Last updated: May 23, 2023
TLDR: No person working for Vournal has access to your journals, videos, or transcripts. They are securely stored on your device and within your personal iCloud account.
Privacy Policy
Your privacy is critically important to us. At Vournal we have a few fundamental principles:
- We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
- We store personal information for only as long as we have a reason to keep it.
- We aim to make it as simple as possible for you to control what information in your journal is shared publicly (or kept private), indexed by search engines, and permanently deleted.
- We help protect you from overreaching government demands for your personal information.
- We aim for full transparency on how we gather, use, and share your personal information.
Who We Are and What This Covers
Howdy! The Vournal app, built by Tassilo von Gerlach, is an AI powered video journaling app. Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.
Throughout this Privacy Policy we’ll refer to Vournal’s Sites, Apps, and other services collectively as “Services.”
Information We Collect
We only collect information about you if we have a reason to do so — for example, to provide our Services, to communicate with you, or to make our Services better.
We collect this information from three sources: if and when you provide information to us, automatically through operating our Services, and from outside sources. Let’s go over the information that we collect.
Information You Provide Us
- Your Journal Entries: Your journal entries, videos and transcripts are private and no employee of Vournal has access to them. They are stored as part of your iCloud account in CloudKit by Apple. Please see Apple’s privacy policy for more information.
- When you use the Chat GPT features your transcript is sent to our servers hosted on Amazon AWS and then processed with Open AI. We don’t store your transcript, prompt and GPT response but Open AI may. Please see Open AI’s privacy policy and Amazon AWS’s privacy policy for more information.
- Account Information: If you register and open an “Account” with us in order to use services like Chat GPT, you provide us basic account information including your email address and a password.
- Transactional Information: When you purchase Services, we may collect information to complete and record the transaction.
- Communications with Us: You may also provide us with information when you provide us feedback or communicate with our Happiness Engineers about a support question. When you communicate with us via form, email, phone, or otherwise, we store a copy of our communications (including any call recordings as permitted by applicable law). You can choose not to provide us with certain information, but this may limit the features of the Services you are able to use.
Information We Collect Automatically
We also collect some information automatically:
- Log information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services — for example, when you log into your account or publish a journal entry.
- Device and Usage Information: We collect your device type, your wireless carrier, your individual device ID, and how you use our Services. In addition, in the event our App(s) crash on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our App(s).
- Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to understand where our users are located so we can identify what features might be meaningful to them.
- Information from Cookies & Other Technologies: Like many online services, we use cookies to collect information. A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on websites and emails. Vournal uses cookies and other technologies like pixel tags to help us identify and track visitors, usage, and access preferences for our Services, as well as track and understand email campaign effectiveness. For example, we use a third party analytics provider to help analyze how users use the Site. We do not combine the information generated through the use of our third party analytics provider with your personal information.
Information We Collect Automatically
- Third Party Account Information: When you connect an account from another service we typically get some basic information about your account with them. For example, when you connect Vournal to your Apple or Google account in order to log in, we may access certain user data such as your name, user ID, email, etc. to provide our Services.
How We Use the Information We Collect
We use your personal information to:
- Provide you with Services and customer support;
- Market Services to you and send you news and information that we believe interests you;
- Respond to your requests, resolve disputes, and/or troubleshoot problems;
- Improve the Services and personalize your experience;
- Communicate with you about the Services;
- Monitor and analyze trends, usage, and activities in connection with our Services;
- Detect, investigate, and help prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity, and help protect rights and property of ours and others; and
- Comply with our legal and financial obligations.
How We Use the Information We Collect
We share information about you in limited circumstances, and with appropriate safeguards to protect your privacy. These are spelled out below:
- Third Party Vendors: We may share information about you with third party vendors, consultants, and advisors who help us provide our Services or who otherwise perform services for us. This includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information, cloud storage services, SMS messaging services, book printing services if you choose to print your journal to a book, and customer chat and email support services that help us communicate with you), those that assist us with our marketing efforts (like sending emails to our marketing list), those that help us understand and enhance our Services (like analytics providers), those that make tools to help us run our operations (like programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our teams), and other third-party tools that help us manage operations. We require vendors to agree to privacy commitments in order to share information with them;
- Subsidiaries: We may disclose information about you to a current or future parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy;
- Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that we go out of business or enter bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy;
- Legal, Regulatory, & Other Obligations: We may disclose information about you if we believe in good faith that such disclosure is necessary to (a) resolve disputes, investigate problems, or enforce our Terms of Service; (b) comply with relevant laws, or warrants, subpoenas, court orders, and other enforceable legal process; or (c) protect the property or rights belonging to Vournal, you, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose the least amount of information as possible to address the emergency without delay; and
- With Your Consent: We may share and disclose information with your consent or at your direction.
Anonymous Information
We reserve the right to disclose anonymous information or other information that cannot reasonably be used to identify you publicly without restriction.
Your Choices
You have several choices available when it comes to information about you:
- Limit/Update the Information You Provide: You can review, change, and/or delete certain of your personal information by logging into the Site or the App and accessing your account.
- Delete the App: You can stop all collection of information by the App(s) by uninstalling the App(s). You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
- Opt out of marketing communications: You may opt out of receiving promotional communications from us. Just follow the instructions in those communications or let us know. If you opt out of promotional communications, we may still send you other communications, like those about your account and legal notices.
