Privacy Policy

How we collect, use, and protect your personal information.

Last updated: December 2024

Introduction

Consent Loop ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our journaling application.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (for authentication and account recovery)
  • Display name (optional, for personalization)
  • Account creation date and last login timestamp

Encrypted Journal Content

Your journal entries are encrypted on your device before being transmitted to our servers. We store:

  • Encrypted entry content (we cannot read this)
  • Entry metadata (timestamps, entry IDs)
  • Encrypted master key (protected by your vault password)

End-to-End Encryption

Your journal entries are encrypted using AES-256-GCM with keys derived from your vault password. We never have access to your unencrypted content or your vault password.

Usage Information

We automatically collect certain information when you access our application:

  • Device type and operating system
  • Browser type and version
  • IP address (for security and abuse prevention)
  • General usage patterns (features used, session duration)

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Authenticate your account and maintain security
  • Send important service-related communications
  • Respond to your requests and support inquiries
  • Detect and prevent fraud, abuse, and security issues
  • Comply with legal obligations

We do not:

  • Read or access your encrypted journal entries
  • Sell your personal information to third parties
  • Use your data for targeted advertising
  • Share your information with data brokers

Information Sharing

We may share your information in the following limited circumstances:

With Your Consent

When you explicitly authorize sharing with a connection through our platform, they receive access to the specific entries and abstraction layers you approve.

Service Providers

We work with third-party service providers who assist in operating our platform:

  • Firebase (Google) - Authentication and database services
  • Cloud hosting providers - Infrastructure services

These providers are contractually obligated to protect your information and may only use it to provide services on our behalf.

Legal Requirements

We may disclose your information if required by law or if we believe disclosure is necessary to comply with legal processes, protect our rights, or ensure user safety. Note that we cannot provide decrypted journal content even if legally compelled, as we do not have access to your encryption keys.

Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

  • Account data: Retained until you delete your account
  • Encrypted entries: Retained until you delete them or your account
  • Connection sessions: Automatically expire after 30 minutes
  • Usage logs: Retained for up to 90 days

When you delete your account, we remove your personal information and encrypted data within 30 days, except where retention is required by law.

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate personal information
  • Deletion: Request deletion of your account and data
  • Portability: Export your encrypted data
  • Objection: Object to certain processing activities

To exercise these rights, please contact us at privacy@consentloop.com.

Security

We implement robust security measures to protect your information:

  • End-to-end encryption for all journal content
  • Secure HTTPS connections for all data transmission
  • Regular security audits and penetration testing
  • Employee access controls and security training
  • Automated threat detection and monitoring

For more details, see our Security page.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

Children's Privacy

Our services are not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: