1. Information We Collect

Account Information

When you create a StayReflective account, we collect:

• Email address - for account access, password resets, and important service notifications
• Password - stored as a secure hash using Firebase Authentication (we never see your actual password)
• Display name (optional) - if you choose to personalize your account

Your Journal Content

When you use StayReflective, we store:

• Journal entries - your reflections, stored encrypted in Firebase Firestore
• Entry metadata - timestamps, tags, and other organizational data you create
• App preferences - your settings and customizations

Usage Information

We collect limited analytics to improve the service:

• App usage patterns - which features you use (not the content of your entries)
• Device information - device type, operating system, app version for compatibility
• General location - country/region level only, for language and feature preferences
• Crash reports - technical data to fix bugs and improve stability

Website Analytics

On our marketing website, we use PostHog to collect:

• Page views and navigation patterns
• Referral sources
• General geographic location (country level)
• No cookies or cross-site tracking

2. How We Use Your Information

• Provide the Service: Store and sync your journal entries across your devices
• Account Management: Enable login, password resets, and account security
• Communication: Send essential service updates, security alerts, or responses to your inquiries
• Improvement: Analyze aggregate usage patterns to improve features and fix issues
• Legal Compliance: Comply with applicable laws and protect our rights

3. How We Store and Protect Your Data

Firebase Infrastructure

We use Google Firebase to securely store your data:

• Firebase Authentication - Manages secure login and account access
• Firebase Firestore - Stores your encrypted journal entries and metadata
• Encryption - Data is encrypted in transit and at rest
• Access Controls - Strict security rules ensure only you can access your entries

Data Location

Your data is stored in Firebase data centers, which may be located in the United States or other countries. By using StayReflective, you consent to the transfer and storage of your data in these locations.

4. Who We Share Data With

We do not sell, rent, or share your personal information. We only share data with:

• Firebase (Google): Our infrastructure provider for data storage and authentication
• Loops.so: Our email service provider for account-related communications
• PostHog: Website analytics (not used in the app - your journal data never touches analytics)
• Legal Requirements: If required by law, court order, or to protect safety and rights

Your journal entries are never shared with any third party for any reason other than providing the service to you.

5. Your Rights and Choices

Your Data Rights

• Access: View all your journal entries and account data through the app
• Export: Download your journal entries in plain text format
• Delete: Delete individual entries or your entire account and all associated data
• Portability: Take your journal data with you if you choose to leave
• Correction: Edit or update your entries and account information at any time

Communication Preferences

You can opt out of non-essential emails at any time. We'll still send critical account and security notifications.

6. Children's Privacy

StayReflective is intended for users who are at least 16 years old. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

7. International Users

GDPR (European Users)

If you're in the EU, you have additional rights under GDPR:

• Legal basis: We process your data based on contract (providing the service) and consent
• Right to be forgotten: Request complete deletion of your data
• Data portability: Export your data in machine-readable format
• Object to processing: Opt out of analytics and non-essential processing

CCPA (California Users)

California residents have the right to:

• Know what personal information we collect
• Request deletion of personal information
• Opt out of any "sale" of personal information (we don't sell your data)
• Non-discrimination for exercising your rights

8. Data Retention

We retain your data as follows:

• Active accounts: Your data is retained as long as your account is active
• Deleted accounts: Data is permanently deleted within 30 days of account deletion
• Backup retention: Automated backups may retain data for up to 30 days after deletion
• Legal obligations: We may retain data longer if required by law

9. Security Measures

We implement industry-standard security measures:

• Encryption at rest and in transit
• Secure authentication through Firebase Authentication
• Regular security audits and updates
• Limited employee access on a need-to-know basis
• Incident response procedures for any security events

10. Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of any material changes via email or in-app notification. Your continued use of StayReflective after changes means you accept the updated policy.

11. Contact Us

If you have any questions about this privacy policy or your data:

• Email: hello@stayreflective.com
• Website: stayreflective.com

For privacy-specific requests, please include "Privacy Request" in your email subject line.