Privacy Policy
Effective 14 May 2026 · Last updated 14 May 2026
Looking for a friendly summary? See /privacy. This page is the formal version.
1. Who we are
The Service at journalbot.app is operated by ics23 ("the Operator"), the controller of personal data processed through the Service. Contact: /contact.
EU / UK / Swiss representative (GDPR Art. 27): designation pending. In the interim, you can contact us directly via /contact.
2. Scope
This policy applies to the website at journalbot.app and the Telegram bot @journalbot (together, "the Service"). The Service is hosted in the United States. A separate Washington Consumer Health Data Privacy Policy is at /health-data-policy.
3. What data we collect
| Category | What it includes |
|---|---|
| Identity | Telegram numeric ID and your Telegram display name. Telegram does not pass us your phone number. |
| Entry content | Voice notes, photos, text, and locations you send to the bot or upload via the web. |
| AI-derived data | Voice transcripts, summaries, tags, search embeddings, mood and sentiment inferences, goals, and suggested reminders. |
| Operational audit log | Account creation, deletions, sign-in events, exports. Retained up to 90 days. |
| Cookies | A single signed session cookie to keep you signed in. |
4. Purposes and legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Operate the journaling Service (store and display your entries) | Performance of contract — Art. 6(1)(b) |
| AI features (transcription, summaries, search, mood inferences, tags, goals, suggested reminders) | Consent — Art. 6(1)(a); for special-category data (derived health inferences) Art. 9(2)(a) |
| Account security (rate limiting, abuse prevention) | Legitimate interest — Art. 6(1)(f) |
| Maintain acceptance records for terms | Legitimate interest in evidencing contract formation — Art. 6(1)(f) |
You can withdraw consent for any AI feature at any time from the settings page. Withdrawal does not affect the lawfulness of processing before the withdrawal.
5. Special-category data (GDPR Art. 9)
Mood and sentiment inferences generated by the AI may constitute "data concerning health" under GDPR Article 9. We process this category only with your explicit consent, which you give when enabling those features and can withdraw at any time from the settings page. If you withdraw consent, those derived outputs are deleted within 30 days.
6. AI processing and automated decision-making
All AI features run on this server using open-source models (Whisper, Qwen, nomic-embed). The current configuration does not send content to third-party AI providers. You can verify which models are running at /status. We do not use your content to train any model.
The Service does not make automated decisions with legal or similarly significant effects about you (GDPR Art. 22). AI inferences are visible only to you and are not used to determine eligibility, pricing, or access to anything.
Under the EU AI Act (Art. 50), we disclose that you are interacting with an AI system when you use the bot. AI-generated summaries are labeled as such in the interface.
7. Encryption at rest
Your entries (text, transcripts, summaries, mood, tags) are encrypted at rest with a per-user key. Two modes: standard (the Operator can decrypt to operate the Service) and passphrase (the Operator cannot decrypt). The vector embeddings used for search are not encrypted in this version — a known limitation we are working on. Full detail in the Terms of Service, section 7.
8. Recipients and sharing
We do not share the content of your entries with any third party for any purpose. We do not sell your data.
Processors we use to operate the Service:
- Hetzner — server hosting (data centers in Germany / Finland / US as applicable).
- Telegram Messenger Inc. — message transport to/from the bot. Their terms apply to that part of the journey.
9. International transfers
The Service is hosted in the United States. If you reside outside the US, your data is transferred to the US when you interact with the Service. We rely on the following transfer safeguards:
- EU / UK: 2021 EU Standard Contractual Clauses with a Transfer Impact Assessment, or the EU-US Data Privacy Framework if and when we self-certify.
- Brazil: your specific and highlighted consent under ANPD Resolution 19/2024 Art. 33(VIII).
- Colombia: your express consent under Ley 1581/2012 Art. 26.
- Chile / Mexico / Argentina / Switzerland / Quebec / Australia / others: your informed consent to storage in the US and the corresponding contractual mechanisms.
10. Retention
- Active account: entries are retained until you delete the entry or your account.
- After /forgetme: immediate removal from the active database; encrypted backups purged within 30 days.
- Operational audit log: up to 90 days with your identifier anonymized.
- Acceptance records: for the life of the account plus 6 years, to demonstrate contract formation (legitimate interest).
- AI feature outputs: until you disable that feature. On disable, soft-deleted with a 30-day grace period before cryptographic shredding.
11. Your rights
Subject to your jurisdiction, you have the following rights over your personal data. You can exercise them directly in the app or by contacting us at /contact.
- Access: download all your data via /export.
- Rectification: edit any entry on the web.
- Erasure: /forgetme on the bot or "Delete account" in settings.
- Data portability: /export gives you machine-readable JSON in a ZIP.
- Object / restrict processing: disable any AI feature from the settings page.
- Withdraw consent: at any time from settings. As easy as giving it.
- Limit Use of My Sensitive Personal Information (California): see the "Limit Use of My SPI" section in settings.
- No automated decision-making: the Service does not make significant automated decisions about you today.
- Lodge a complaint: with your local data protection authority (EU/UK), the Washington Attorney General (MHMDA), or the California Attorney General (CCPA).
12. Cookies and tracking
The Service uses a single signed session cookie to keep you signed in. No third-party tracking cookies, analytics, or advertising. The current install does not run Google Analytics, Mixpanel, or Sentry.
13. Children
The Service is intended for adults 18 years or older. We do not knowingly collect data from anyone under 18. If we learn an account belongs to someone under 18, we will delete it.
14. Voice and photo data — no biometrics
This is a technical commitment that matters for users in Illinois (BIPA), Texas (CUBI), and Washington (MHMDA): the Service transcribes voice with a local speech-to-text model and does not extract, store, or compare voiceprints (measurements that identify a specific individual). Photos are processed for content descriptions; face geometry is not extracted.
15. Changes to this policy
For material changes, we'll notify you at least 30 days in advance via the bot and post the revised version at /privacy-policy with a new effective date. Continued use after the effective date constitutes acceptance.
16. Contact
ics23 (the Operator) · /contact