Privacy Policy

Last updated: April 20, 2026

1. Information We Collect

We collect information that you provide directly to us when you create an account, use our services, or communicate with us. This may include:

  • Name and contact information (email address)
  • Account credentials and profile information
  • Content you create or upload to our platform
  • Communications you send to us

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your requests and transactions
  • Send you technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities

3. Information Sharing and Disclosure

We do not share your personal information with third parties except as described in this privacy policy. We may share your information:

  • With your consent or at your direction
  • With service providers who perform services on our behalf
  • To comply with legal obligations
  • To protect the rights and safety of JourneyWeb and our users

4. Data Security

We take reasonable measures to help protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. However, no internet or email transmission is ever fully secure or error-free.

5. Two-Factor Authentication (MFA)

JourneyWeb supports Time-based One-Time Password (TOTP) two-factor authentication as an optional or enforced security measure. The following applies when MFA is enabled on your account:

  • Server-side processing: TOTP codes are generated and validated entirely on JourneyWeb's servers using the open TOTP standard (RFC 6238). No code computation or validation involves any external service.
  • No third-party API calls: The libraries used to generate QR codes and validate TOTP codes are open-source, MIT-licensed packages that operate entirely server-side. They make no network requests and do not transmit any data externally.
  • Authenticator apps: To generate login codes you may choose to use a third-party authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy. These apps are independent products governed by their own privacy policies. JourneyWeb does not communicate with these apps via any API and has no visibility into how they operate on your device.
  • Backup codes: Recovery backup codes are stored in our database as one-way SHA-256 hashes only. The plaintext codes are displayed once at setup and are never retained by JourneyWeb after that point.
  • MFA secret: The TOTP secret used to configure your authenticator app is stored securely in our database and is never shared with any third party.

6. Data Processing and Storage Location

Your data is processed and stored in Microsoft Azure datacenters located in the United Kingdom. We use Azure UK regions for hosting and backups to help meet regional data residency requirements.

7. Data Retention

We store your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.

In addition, the following specific retention periods apply:

  • Login history: Records of your login attempts (including date and time, IP address, device, browser, method, and outcome) are retained for a rolling window of 30 days and are automatically deleted thereafter. Only the last 30 days of login activity is ever stored or visible.
  • Opt-out: You can opt out of login history being recorded at any time via your account profile under the Security tab. Once opted out, no new login records will be stored. Existing records will be removed during the next automated daily cleanup cycle.

8. Your Rights and Choices

You have the right to:

  • Access, update, or delete your personal information
  • Object to or restrict certain processing of your information
  • Export your data in a portable format
  • Withdraw consent where we rely on it

To exercise these rights, please contact us through your account settings or by email.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to provide a better user experience. You can control cookies through your browser settings.

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this privacy policy, please contact us through your account or visit our support page.

← Go Back