My Journal Story

Privacy Policy

Open your journal →

— Privacy-Policy —

Privacy Policy

Last updated: June 1, 2026

My Journal Story is a place where people record memories in their own voice and, when they choose, schedule those memories to reach the right people on the right day. Because this is a deeply personal product, our privacy policy is short, plain, and unambiguous.

What we collect

Account information — your name and email address when you sign up. If you join the waitlist, just your email. Journal content — the audio, video, text, and photos you create inside My Journal Story. This includes automatically generated transcripts of your voice entries. Delivery instructions — the names, email addresses, and dates you choose for any entry you address to a specific person. We treat this as the most sensitive data on the platform. Trusted contacts — names and email addresses of people you designate to confirm posthumous unlock, if you use that feature. Payment information — handled entirely by Stripe. We never see or store full credit card numbers. We only see the last four digits and the billing summary necessary to manage your subscription. Technical data — IP address, browser type, device type, and the pages you visit. We use this only to run the site, prevent abuse, and fix bugs.

What we do with it

We use your data to run the service you signed up for: store your journal, transcribe it, organize it into chapters, and deliver scheduled entries to the people you addressed them to. That is the whole list. We do not sell it. We do not share it with advertisers. We do not use it to train third-party AI models.

We send you transactional email about your account and the prompts you’ve subscribed to. You can turn prompt emails off at any time in your account settings.

How we protect it

  • All data is encrypted in transit using TLS 1.3.
  • Journal content is encrypted at rest using AES-256.
  • Per-member encryption keys are stored separately from the data they unlock and derived from your account password using Argon2.
  • We follow industry-standard security practices: principle of least privilege, two-factor authentication for staff, security review before public launch, and quarterly internal audits.
  • No system is perfectly secure. If we ever discover a breach, we will notify affected members within 72 hours.

How we use AI

Voice entries are transcribed automatically by a third-party speech recognition service (currently OpenAI Whisper). The audio you submit is sent to the transcription service for the sole purpose of producing a transcript and is not used to train their models. We have a data-processing agreement in place with our transcription provider, and transcripts are stored only in your account.

Auto-chaptering uses a large language model to suggest which chapter (“Childhood,” “Family,” etc.) a transcript belongs to. Only the transcript text — not your audio — is sent. The model provider does not retain or train on this data.

We do not use member content to train any AI model, ours or anyone else’s.

Your scheduled and posthumous deliveries

When you address an entry to another person and schedule a delivery date, we store that instruction encrypted and act on it on the chosen day. A scheduled delivery is just an instruction — we never disclose your data to the recipient before the scheduled date.

If you designate trusted contacts for posthumous unlock, those people are notified only when an unlock has been initiated and confirmed by a quorum of two of three contacts plus documentary evidence. In the first year of operation, every posthumous unlock is reviewed manually by a member of our team before any entry is released.

Your rights

You have the right to:

  • See all the data we hold about you, at any time.
  • Export everything — every audio file, every transcript, every chapter — as a single archive, on demand.
  • Correct anything that is wrong.
  • Delete your account. When you delete your account, your data is removed from production systems within 30 days and from backups within 90 days. There is no soft-delete: deleted means gone.
  • Restrict or object to specific processing.
  • Lodge a complaint with the data-protection authority in your country if you believe we have mishandled your data.

If you are in the EU, UK, or California, you have specific statutory rights under the GDPR, UK-GDPR, and CCPA respectively. The rights above are written to honor all three.

To exercise any of these rights, email founder@myjournalstory.com. We will respond within 30 days, usually within 48 hours.

Children

My Journal Story is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, write to us and we will delete the account.

International transfers

We are based in the United States. If you are accessing My Journal Story from outside the U.S., your data will be transferred to and processed in the U.S. We use Standard Contractual Clauses with our subprocessors where required.

Subprocessors

We share data with a small set of subprocessors necessary to operate the service:

SubprocessorWhat they doWhere
Bluehost (Newfold)Web hosting and emailUnited States
StripePayment processingUnited States
KlaviyoNewsletter and transactional emailUnited States
OpenAIWhisper transcription and auto-chapteringUnited States
BackblazeAudio and video file storage (planned)United States
This list is current as of the date at the top. If we add or change a subprocessor, we will update this page and email members at least 14 days in advance.

Continuity

We publish a continuity plan separately. If we ever shut down or are acquired, your data goes home with you in a standard, portable format. Your journal is yours. We are just the room you keep it in.

Cookies and tracking

We use a small number of strictly necessary cookies for login and security. We use no advertising cookies, no tracking pixels for third-party advertising, and no session replay or behavioral analytics.

We use first-party analytics (Jetpack Stats by default) to count visits and understand which pages people read. You can opt out in your account settings.

Changes to this policy

If we change this policy materially, we will email every active member at least 30 days before the change takes effect. Past versions are archived and available on request.

Contact

Privacy questions, requests, complaints:

founder@myjournalstory.com

Postal address: provided on request. We are a small US-based company; please email first.

— My Journal Story · MMXXVI

— My Journal Story · MMXXVI —