Privacy Policy for Simple Journal

Status: May 1, 2026

We are delighted that you are using our Simple Journal app. A journal is one of the most private things you can own, which is why we built this app with a strict privacy-first, offline-centric architecture. Below, we detail exactly how the app handles data, how it is structured, and how your privacy is protected under the General Data Protection Regulation (GDPR).

1. Data Controller

The entity responsible for data processing in accordance with the General Data Protection Regulation (GDPR) is:

Sick App Developers GmbH Messeler-Park-Straße 85 64291 Darmstadt Germany Email: simplejournal@sickappdevelopers.com

2. Local App Data & Media (On-Device Storage)

Your journal entries and media remain strictly local. We, the developers, have zero access to your private thoughts and photos. This data is never transmitted to any external servers operated by us.

Journal Entries, Photos, and Settings

  • What it is: Text strings (your entries), media files (attached photos), and configuration variables (like your chosen app theme).
  • Example: {"entryText": "Today was a great day.", "photoPath": "/var/mobile/Containers/Data/.../image.jpg", "theme": "dark"}
  • Usage: This data is saved directly to your device’s storage using high-performance local databases (Hive and Isar) and your device’s local app documents directory. Because it never leaves your phone, we do not process your personal data. Please note: Deleting the app from your device will permanently delete all your journal entries and attached media.

3. Biometric Authentication

To keep your journal safe from prying eyes, we offer the ability to lock the app using your device’s native biometric features.

Face ID / Touch ID / Device Passcodes

  • What it is: A binary „success“ or „fail“ signal sent from your device’s operating system.
  • Example: isAuthenticated: true
  • Usage: We explicitly declare that no biometric data is ever collected, stored, or transmitted by our app. The authentication process happens entirely within the secure hardware of your device (e.g., the Apple Secure Enclave or Android Keystore). The app only receives a signal verifying whether the authentication was successful to grant access to the UI.

4. In-App Purchases & Subscriptions (Data Processors)

To offer premium themes and advanced features, we process subscriptions via a third-party service.

Subscription Data & Device Metadata (RevenueCat)

  • What it is: Anonymous App User IDs, digital purchase receipts, basic device metadata (OS version, device model, app version), and your IP address (used by the provider for tax and regional pricing calculation).
  • Example: $RCAnonymousID:xyz123Platform: iOS 17Receipt: 8f7d6s9aIP: 198.51.100.x
  • Usage: This data is transmitted to our service provider, RevenueCat (RevenueCat, Inc., USA), solely to validate App Store/Play Store purchases and unlock premium features. The legal basis for this processing is the performance of a contract (Art. 6(1)(b) GDPR).
  • International Data Transfer: For data transferred to the USA, RevenueCat operates under the EU-US Data Privacy Framework and standard contractual clauses (SCCs) to ensure your data is protected according to European standards. All actual payment processing is handled securely by Apple or Google.

5. Google Fonts (Typography)

To provide a beautiful reading and writing experience, our app dynamically loads typography.

IP Address and Device User-Agent (Google Fonts)

  • What it is: Your device’s numerical internet address and basic browser/device identification string.
  • Example: IP: 203.0.113.45User-Agent: Dalvik/2.1.0 (Linux; U; Android 13; Pixel 7)
  • Usage: The first time you open the app, it may dynamically fetch font files from Google’s servers. During this process, Google temporarily receives your IP address to route the font files to your device. The legal basis for this is our Legitimate Interest (Art. 6(1)(f) GDPR) in providing an aesthetically pleasing and functional app interface.
  • Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

6. Your Rights as a Data Subject

Under the GDPR, you have rights regarding your personal data:

  • Right to Erasure (Art. 17 GDPR): Because your journal entries and photos are stored exclusively on your device, you can permanently delete all your data simply by uninstalling the app.
  • Right of Access & Rectification (Art. 15 & 16 GDPR): You have full control to view, edit, and export your journal entries directly within the app’s interface.

For any privacy-related inquiries, or to address issues related to your purchase history (handled via RevenueCat), please contact us at simplejournal@sickappdevelopers.com.