Privacy Policy

Last updated: April 29, 2025

1. Information We Collect

When you use Action Journal, we collect:

  • Information you provide (email, journal entries, tasks)
  • Google account information when you connect your Google account, including:
    • OAuth tokens for authorized Google services
    • Email address associated with your Google account
    • Calendar and contact information you've explicitly authorized us to access
  • Usage data and analytics
  • API usage logs that record the types of actions performed (without sensitive content)

2. How We Use Your Information

We use your information to:

  • Provide and improve our services
  • Sync with Google services you've authorized
  • Send you important updates and notifications
  • Analyze usage patterns to improve the application
  • Maintain security audit logs for compliance purposes

3. Google API Services User Data Policy

Action Journal's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

3.1 Google Workspace APIs Data Usage Limitations

We do not use Google Workspace APIs data to develop, improve, or train generalized artificial intelligence (AI), machine learning (ML), or related models or technologies. Any data obtained through Google Workspace APIs is used solely for providing and improving the specific functionality of Action Journal to the user who authorized the access.

Specifically, when you connect your Google account to Action Journal:

  • We only access the data necessary to provide you with the features you've explicitly authorized.
  • We do not retain, use, or transfer your Google user data for any generalized AI or ML model training purposes.
  • All data accessed via Google Workspace APIs is used only to provide you with the specific service features you've requested.
  • We use your data only in accordance with Google's Limited Use requirements.
  • We follow a least-privilege approach, only accessing Google APIs with the minimum permissions needed for the features you use.
  • We maintain detailed API usage logs (without sensitive content) to ensure compliance with these policies.

3.2 Google OAuth Token Security

To protect your Google account access:

  • We encrypt all OAuth tokens at rest using industry-standard encryption methods.
  • We automatically refresh tokens using secure methods that don't expose your credentials.
  • We implement token lifespan management to periodically rotate tokens for enhanced security.
  • We revoke all tokens immediately when you disconnect Google integration or delete your account.
  • We never store your Google password or allow direct password authentication to Google services.

4. Data Security

We implement comprehensive security measures to protect your personal information, including:

  • Encryption of sensitive data, including OAuth tokens and personal information
  • Secure SSL/TLS connections for all data transmission
  • Regular security audits and CASA Tier 2 security compliance
  • Least-privilege access controls for all API integrations
  • API audit logging and monitoring without recording sensitive data
  • Secure log management that filters out personal information and credentials
  • Token rotation and security lifecycle management

5. Data Retention and Deletion

We maintain the following data retention and deletion practices:

  • Your account data is retained as long as you maintain an active account with us.
  • When you delete your account, we permanently delete all your data, including:
    • Journal entries, tasks, and user-generated content
    • OAuth tokens and Google integration configurations
    • User preferences and settings
    • All personal identifiable information
  • We revoke all Google OAuth tokens during the account deletion process.
  • Account deletion is irreversible and removes all your data from our active systems.
  • API usage logs are retained for compliance purposes but do not contain personal content.

6. Your Rights

You have the right to:

  • Access your personal data
  • Request deletion of your data
  • Disconnect Google integration at any time
  • Export your data
  • Review which Google permissions you've granted and revoke them
  • Request information about our API access logs related to your account

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: [email protected]