- Set your browser to reject cookies: You can usually choose to set your browser to remove or reject browser cookies before using our Sites, with the drawback that certain features may not function properly without the aid of cookies.
Your Rights
If you are located in certain parts of the world, including some US states and countries that fall under the scope of the European General Data Protection Regulation (aka the “GDPR”), you may have certain rights regarding your personal information, like the right to request access to or deletion of your data.
European General Data Protection Regulation (GDPR)
If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
You also have the right to make a complaint to a government supervisory authority.
A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:
- The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account — for example, in order to enable access to our service on your device or to charge you for a paid plan; or
- The use is necessary for compliance with a legal obligation; or
- The use is necessary in order to protect your vital interests or those of another person; or
- We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalize your experience; or
- You have given us your consent — for example before we place certain cookies on your device and access and analyze them later on.
If you are located in the EEA, the United Kingdom, or Switzerland and you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below: For individuals in the EEA For individuals in the UK For individuals in Switzerland
US Privacy Laws
Laws in some US states, including California, Colorado, Connecticut, Utah, and Virginia, require us to provide residents with additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it.
In the last 12 months, we collected the following categories of personal information, depending on the Services used:
- Identifiers (like your contact information, and device and online identifiers);
- Commercial information (your purchase history, for example);
- Internet or other electronic network activity information (such as your usage of our Services);
- Geolocation data (such as your location based on your IP address);
In some US states you have additional rights, subject to any exemptions provided by your state’s respective law, including the right to:
- Request a copy of the specific pieces of information we collect about you and, if you’re in California, to know the categories of personal information we collect, the categories of business or commercial purpose for collecting and using it, the categories of sources from which the information came, and the categories of third parties we share it with;
- Request deletion of personal information we collect or maintain;
- Request correction of personal information we collect or maintain;
- Opt out of the sale or sharing of personal information;
- Receive a copy of your information in a readily portable format; and
- Not receive discriminatory treatment for exercising your rights under the CCPA.
We do not “sell” or “share” your personal data as those terms are defined under the privacy laws of the relevant US states. We also do not have any knowledge of any “sales” or “sharing” of the personal data of minors under 16 years of age. We do not collect or process your sensitive personal information except where it is strictly necessary to provide you with our service, where the processing is not for the purpose of inferring characteristics about you, or for other purposes that do not require an option to limit under California law.
Contacting Us About These Rights
You can usually access, correct, or delete your personal data using your account settings and tools that we offer. When you contact us about one of your rights under this section, we’ll need to verify that you are the right person before we disclose or delete anything. For example, if you are a user, we will need you to contact us from the email address associated with your account. You can also designate an authorized agent to make a request on your behalf by giving us written authorization. We may still require you to verify your identity with us.
Appeals Process for Rights Requests Denials
In some circumstances we may deny your request to exercise one of these rights. For example, if we cannot verify that you are the account owner we may deny your request to access the personal information associated with your account. As another example, if we are legally required to maintain a copy of your personal information we may deny your request to delete your personal information.
In the event that we deny your request, we will communicate this fact to you in writing. You may appeal our decision by responding in writing to our denial email and stating that you would like to appeal. All appeals will be reviewed by an internal expert who was not involved in your original request. In the event that your appeal is also denied this information will be communicated to you in writing.
If your appeal is denied, in some US states (Colorado, Connecticut, and Virginia) you may refer the denied appeal to the state attorney general if you believe the denial is in conflict with your legal rights. The process for how to do this will be communicated to you in writing at the same time we send you our decision about your appeal.
Other Things You Should Know
Third Party Software and Services
This Privacy Policy addresses only our use and disclosure of information we collect from and/or about you on our Services. If you’d like to use third party software and services, any information you disclose to that third party is not covered by this Privacy Policy. Our Sites may contain content or links to other websites that are not owned or controlled by us. We have no control over the privacy policies or content displayed on websites run by third parties.
Child Usage Restrictions
Our Services are not directed to children, and children are not eligible to use our Services. Protecting the privacy of children is very important to us. We do not collect or maintain personal information from people we actually know are under 13 years of age, and no part of our Services is designed to attract people under 13 years of age. If we later learn that a user is under 13 years of age, we will take steps to remove that user’s personal information from our databases and to prevent the user from utilizing the Services.
Transferring Information
Because our Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third-party data processors. This is required for the purposes listed in the “How We Use the Information We Collect” section above. When providing information about you to entities outside the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include entering into European Commission approved standard contractual arrangements with entities based in countries outside the EEA.
You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.
Changes to this Privacy Policy
Although most changes are likely to be minor, Vournal may change its Privacy Policy from time to time. Vournal encourages visitors to frequently check this page for any changes to its Privacy Policy. We will post any revised version of the Privacy Policy on this page, and, in some cases, we may provide additional notice (like adding a statement to our homepage or sending you a notification through email or the app). Your further use of the Services after a change to our Privacy Policy will be subject to the updated policy.
Privacy Policy Attribution
This document is an adaptation of Automattic’s privacy policy released under a Creative Commons Sharealike license.
How to Reach Us
If you have any questions or suggestions about this Privacy Policy, do not hesitate to contact us at tassilo@vournal.app