Privacy Policy
Your journal is yours. We use your data only to provide, secure, support, and improve Jurnl-It.
1. Overview
Jurnl-It is a trading journal and analytics service operated from Portugal for users in Portugal, the European Union, and other countries. This Privacy Policy explains how we collect, use, disclose, protect, and retain personal data when you use our website, app, support channels, and paid Pro features.
For users in the European Economic Area, United Kingdom, and Switzerland, Jurnl-It acts as the data controller for account, billing, support, product usage, and journal data we process to provide the service. We process personal data under the GDPR and applicable Portuguese data protection rules.
2. Data we collect
Account data: name, display name, email address, timezone, language, plan status, billing email, account preferences, and authentication records handled by our auth provider, such as password hashes and sign-in events.
Journal data: trades, symbols, dates, entry and exit details, P/L, risk values, screenshots, notes, process reviews, tags, attachments, failed process item information, execution logs, review settings, and other information you choose to save in your trading journal.
Payment data: subscription plan, billing cycle, renewal date, invoice status, payment method metadata, and Stripe customer or subscription identifiers. We do not store full card numbers, CVC codes, or complete payment credentials.
Technical and security data: IP address, device and browser information, authentication events, session state, error logs, support messages, and security-related activity needed to protect the service.
Cookie and browser storage data: essential login/session storage, remember-me preference, cookie consent preference, and app settings such as theme, layout, and table preferences.
3. How we use data
We use personal data to create and secure accounts, authenticate users, store and display journal entries, calculate dashboards and insights, process subscriptions, respond to support requests, prevent abuse, troubleshoot issues, and maintain the reliability of the service.
We may use aggregated or anonymized information to understand product performance, improve features, and identify common usage patterns. We do not use journal content to provide financial advice, and we do not sell personal data.
4. Legal bases for processing
Contract: to provide the Jurnl-It account, journal, dashboards, analytics, insights, subscriptions, and support you request.
Legitimate interests: to secure the service, prevent fraud and abuse, improve reliability, understand usage at an aggregated level, and communicate service-related updates.
Consent: where required for optional cookies, marketing emails, or similar non-essential processing. You may withdraw consent at any time.
Legal obligation: to keep billing, tax, accounting, security, and compliance records where required by law.
5. Service providers and transfers
We use trusted service providers to operate Jurnl-It. Current providers include Supabase for authentication, database, storage, and server functions; Vercel for hosting, website analytics, and speed insights; Stripe for payment processing and billing; Resend for support email delivery; and Sentry for error monitoring and reliability diagnostics.
These providers process personal data on our behalf or as independent controllers where applicable. If personal data is transferred outside the EEA, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, or equivalent transfer mechanisms.
6. Account security
We use authentication controls, HTTPS/TLS encrypted transport in production, access controls, database security rules, monitoring, and other safeguards designed to protect your personal data. Some journal content may also be protected by app-level encryption features where enabled.
We do not store plaintext passwords. Password login is handled through Supabase Auth, which stores one-way password hashes rather than reversible passwords.
You are responsible for using a strong password, keeping your credentials confidential, and promptly notifying us if you suspect unauthorized access to your account.
7. Data retention
We keep account and journal data while your account is active or as needed to provide Jurnl-It. If you delete your account, we will delete or anonymize personal data within a reasonable period, usually within 30 days, unless a longer period is required for billing, tax, security, fraud-prevention, dispute, or legal purposes.
Billing records may be retained for the period required by Portuguese and EU accounting and tax laws. Backups and logs may persist for a limited time before routine deletion.
8. Your privacy rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, port your data, withdraw consent, and lodge a complaint with a supervisory authority. In Portugal, the supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD).
You can request privacy assistance by contacting us. We may need to verify your identity before fulfilling certain requests.
9. Contact us
For privacy questions, requests, or legal notices, contact us at support@jurnl-it.com.
