PRIVACY
Privacy in plain language
Lyric Journal is built to be private by default. This page explains what we collect, how we store it, who can see it, and the control you keep.
What we collect
We collect your account email, the journal entries you save, and reflection data generated from your own writing. We also keep a small amount of technical activity data needed for account security and reliable service.
How it is stored
Lyric Journal runs on Supabase in Canada Central. Your entries are encrypted before they leave your device and stored using AES-256 encryption at rest, with encryption in transit.
Third-party processors
We use OpenAI to generate reflection output from your entries, Stripe to process subscription billing, Supabase for encrypted data storage and authentication, and Vercel to host and deliver the app infrastructure.
Who can see your data
Only you can read your journal content in plaintext. Lyric staff cannot read your entries. We do not sell your data, and we do not use your journal for advertising. Ever.
Export and deletion
You can export your data from /account. You can also delete your data and account from /account. Deletion removes journal content and related reflection data from active systems.
Your privacy rights
For Canadian users, we follow PIPEDA requirements. For users in the United States, including California, we follow CCPA rights to know, access, and delete personal information we hold. You can request account and data deletion at any time.
Policy updates
If this policy changes, we update this page and revise the effective date. If a change is material, we will surface a clear notice in the app.
We never sell your data. Questions about privacy can be sent to privacy@lyricjournal.com.