Privacy Policy

Effective Date: March 31, 2026

Last Updated: March 31, 2026

Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time at our sole discretion. When we do, we will revise the "Last Updated" date above.

Your continued access to or use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy.

This Privacy Policy applies on a forward-looking basis only. We do not offer "grandfathering" of prior versions. By continuing to use the Service, you agree to be bound by the most current version of this Privacy Policy in effect at that time. If you do not agree to the updated Privacy Policy, you must stop using the Service.

1. Introduction

Welcome to Journal ("Journal", "we", "us", or "our"). Journal is operated by Journal Labs LLC located at 1150 Chrysler Dr; Menlo Park, CA 94025. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at journal.one and any related services (collectively, the "Service").

Journal is an AI-native product development platform designed for product managers, designers, product marketing managers, engineers and the teams they work with to build and ultimately support product. The Service provides an integrated environment for planning, designing, building, and shipping products.

• Canvas — A collaborative visual workspace for brainstorming, mapping, and planning product ideas.
• Documents — AI-assisted document creation for specs, PRDs, briefs, and other product artifacts.
• Tasks — Task management and tracking for product development workflows.
• Build — An AI coding agent that helps teams prototype and build software.
• Knowledge Base — A centralized repository for team knowledge, research, and institutional memory.

This Privacy Policy applies to all users of the Service, including individual users and members of organizations that use Journal. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information provided by your OAuth authentication provider:

• Full name
• Email address
• Profile photo
• OAuth provider identifiers (Google or GitHub)

We authenticate users exclusively through Google OAuth and GitHub OAuth (via the BetterAuth framework). We do not store passwords.

2.2 Organization & Workspace Data

When you create or join an organization on Journal, we collect:

• Organization name and settings
• Member roles and permissions
• Invitation records and team membership data
• Workspace configuration and preferences

2.3 Customer Content

We store the content you and your team create within Journal, including:

• Documents, specs, PRDs, and written content
• Tasks, assignments, and project data
• Canvas items, diagrams, and visual artifacts
• Knowledge Base articles and research
• Code and code-related artifacts generated via Build
• Uploaded files and attachments (stored in Cloudflare R2)
• Comments and collaborative annotations

This content is collectively referred to as "Customer Content" and is owned by you and your organization.

2.4 Meeting & Voice Data

When you use Journal's meeting and voice features, we collect:

• Audio recordings only — Journal's meeting bot (powered by Recall.ai) captures audio only. We do not record video.
• Meeting transcriptions generated from audio
• Meeting metadata (date, time, duration, participants)
• Voice agent interactions via LiveKit

The meeting bot joins Google Meet, Zoom, and Microsoft Teams meetings. It identifies itself as a bot participant when joining.

2.5 Usage Data

We automatically collect information about how you interact with the Service:

• Feature usage patterns (which modules and features you use)
• Interaction patterns (clicks, navigation, time spent)
• Performance metrics (load times, errors encountered)
• AI feature usage frequency and interaction types

2.6 Device & Technical Data

We collect technical information to ensure the Service operates correctly:

• IP addresses
• Browser type and version
• Operating system
• Referring URLs
• Error logs and crash reports (via Sentry and OpenTelemetry)

2.7 Third-Party Integration Data

When you connect third-party services to Journal, we may receive data from those integrations:

• GitHub — repositories, issues, pull requests, and code references
• Slack — messages, channels, and notifications relevant to your workspace
• Figma — design files, components, and project references
• Notion — pages, databases, and content imported into Journal

These integrations are user-initiated and can be disconnected at any time from your workspace settings.

2.8 Communication Data

We collect information when you communicate with us directly:

• Support requests and correspondence
• Feedback and feature requests
• Survey responses

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and operate the Service — Deliver Journal's core functionality across all five modules, process your Customer Content, and maintain your workspace.
• Process through AI — Send relevant content to our AI providers (Anthropic and OpenAI) for inference to power features like document generation, code assistance, meeting summarization, and intelligent search.
• Improve the Service — Analyze aggregated and anonymized usage patterns to improve features, performance, and user experience. We do not use individual Customer Content for this purpose.
• Customer support — Respond to your inquiries, troubleshoot issues, and provide technical assistance.
• Security and fraud prevention — Detects, prevents, and responds to security incidents, abuse, and fraudulent activity.
• Legal compliance — Comply with applicable laws, regulations, and legal processes.
• Communications — Send you service-related notifications, updates, security alerts, and (with your consent) product announcements.

4. AI Data Practices

Your data is never used to train AI models.

Journal uses AI providers (Anthropic and OpenAI) for inference only. Your Customer Content is not used to train, improve, or fine-tune any foundation models — ours or our providers'.

4.1 How AI Processes Your Data

Journal's AI features are powered by Anthropic (Claude) and OpenAI. When you use an AI-powered feature, the following process occurs:

1. Input preparation — Relevant content from your workspace (e.g., the document you're editing, selected context) is assembled into a prompt.
2. API transmission — The prompt is sent to the AI provider's API over an encrypted connection (TLS).
3. Inference — The AI provider processes the prompt and generates a response. No data is retained by the provider for training purposes.
4. Response delivery — The AI-generated response is returned to Journal and presented to you within the Service.

4.2 Customer Data and model improvement

Usage Data, meaning your inputs and the model responses to those inputs may be used to train, fine-tune, or improve any of our in-house AI models.. While we do not directly use your data directly to improve our models, the inputs and model responses may include traces of your data. We do our best to anonymize the traces before using them for model improvement.

We use zero-data-retention API agreements with our Third-Party AI Providers. Your inputs and outputs are processed solely to provide the Service to you and are not retained by Third-Party AI Providers for model training purposes.

4.3 AI Provider Data Handling

Our AI providers handle data as follows under our API agreements:

• Anthropic (Claude) — Under Anthropic's API terms, inputs and outputs are not used to train models. Data is not retained after the API response is delivered.
• OpenAI — Under OpenAI's API data usage policy, API inputs and outputs are not used to train models. Data may be retained for up to 30 days for abuse and misuse monitoring, after which it is deleted.

4.4 Context Engine

Journal's Context Engine indexes and searches your workspace content to provide relevant context for AI features. Key principles:

• Content is indexed within your organization's boundary only — your data is never mixed with other organizations' data.
• The Context Engine respects your workspace's access controls and permissions.
• Web search (via EXA) and content extraction (via Firecrawl) are performed only on your explicit request — Journal does not proactively crawl external websites on your behalf.

4.5 Meeting Transcription

When you use Journal's meeting transcription feature:

• Audio only — Only audio is captured. Video is never recorded.
• 14-day raw audio retention — Raw audio recordings are stored in Recall.ai for a maximum of 14 days, after which they are permanently deleted.
• Transcripts retained while active — Meeting transcripts are retained as Customer Content for as long as your account is active.
• Bot identification — The meeting bot identifies itself as a bot participant when joining any meeting.

4.6 Code Execution

When you use the Build module's code execution capabilities:

• Code is executed in isolated, ephemeral sandboxes powered by E2B. Each sandbox is created for a single session and destroyed afterward.
• Runtime data, environment state, and execution artifacts are not retained after the session ends.
• Generated code and outputs that you choose to save are retained as Customer Content within your workspace.

4.7 LLM Observability

We use Langfuse for LLM observability to monitor the quality and performance of AI features:

• Traces may include prompts and responses for quality assurance and debugging purposes only.
• LLM traces are never used for model training.
• Traces are retained for [RETENTION PERIOD] and then deleted.
• Access to LLM traces is restricted to authorized engineering personnel for operational purposes.

5. How We Share Your Information

We do not sell your personal information or Customer Content. We share information only in the following circumstances:

5.1 Sub-processors & Service Providers

We use the following categories of service providers to operate the Service:

All sub-processors are bound by data processing agreements that restrict their use of your data to the purposes specified above.

5.2 Third-Party Integrations (User-Initiated)

When you connect integrations such as GitHub, Slack, Figma, or Notion, data flows between Journal and those services as necessary to provide the integration functionality. These connections are initiated and controlled by you, and you can disconnect them at any time. Each third-party service's own privacy policy governs their handling of your data.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, respond to a court order, judicial or other government subpoena, or warrant.

5.4 Business Transfers

If Journal is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your information.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5.6 Aggregated & Anonymized Data

We may share aggregated or anonymized data that cannot reasonably be used to identify you. This data may be used for industry analysis, benchmarking, and to improve the Service.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information:

• Encryption at rest — All data is encrypted at rest using AES-256 encryption.
• Encryption in transit — All data transmitted between your browser and our servers, and between our servers and third-party providers, is encrypted using TLS.
• No password storage — Authentication is handled exclusively through OAuth providers (Google and GitHub), eliminating password-related vulnerabilities.
• Encrypted database keys — Database encryption keys are managed and rotated securely.
• Sandboxed code execution — All code execution occurs in isolated, ephemeral E2B sandboxes that are destroyed after each session.
• Role-based access control (RBAC) — Access to data and systems is restricted based on roles and the principle of least privilege.
• Audit logging — We maintain audit logs of access to sensitive systems and data.
• Regular security reviews — We conduct regular security assessments and reviews of our infrastructure and practices.

While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specific retention periods are as follows:

8. Your Rights & Choices

General Rights (All Users)

Regardless of your location, you have the following rights:

• Access — Request a copy of the personal information we hold about you.
• Correction — Request correction of inaccurate or incomplete personal information.
• Deletion — Request deletion of your personal information and account.
• Export — Export your Customer Content in a portable format.
• Opt out of communications — Unsubscribe from non-essential emails and notifications.
• Disconnect integrations — Remove any connected third-party integrations from your workspace settings.
• Delete recordings — Request deletion of meeting recordings and transcripts.

GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right of access (Article 15) — Obtain confirmation of whether we process your personal data and access to that data.
• Right to rectification (Article 16) — Have inaccurate personal data corrected without undue delay.
• Right to erasure (Article 17) — Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
• Right to restriction of processing (Article 18) — Request restriction of processing of your personal data in certain circumstances.
• Right to data portability (Article 20) — Receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object (Article 21) — Object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Our legal bases for processing personal data include: performance of a contract (providing the Service), legitimate interests (improving and securing the Service), consent (where applicable), and compliance with legal obligations.

CCPA Rights (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know — Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete — Request deletion of your personal information, subject to certain exceptions.
• Right to opt-out of sale — We do not sell your personal information. We do not sell, rent, or trade personal information to third parties for monetary or other valuable consideration.
• Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA rights.

9. International Data Transfers

Journal's infrastructure is primarily based in the United States (us-west-2 region). If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) — EU-approved contractual terms that provide adequate safeguards for international data transfers.
• Data Processing Agreements (DPAs) — Available upon request for enterprise customers.
• Sub-processor agreements — All our sub-processors maintain appropriate data transfer mechanisms.

10. Children's Privacy

Journal is a B2B platform designed for professional use by product teams. The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at legal@journal.one.

11. Cookies & Tracking

Journal uses a limited set of cookies and similar technologies to operate the Service:

• Essential cookies — Required for authentication, session management, and core functionality. These cannot be disabled.
• Preference cookies — Store your workspace preferences, theme settings, and UI state.
• Analytics (anonymized) — Collect anonymized usage data to help us understand how the Service is used and improve it.
• localStorage — Used for client-side state management and offline capabilities.

We do not use third-party advertising cookies.

Journal does not serve ads and does not use cookies for advertising, retargeting, or cross-site tracking purposes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: legal@journal.one
• Entity: Journal Labs LLC
• Address: 1150 Chrysler Dr; Menlo Park, CA 94025

We aim to respond to all privacy-related inquiries within 30 days.

If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA).