50% OFF FOR FOUNDING FAMILIES UNTIL 31 MAR

PRIVACY POLICIES

Last Updated: 2nd of September 2025

Introduction: Our Commitment to Privacy

Journee (Letter Journey Limited) is deeply committed to protecting your privacy and the safety of all personal data we handle – especially data involving children and any third parties that might appear in the stories. We understand the sensitive nature of children’s personal information, and we treat it with the highest level of care and security. We want to highlight that we take data privacy extremely seriously. We only collect the minimum information necessary to deliver an amazing, personalized story experience. We never sell your data to third parties, and we minimize sharing with others to only what’s required to operate our service. Any third parties we do use (such as our payment processor or messaging platform) are bound by strict agreements to keep your data safe and use it only for the intended purpose.

This Privacy Policy explains what information we collect from you, how we use and share it, and your rights regarding that information. It applies when you use the Journee website, purchase our products, or use our services (including any interactive features like WhatsApp storytelling). By using our services, you acknowledge that you have read and understood this Privacy Policy. If you have any questions, please contact us at privacy@journee.club or hello@journee.club.

Data Controller: For the purposes of data protection laws (such as the UK Data Protection Act 2018, UK GDPR, and EU GDPR), the “data controller” of your personal information is Letter Journey Limited (trading as Journee). Our company is registered in England and Wales under company number 16309877, with a registered address at 61 Wilmot Road, London E10 5LT, UK. This means Journee determines the purposes and means of processing personal data in relation to our services. We are registered with the Information Commissioner’s Office (ICO) in the UK (if applicable) and comply with all relevant data protection regulations in the jurisdictions where we operate.

Parental Responsibility: As a parent or guardian using Journee to create personalized stories for your child, you have certain rights and responsibilities under privacy laws. We require that a parent or legal guardian provides consent for the use of a child’s personal data. We do not knowingly allow children under 13 to provide their data directly or create accounts. If an older minor (e.g., a teenager) interacts with our platform (like via the WhatsApp story), it should be with parental permission and under supervision. If you are not the child’s parent or guardian (for example, you are an aunt/uncle or friend purchasing a gift), you must have permission from the child’s parent/guardian to share the child’s personal data with us. By providing any third-party personal data (whether a child’s or another adult’s, such as a friend’s name to include in a story), you are confirming that you have obtained the necessary consent from that individual or their parent/guardian.

Data We Collect About You and Your Child

We collect various types of personal data in order to provide our services. “Personal data” means any information about an individual from which that person can be identified. It does not include data that has been anonymized such that the individual is no longer identifiable.

We may collect and process the following categories of data:

  1. Information You Provide to Us: This is the information that you actively give us when using Journee. For example:
    • Account and Contact Details: When you make a purchase (and thereby create an account), we collect your name, email address, billing address, and delivery address. We may also collect your phone number (especially if you opt to use our WhatsApp interactive service or if needed for delivery updates). You will set a password for your account (which is stored in a secured, hashed form).
    • Payment Information: We collect information necessary to process your payment, such as payment card details, through our third-party payment processor (Stripe). Important: We (Journee) do not store your full card numbers or security codes on our servers. Stripe directly receives that information. We may retain non-sensitive payment identifiers like the last 4 digits of your card or a Stripe customer ID, which help us manage your subscription or identify transactions.
    • Personalization Details for Story: This includes the key details you provide to customize the story. Typically, this will be the child’s first name, possibly their age or birth date (to tailor the story’s age appropriateness or birthday messages), their gender (if you choose to provide it for pronoun purposes, though we try to write many stories gender-neutrally), and possibly other preferences or free-text inputs (e.g., favorite color, friend’s name, hometown, pet’s name, etc., depending on the story options). Each story might have a form for you to fill in with certain prompts. You might also upload a photo if our service enables adding a child’s photo or similar (currently, our standard letters do not include photos, but if we ever add that feature, the photo would be personal data too). Note: Please avoid providing any sensitive personal data unless specifically requested and necessary for the story. By “sensitive” we mean things like health information, ethnic origin, religion, etc. We do not require such data for our stories, and our forms are not designed to collect it. If you put it in a free-text field (for example, you mention a child’s health condition in a story prompt), that is entirely your choice – we will treat it as ordinary personal data (we don’t have the means to specially segregate it), but we don’t encourage including sensitive details.
    • Child’s Information: As part of the personalization details above, you are providing personal data about your child (or the child recipient of the story). This typically includes the child’s first name, and possibly things like age or other personal attributes that will appear in the story. We limit what we ask for – usually just what will directly go into the story’s text. For instance, we might ask for “name of a friend or family member” to include as a character, or “favorite animal.” All such data is used to personalize the story content for fun and engagement. We generally limit the personal details we ask for to the minimum needed for the story (typically first name and a few favorites). We avoid collecting sensitive details like full last name, school name, or unnecessary contact info (except insofar as the delivery address might include their name and home address, which is needed to mail the letter).
    • Communications: If you contact us (via email or through a form on our site, or via social media), we will collect whatever information you choose to give in that communication. For example, if you email our support, we’ll have your email address and the content of your message, and any attachments you send. If you provide feedback or testimonials, with your consent we might store and later display some of those comments (possibly with attribution like first name) on our site, but we would ask permission for any public use.
    • Newsletter/Marketing Signup: If you subscribe to our newsletter or marketing emails, we will collect your email address and perhaps your name to personalize messages. We use a third-party email service (Klaviyo) to manage our email list. You can unsubscribe at any time. If you are not yet a customer and just sign up for a newsletter, we only collect the minimal info (e.g., email, maybe name) for that purpose.
    Important on Children’s Privacy: We expect that parents/guardians provide the child’s data, not the child. If at any point we offer something like a direct interaction for a child (e.g., a game or a survey on our site), we will ensure it is done in a COPPA-compliant way (verifiable parental consent). But currently, all data about children we collect comes from the adult purchasing or using our service on the child’s behalf.
  2. Information We Collect Automatically: When you visit our website or use our online services, we may automatically gather certain technical data about your device and usage of our site. This includes:
    • Technical Identifiers: IP address (which can give a general location, like city or country), browser type and version, device type (e.g., mobile vs desktop), operating system, and device identifiers. We collect these mainly through logs and analytics tools.
    • Usage Data: This includes information about how you navigate our site – pages you view, how long you spend, interactions like clicking buttons, and the route by which you came to our site (e.g., a marketing link or search engine). For instance, we track if you put an item in the cart, if you abandoned the checkout, etc., to improve our service and possibly to send reminders or support (where allowed). This data may be collected via cookies and similar technologies (see our Cookie Policy below for more detail). We also use analytics services that might record events like “user clicked on X” or “page Y visited” with timestamps.
    • Advertising Data: If you arrived at our site by clicking an ad or if you later see our ads on other platforms, we (or our partners) may collect data for attribution. For example, we use cookies/pixels from advertising networks to understand ad effectiveness. These may track that a certain anonymous user (via a cookie) visited our site and whether they made a purchase. This helps us, for example, know which ads are working. The data collected typically does not identify you by name – it uses online identifiers. However, if you become a customer, we might (via analytics dashboards) see that an identified transaction was attributed to an ad click. We and our advertising partners use this data to measure and optimize our marketing (more details in the Cookie Policy). If you want to avoid this kind of tracking, you can opt-out via our cookie consent tool or via settings on those platforms (e.g., Facebook Ad Preferences).
    • Location Information: We do not directly ask for your GPS location. However, your IP address can sometimes be used to derive approximate location (city, country). We might use this to auto-select currency or to understand where our customers are broadly located. If you explicitly select a country on our site, we may store that preference. For WhatsApp interactive services, the country code in your phone number obviously indicates country, but we don’t use it beyond routing the message appropriately.
  3. Information from Third Parties: In some cases, we might receive information about you from third-party sources:
    • If you login or sign up via a social media account in the future (just an example, currently we use email/password, but if we allowed “Login with Google/Facebook”), we would receive basic profile info from them (only if you authorize it).
    • If someone buys a gift for you or your child via our service, they provide us data as described above. In that scenario, we treat it as if we collected from them (the purchaser) directly. We may also, in some cases, follow up with the gift recipient’s parent via email if provided – but we would do so very carefully and likely only if invited.
    • We also may get data from analytics or advertising partners about your interactions. For example, Google Analytics might tell us demographic aggregates (like “X% of visitors last month were from UK, Y% from France” based on IP geolocation). Or an advertising partner might inform us that a certain hashed email (which could be you if you gave them consent) was part of an audience that saw our ads. This is usually aggregate or pseudonymized information.
    • If you engage with us on social media (like commenting on our Instagram or sending us a message on Facebook), we may collect information from that platform as needed to respond (your handle, the content of your public comment or message). That is governed by the platform’s privacy policy as well.
    • Twilio/WhatsApp: If you use our WhatsApp story feature, we receive from WhatsApp/Twilio the messages you send and delivery status info for messages we send (e.g., if a message was delivered/read). We do not get your entire WhatsApp contact list or anything – just the interactions specific to our service.

We do not conduct any background checks or seek out personal information about you from data brokers or other external sources beyond what’s necessary to run our service (for instance, we don’t buy marketing lists or profile you beyond our own site’s scope).

Summary of Personal Data Collected:

  • User (Parent/Guardian) Data: Name, email, phone, addresses, payment info (via Stripe), account login credentials, and any other info you send to us.
  • Child Data: First name (and possibly middle/last if you include it for the story or mailing, but we typically only use first name in story text), age or birth month/year (if you provide), gender (if provided), likes/dislikes or other story inputs (like favorite things, names of friends/family/pets to include). Possibly a photo if that becomes part of the service (not currently standard).
  • Third-Party Individual Data: If you provide names or details of other people (e.g., you want a friend’s name in the story, or you mention a sibling’s name, or the product is a gift and you give the parent’s email to notify them), we collect that as provided. We treat it similarly to child data – only using it for the story or intended purpose.
  • Device/Usage Data: IP address, device info, cookies and tracking IDs, site usage logs.
  • Messaging Data: Chat transcripts or selections in the interactive story, if you use that feature (these might be stored to generate the next part of the story and to improve our story algorithms; they are tied to your account or session).

We will not collect any special categories of personal data about you (such as racial or ethnic origin, political opinions, religious beliefs, health, or biometric data), unless you voluntarily provide it for some reason in the context of the story (which we do not request). Similarly, we do not intend to collect any information about criminal convictions or offenses.

If you believe we have inadvertently collected sensitive personal data or data from a child without proper consent, please contact us immediately so we can delete it.

How We Use Your Data

We use personal data for the following purposes, and we have indicated the legal bases we rely on for those purposes (note: since we operate in the UK/EU as well, we mention GDPR legal bases):

  1. To Fulfill Your Order and Provide the Service (Performance of a Contract): We use the information you provide to create the personalized story and deliver it to you. This includes using the child’s name and details within the story content, printing and shipping the letter to your address, and using your payment information to process the transaction. If you use the interactive WhatsApp story, we use the data (like your prompts/choices) to generate appropriate responses and advance the story. Essentially, all the core service functionality – from account creation to story generation to delivery – uses your data. The legal basis is that this processing is necessary for the performance of the contract you enter when you place an order or use our services. Without this data, we cannot personalize or deliver the story as requested.
  2. Parental Consent and Children’s Privacy (Legal Obligation/Consent): For children under 13 (in the US) or under the applicable age of consent in other jurisdictions (which can be 13 to 16 in EU countries, 13 in UK), we ensure data is only collected from/with the consent of a parent or guardian. We rely on the parent/guardian to provide the data, which constitutes consent for us to use that data for the service. We do not use children’s data for any other purpose without parental consent. If in the future we consider additional uses (like featuring a child’s artwork or story outcome in our marketing), we would seek separate parental consent. We fulfill obligations under COPPA by not collecting directly from kids and under GDPR by obtaining consent or ensuring necessity for contract with the parent.
  3. Customer Support and Communication (Legitimate Interests/Contract): If you contact us with questions, feedback, or issues, we use your contact information and any info you provide to respond and resolve your inquiries. For example, if you email about a delayed letter, we will look up your order details and address to assist. This is part of our contract to provide you a good service, and also in our legitimate interest to ensure customer satisfaction and address issues. We may also reach out to you about important information regarding your order or account (transactional emails), such as order confirmations, shipping notifications, or critical service updates (these are not marketing messages, but essential communications). Such communications are necessary to perform our contract with you and/or are in our legitimate interest to keep you informed about your purchase.
  4. Marketing and Newsletters (Consent/Legitimate Interests): We may use your email to send you promotional communications or newsletters about new stories, special offers, or updates about Journee – but only if you have given consent to receive marketing or if you are an existing customer where such communication is allowed by law under “soft opt-in” (for example, in the UK, if you provided your email in the course of a sale, we can send relevant marketing about our own similar products, but we will always give an easy opt-out option). Our preference is to have explicit opt-in. You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in the email or contacting us, and we will honor that promptly. We use Klaviyo as our email marketing platform, so your name and email might be stored in their system for the purpose of sending those emails. If we run contests or promotions, and you choose to participate, we’ll use any data you submit for that purpose (e.g., to administer the contest and contact the winner). That would typically be under consent (you choose to enter and give data).
  5. Analytics and Improvement (Legitimate Interests/Consent for cookies): We use data about how users interact with our site to improve our services and user experience. For example, we analyze which pages are most visited, where users drop off in the order process, or how effective an ad campaign was. We use tools like Google Analytics and PostHog to gather this usage information. The legal basis for this is our legitimate interest in understanding and improving our product and business. However, for non-essential analytics cookies, we will obtain your consent via the cookie banner in jurisdictions where required (like the EU/UK). If you opt out of analytics cookies, we will respect that (Google Analytics can be configured to not drop cookies until consent). PostHog we can run in a cookieless mode or similar if needed, but generally we will categorize it as analytics requiring consent. The data we analyze is usually aggregated or pseudonymized (we don’t, for example, attach your name to a heatmap of site clicks). It helps us find bugs, design better user flows, and gauge interest in features.
  6. Personalization and Enhancement (Legitimate Interests/Contract): Beyond just fulfilling the basic order, we might use data to make the experience better. For example, if we know your child’s birthday is coming up (because you provided a birth date), we could email you about a birthday special story or ensure the letter arriving that month mentions their birthday. We might also remember past story details to inform future ones if you do a series (like recalling a character’s name that you provided in an earlier chapter). These uses are either part of the service (if you are in a continuing subscription, remembering continuity is a feature – so contract basis) or our legitimate interest in providing a more delightful, personalized experience. We will not do anything invasive like profiling your child for unrelated purposes; any personalization is within the context of the Journee story experience. Also, we do not serve personalized ads to the children or do behavioral advertising targeting children’s data. Any ads we do (on platforms) are targeting adults (like you as the parent, or similar audiences) based on adult data, not the kids.
  7. Advertising and Retargeting (Consent/Legitimate Interests): We advertise our service on various platforms (Facebook/Instagram, TikTok, Google Ads, etc.). To measure and improve our ads, we may use tracking technologies (e.g., the Facebook Pixel, Google Ads Conversion tag) on our site which inform those platforms if a user who visited or signed up can be matched to an ad campaign. For instance, if you clicked a Facebook ad to get to our site and then made a purchase, the pixel will report a conversion to Facebook so we know our ad worked. Similarly, we might use a LinkedIn Insight Tag or Pinterest Tag for analytics if we run ads there. We might also use these tools to build “custom audiences.” For example, uploading a hashed list of customer emails to Facebook to re-target or exclude them from certain ads (Facebook can match the hashes to its users and show or not show ads accordingly, but we don’t learn anything new from Facebook in that process). All such advertising uses of your data will be done in compliance with privacy laws – meaning we will ask consent for non-essential cookies/tracking. Under GDPR, dropping an advertising cookie or pixel typically requires consent, so you’ll have control via our cookie settings. In some cases, we might rely on legitimate interest for minimal data transfers (some argue that for existing customers, it’s legitimate interest to remind them via ads; however, we will generally err on the side of consent to be safe and transparent). If you opt out of marketing cookies, we will not include your visit in our advertising conversion tracking. You may still see Journee ads on those platforms, but they won’t be tailored based on your website behavior – they’ll just be general ads.
  8. Use of AI and Automated Processing (Contract/Legitimate Interests): We want to be transparent that to generate some of our story content, we use advanced technology, which includes artificial intelligence language models (such as OpenAI’s GPT or our own fine-tuned models). When you provide story input (like the child’s name, etc.), our system may process that input through these AI models to craft personalized story text. What does this mean for your data? It means that certain personal data (like the child’s first name and the context you provided) is being processed by our AI service provider strictly for the purpose of generating the story. We have measures in place to ensure this data is not used by the AI provider for any purpose other than delivering our specific result (for example, OpenAI’s policy as of 2023 is not to use API data for training without opt-in; and we would use such APIs in compliance with that, or use a version that doesn’t learn from our inputs). The output (the story) is then sent back to our system and delivered to you. We consider this part of performing the contract – it’s how we create the product you ordered. We also have a legitimate interest in using efficient and creative tools to provide high-quality stories. We maintain strict data agreements with such providers. No human at the AI provider is reading your child’s data; it’s an automated process. Nonetheless, if you have concerns about this, please reach out. (Note: We do not currently share your or your child’s identity or contact info with these AI tools – only the story context you provided. For example, the prompt might be “Child’s name is [Alice], she loves [space] and has a friend named [Bob]. Generate a fun story about Alice exploring the stars with Bob.” The model doesn’t know who Alice or Bob really are; it’s just using the names to weave the tale.)
  9. Compliance with Legal Obligations: We may need to process and retain certain personal data to comply with legal requirements. For example, for tax and accounting, we keep records of purchases (which include billing details) for a required period (often 6-7 years for financial records in the UK). If we receive an order from law enforcement or a regulatory authority to provide information, we would carefully verify it and only provide what is legally required. We also might use personal data to enforce or defend our legal rights – e.g., in case of a dispute with a customer, we may use emails or order information as evidence. These uses are based on legal obligation or legitimate interests (protecting our rights).
  10. Security and Fraud Prevention (Legitimate Interests/Legal Obligation): We use personal data (like IP addresses, order history, etc.) to monitor for fraudulent or suspicious activity. For instance, we might use an automated system to detect if multiple accounts are being created abusively or if a payment looks fraudulent. We might also use reCAPTCHA (as mentioned) which collects some user interaction info to determine if a bot is operating. This is all in our legitimate interest to protect our platform and users from fraud and security issues. If a security breach occurs that involves personal data, we are obligated to inform affected individuals and possibly regulators under certain conditions, and we will use contact information for that purpose if needed. We also take many security measures (see Data Security section below) to prevent breaches in the first place.

In summary, we will use your data only for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason that is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis (or get your consent if required).

We do not engage in any kind of automated decision-making that produces legal or similarly significant effects on you without human involvement (in plain terms: we don’t do things like credit scoring or rejecting orders purely by an algorithm without human check in cases of doubt). The AI story generation is automated, but its effect on you is the content of a story, not a decision about your rights or finances, etc. If ever we did something like that, we’d ensure it complies with the law and you have the ability to request human review.

How We Share Your Data

Journee will never sell or rent your personal data to third-party companies for their own marketing or other independent use. We only share data in the following contexts, with appropriate safeguards:

  • Service Providers (Processors): We employ trusted third-party companies to perform tasks on our behalf and help us provide the service to you. These include:
    • Stripe (Payment Processing): As noted, Stripe handles payment transactions. They receive payment details, billing name, address, email, and possibly phone if needed for verification. Stripe is PCI-compliant and is a data controller for the payment information for compliance purposes. We share only what is needed for the transaction. Stripe’s privacy policy governs their use of payment data; they generally do not use it beyond processing payment and fraud prevention.
    • Supabase / AWS (Hosting & Database): Our website and application data (including the personal data you provide and story content) are stored on Supabase, which is a platform built on AWS (Amazon Web Services) cloud infrastructure. Supabase acts as a processor, providing a secure database and authentication system. Most of our data is stored in the EU (Frankfurt, Germany data center) to comply with GDPR requirements. However, as noted, some data may flow to the US or other regions via AWS network, but we rely on standard contractual clauses and AWS’s commitments for such transfers (see International Transfers section below). Supabase itself is committed to data privacy and offers EU storage options which we use.
    • Twilio (WhatsApp/SMS Messaging): If you use the interactive story via WhatsApp, we integrate with Twilio’s WhatsApp API. Twilio will process the phone number and message content for the purpose of sending and receiving messages. Twilio is based in the US, so that involves transferring data to the US. Twilio is under binding corporate rules and standard clauses for GDPR compliance. They do not use message content except to transmit it and maintain their service, according to their policies. We only share with Twilio what’s necessary: your phone number and the messages (which may include the child’s first name or other story bits since they are in the conversation).
    • Email Service (Klaviyo): If you signed up for our mailing list or we send transactional emails, we use Klaviyo which is an email marketing and communications platform. We store your name and email and perhaps purchase history there to segment our messages (for example, to send a different newsletter to those who have purchased vs. those who signed up but didn’t purchase). Klaviyo’s servers may be in the US, so again data might transfer internationally with safeguards. Klaviyo will only use your data per our instructions (to send emails). Every marketing email via Klaviyo has an unsubscribe link.
    • Analytics Providers: We use Google Analytics (a Google service, with data possibly processed in the US) and PostHog (which can be self-hosted or EU-hosted; we are using an EU instance if possible, otherwise data might go to wherever PostHog’s service is hosted – which could be US or EU). These providers use cookies and scripts to collect usage data. Google Analytics will receive data like your IP (which we have set to anonymize by truncating, if we use GA4 or similar), device info, and site behavior. Google acts as a processor for us, but also in some respects as a separate controller for some data (under their terms, they don’t use the GA data for their own purposes other than providing analytics, except maybe for benchmarking). We have configured Google Analytics not to share data with Google’s advertising products unless you consent via the cookie settings. PostHog is mainly for product analytics (like which features are used); it can be configured without cookies or with minimal data. Any analytics data is only used by us for improving our service.
    • Advertising Partners: We integrate pixels from ad networks (Facebook, TikTok, Google, etc.). These pixels (when allowed by cookies consent) will cause certain data to be shared with the respective ad platform – typically a hashed identifier or cookie ID and information like “this browser visited this page or made purchase X”. For example, the Facebook Pixel will notify Facebook that someone (via a browser cookie) did a purchase of $Y on our site, allowing us to measure ROI. Facebook may also use that to optimize ads to similar users. The data shared usually includes: a unique ID or cookie, IP address, user agent (browser info), and the event details (like purchase or page view). On our side, we may see aggregated results (not personal info of the individual). Each platform (Meta, TikTok, etc.) is a separate controller of the data they receive through their pixel. They use it according to their privacy policies (commonly, to improve their ad targeting and measurement). That’s why we ask for consent to load these. If you consent, you’re agreeing that your data can go to those platforms for these purposes. If you don’t, we won’t load those scripts. We do not hand over directly identifiable personal data like your name or email to these pixels (unless you’ve separately given that to the platform and are logged in there; e.g., Facebook can match your visit if you’re logged in to Facebook). If you make an account on our site using an email that is also in, say, Facebook’s database (as a user of theirs), we might use a hash of that email to do custom audience targeting, as mentioned. But that’s a direct share (with consent/opt-out ability). All such advertising data sharing is done under either consent or our legitimate interest in marketing (depending on region). We aim for transparency; see Cookie Policy for opting out.
    • Cloud Services and Tools: We use certain cloud-based tools for running our business that might incidentally process personal data. For example, we might use a cloud storage or project management tool internally that could have a spreadsheet of orders (with names/addresses) to manage fulfillment, or we might use a CRM/helpdesk that stores your emails to us (e.g., if we use a support ticket system, or even just Gmail for email which is Google’s servers). We ensure any such tools are reputable and have appropriate data protection measures. For instance, if we use Google Workspace for company email, that means any personal data in an email you send us is stored on Google’s servers, but they are bound by confidentiality and security commitments as our processor for email. Similarly, if we use a ticket system or chat support (not currently, but if we did, e.g., Intercom or Zendesk), any info you give in a support chat would go through that. We’d list it here if we add such a provider. Currently, support is via direct email.
    • Printing/Delivery Partners: If in the future we outsource printing of letters or use a logistics partner, we would share necessary data for fulfillment (like the child’s name to be printed, and the address to ship). Right now, we handle printing in-house or via a controlled process, but scaling up we might use a printing service. That service would be bound by contract to only use the data for printing and sending the letters. We would ensure they’re GDPR-compliant if in EU or have equivalent safeguards if elsewhere.
  • Within Our Company: The data you provide will be accessed by the relevant people in Letter Journey Limited who need it to perform their duties – for example, our customer support team (which might just be a couple of people, since we are a small company) will access orders to help customers, our technical team will manage the database, etc. All staff/contractors are subject to confidentiality obligations. If we employ subcontractors or freelance story writers/editors (who might see some content to improve templates), they would only see anonymized or minimal data where possible, and be under NDA. For instance, a writer improving the generic story template doesn’t need to see a real child’s data, they’d work with placeholders.
  • Legal Requirements: We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand). We will attempt to notify you of such requests when permissible. Also, if necessary to enforce our Terms or to protect our rights or the safety of our users or others, we might disclose information to our legal advisors or law enforcement. For example, if we detect fraudulent use of credit cards or a false identity, we might report that to the authorities and share relevant info (like the name and address used, IP address of order, etc.).
  • Business Transfers: If Letter Journey Limited is involved in a merger, acquisition, investment, financing, reorganization, or sale of all or a portion of its assets, personal data may be transferred to the acquiring or merged entity as part of that transaction. We would ensure that the new owner continues to respect your personal data in line with this Privacy Policy (or provides notice of any changes). Your rights will not be diminished by any such transfer – the new entity would step into our responsibilities regarding your data. We would notify you (for example, via email and/or a prominent notice on our site) of any change in ownership or use of your personal information, as well as any choices you may have regarding your personal information (if, for instance, you wish to delete your data rather than have it transfer).
  • Aggregated or Anonymized Data: We may share information that has been aggregated or anonymized in a way that it can no longer be used to identify an individual. For example, we might publish or share stats like “We’ve served 10,000 families across 15 countries” or “Most popular story theme is Space Adventures, chosen by 40% of users.” Or we might share anonymized data with a research partner to analyze kids’ story interests (e.g., “10% of our story inputs mention dinosaurs”). This type of data has no personal identifiers and is not regulated in the same way because it’s not personal data. Rest assured, if we anonymize data for analysis, we ensure it’s not reversible (for instance, hashing names in a way that we can’t get them back out, etc.).

