Privacy Policy | Thresholds

Overview

Threshold Journeys (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and services.

In short: Your journal entries are yours. We don't read them, sell them, or use them for advertising. Period.

Information We Collect

Information You Provide

Account Information

Email address (for authentication)
Password (encrypted, never stored in plain text)
Display name (optional)
Chapter name for your journey (optional)

Assessment Data

Your responses to the archetype assessment
Your archetype result and scores
Threshold intensity preference

Journal Content

Text entries you write
Voice recordings you create
Titles and tags you add
Timestamps of your entries

Information Collected Automatically

Usage Data (if you opt in)

App opens and session duration
Features used (assessment, journaling, etc.)
Crash reports and error logs

Device Information (minimal)

Device type (for app optimization)
Operating system version
Timezone (for notification scheduling)

How We Use Your Information

What We Use It For

Providing the Service: Authenticating your account, storing and syncing your journal entries, delivering personalized prompts based on your archetype
Improving the App: Understanding which features are most valuable, fixing bugs and improving performance (only with your consent)

What We Never Do

✕ Read your journal entries
✕ Sell your data to third parties
✕ Use your content for advertising
✕ Train AI models on your writing
✕ Share your information with marketers
✕ Create profiles to target you with ads

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Data Type	Legal Basis	Purpose
Account credentials	Contract	Required to provide the service
Journal entries	Consent	You choose to create and store content
Assessment responses	Consent	To provide personalized archetype experience
Analytics data	Consent	Only collected if you opt in
Security logs	Legitimate Interest	Protect against fraud and unauthorized access

You may withdraw your consent at any time through the app settings. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Data Storage & Security

Encryption

At Rest: All data stored on our servers is encrypted using AES-256
In Transit: All data transmitted uses TLS 1.3 encryption
Sensitive Content: Journal entries and assessment responses receive additional column-level encryption

Where Data Is Stored

Your data is stored on Supabase servers located in the United States. Supabase is SOC 2 Type II certified and provides enterprise-grade security.

Local Storage

Some data is stored locally on your device for offline access:

Cached prompts
Local draft entries
Session tokens (in secure storage)

Data Retention

Retention Periods

We retain different types of data for specific periods:

Data Type	Retention Period	After Account Deletion
Account information	Duration of account	Deleted within 24 hours
Journal entries	Duration of account	Deleted within 24 hours
Assessment results	Duration of account	Deleted within 24 hours
Voice recordings	Duration of account	Deleted immediately
Analytics (if opted in)	26 months	Anonymized immediately
Security logs	90 days	Retained for 90 days
Backup copies	30 days rolling	Purged within 30 days

Inactive Accounts

Accounts inactive for more than 24 months may be flagged for deletion. We will send email notifications before any action is taken, giving you the opportunity to retain your account.

Account Deletion

When you delete your account:

We initiate deletion within 24 hours
Most data is removed immediately
Backups are purged within 30 days
Voice recordings are deleted immediately from storage

Data Export

You can export all your data at any time from Settings > Privacy > Export My Data. Exports are provided in JSON format and include your profile information, all journal entries, assessment results, and voice recording transcriptions.

Your Rights

You have the right to:

Access — Request a copy of all data we have about you
Correct — Update or fix any inaccurate information
Delete — Request deletion of your account and data
Export — Download your data in a portable format
Opt Out — Disable analytics at any time

How to Exercise Your Rights

In-App: Settings > Privacy > [action]
Email: privacy@thresholdjourneys.app

We respond to all requests within 30 days.

Third-Party Services

Services We Use

Service	Purpose	Data Shared
Supabase	Database & Auth	Account data, encrypted content
Expo	App Updates	Device type, app version

What We Don't Use

No Google Analytics
No Facebook SDK
No advertising networks
No data brokers

Children's Privacy

Threshold Journeys is not intended for children under 13. We do not knowingly collect information from children under 13. If we discover we have collected such information, we will delete it immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

We'll update the “Last updated” date
We'll notify you in the app for significant changes
We'll never reduce your privacy protections without consent

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to know what data we collect
Right to delete your data
Right to opt-out of sale (we don't sell data)
Right to non-discrimination for exercising your rights

European Privacy Rights (GDPR)

If you are in the European Economic Area:

Legal basis: Consent and legitimate interest
Data controller: Threshold Journeys
You may lodge complaints with your local supervisory authority

Contact Us

Questions about this Privacy Policy? Email us at privacy@thresholdjourneys.app

This policy is written in plain language because we believe privacy policies should be understandable. If anything is unclear, please contact us.