  • Improve performance and reliability
  • Ensure security
  • Send essential service communications
  • Send optional product updates if you opt in

We do not use journal content for marketing purposes.

We do not train AI models on user journal data.

7. End-to-End Encryption & Data Access Limitations

DeepJournal uses strict end-to-end encryption:

  • Encryption occurs locally on your device
  • Encryption keys remain under your control
  • We cannot decrypt your journal

If you lose your encryption password and recovery key, your data cannot be recovered.

Due to encryption architecture, we cannot export or access journal content on your behalf.

8. AI Features and Data Processing

Private AI Mode (Default)

AI processing occurs inside secure enclaves using encrypted transport protocols. DeepJournal cannot access plaintext prompts or outputs.

Third-Party AI Providers

If enabled by you, data may be processed under the privacy policies of those providers. End-to-end encryption protections do not apply.

9. Email Communications

A. Service Emails (No Consent Required)

We send essential service emails, including:

  • Account verification
  • Security notifications
  • Subscription updates
  • Legal or policy changes

These emails are necessary for providing the Service.

B. Product Updates and Marketing Emails (Consent Required)

We may send:

  • Product updates
  • Feature announcements
  • Beta news
  • Journaling-related educational content

These emails are sent only if you provide explicit consent.

Consent is obtained via an unchecked opt-in checkbox during account registration or within account settings.

You may withdraw consent at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Updating your preferences in your account
  • Contacting us directly

Unsubscribing from marketing emails does not affect service-related emails.

C. No Content-Based Marketing

We do not analyze or use your private journal content to generate marketing communications.

Marketing emails are based only on account-level information (such as subscription status or feature usage metadata).

D. Email Processing Providers

Marketing and service emails are delivered through:

  • Resend (email delivery provider)

These providers process personal data strictly under our instructions and in accordance with data protection laws.

10. How We Share Personal Data

We do not sell personal data.

We share limited data only with trusted service providers necessary to operate DeepJournal:

  • Hosting and infrastructure providers
  • Payment processor (Stripe)
  • Email delivery provider (Resend)

All providers are bound by contractual safeguards.

11. Data Retention

We retain:

  • Account data until account deletion
  • Encrypted journal data until deletion
  • Marketing consent records for as long as required to demonstrate compliance
  • Suppression lists (unsubscribed emails) to ensure we do not resend marketing emails

Technical logs are retained only as necessary for security and debugging.

12. Security Measures

We use industry-standard safeguards including:

  • End-to-end encryption
  • Strong cryptographic algorithms
  • Secure infrastructure
  • Access controls
  • Encryption in transit

No system can guarantee absolute security, but DeepJournal minimizes data exposure by design.

13. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your data
  • Export your data (subject to encryption limits)
  • Object to processing
  • Restrict processing
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

Requests can be made via:

👉 support@deepjournal.app

14. International Transfers

Infrastructure is primarily located in the European Union.

Where data is transferred outside the EU, we rely on:

  • Contractual safeguards
  • EU adequacy decisions where applicable
  • Encryption as an additional technical measure

15. US State Privacy Disclosures

We do not:

  • Sell personal data
  • Engage in targeted advertising
  • Profile users for automated legal decisions

California residents may request disclosure of categories of personal data processed.

16. Changes to This Policy

We may update this Privacy Policy periodically.

The updated version will be published on our website with a revised “Last updated” date.

17. Contact

For questions regarding privacy or data protection:

👉 support@deepjournal.app