Privacy policy

What we collect

• Account data: if you sign in with Google, WeChat, or email, we store the identifiers needed to keep you logged in (e.g. email, name, profile image from the provider).
• Consultation content: answers you enter in the guided flow and the generated reflection text are stored in our database under your user id.
• Technical data: standard server logs (IP, user agent, timestamps) may be stored by your hosting provider.
• Session preferences: we store authentication state, including “remember me” choices, to keep you signed in on trusted devices.

How we use it

To authenticate you, show your past consultations, personalize your journal experience, and improve service reliability and safety. We do not sell personal information. Journal content may be processed by third-party AI providers solely to generate responses for your session. We do not authorize those providers to use your content for public model training through this application configuration.

Retention

If you enable “remember me,” your sign-in may remain active until manual logout or security revocation. Consultation records remain in your account until you delete them (or your account), subject to legal/operational retention obligations.

Security

Use HTTPS in production, rotate NEXTAUTH_SECRET, and restrict database access. Email passwords are stored hashed (bcrypt). OAuth tokens are handled by NextAuth and your providers.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, restrict, or delete your data. Contact us to exercise these rights and we will respond within applicable legal timelines.

Children

This service is not directed at children under 13 (or the age required in your region). Guardians should supervise minors’ use.

Contact