We require all service providers to whom we disclose personal data to agree to keep it secure and confidential and to use it only for the purposes we specify. Where those providers are outside the UK/EU, we implement appropriate transfer safeguards (next section). We do not allow our third-party processors to use your personal data for their own purposes; they can only process it for ours, in line with our instructions.

If you have questions about any specific third party or want more detail on what data is shared and how, please contact us. We aim to be transparent.

International Data Transfers

Journee is based in the United Kingdom. However, we serve customers across Europe and the United States (and potentially other countries). Many of our systems and third-party partners involve data transfers across borders. For example, if you are in the EU, know that your personal data will likely be processed in the UK (which is currently deemed an adequate jurisdiction by the EU post-Brexit, so EU data can flow to the UK). If you are in the UK/EU, some of your data will also be transferred to outside the European Economic Area (EEA), including to the United States, due to our use of providers like Stripe, Twilio, Google, and others.

We will only transfer your personal data outside of the UK/EEA where such transfer is compliant with applicable data protection laws. This means:

  • The country has been deemed to provide an adequate level of protection by the relevant authority (e.g., the European Commission or UK’s ICO). For instance, the UK is adequate for EU data currently. The US as a whole is not deemed adequate, but certain certified organizations under frameworks like the new EU-US Data Privacy Framework (if applicable) or those implementing Standard Contractual Clauses can be used.
  • If there’s no adequacy decision (which is the case for the US except for those in the new framework), we use Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement/Addendum with the recipient to ensure essentially equivalent data protection. Companies like Stripe, Google, Twilio have SCCs in place in their terms to cover customer data transfers. We have reviewed those and rely on them.
  • In addition, we may assess on a case-by-case basis if any additional technical or organizational measures are needed. For example, we might pseudonymize data before sending to certain systems, or use encryption. Some of our providers (like Supabase/AWS) give us regional control (we keep main data in EU), but backups or maintenance might occasionally involve non-EU personnel access under SCCs.
  • We also look at the necessity of transfers. If a provider offers an EU hosting option, we try to use it (e.g., PostHog EU). But for some (like WhatsApp via Twilio), the service is inherently global. Twilio claims to store message content for a limited time and offers some EU routing options, but not fully avoiding US. We will monitor legal developments and, if needed, seek explicit consent for certain transfers. At present, our stance is that these transfers are necessary for the performance of the contract between us and the international customers or for our use of services, which is another permitted condition under GDPR (for example, if an EU customer wants the WhatsApp experience, by opting in, they are effectively consenting to the necessary transfer of their messages through the WhatsApp system which is global).

By using Journee and providing us your personal data, you acknowledge that it will be transferred to and processed in countries outside your own. If you are in the EU or UK, we assure you that we take steps to ensure these transfers meet the requirements of GDPR. If we were ever unable to ensure this, we would halt the transfers or seek your explicit consent.

If you would like more information about cross-border transfers or copies of the SCCs in place, you can contact us. (Some agreements might have confidential clauses, but we can describe relevant bits.)

Data Security

We implement a variety of security measures to protect your personal data from unauthorized access, use, alteration, or destruction. These measures include:

  • Encryption: Our website is served over HTTPS (secure SSL/TLS connection) to encrypt data in transit between your browser and our servers. Sensitive data like payment details are handled by Stripe which is highly encrypted. We also encrypt certain data at rest where appropriate (for example, passwords are hashed; any secret keys we store are encrypted). For internal databases, Supabase/AWS provides encryption at rest and in transit by default.
  • Access Controls: We limit access to personal data to those employees, contractors, and service providers who need to know it for their work. Access to sensitive systems is protected by strong authentication (passwords, 2FA). Our team is small, and all are trained on confidentiality. For example, our customer support interface doesn’t show full payment info, etc.
  • Security Testing and Updates: We keep our software and systems up to date with security patches. We use well-regarded platforms (Supabase, etc.) that maintain security standards. We periodically review our application for common vulnerabilities. If we discover any issue, we act swiftly to fix it.
  • Data Minimization and Pseudonymization: As discussed, we try not to collect more data than needed. This inherently reduces risk. Where possible, we use pseudonymous IDs (for instance, in analytics, we prefer not to use your actual identity). In our databases, your account is identified by an ID and email, and the child’s first name might be stored in relation to the story, but we don’t cross-link it to more data about the child outside the context of your account.
  • Backups: We do maintain backups of data to prevent accidental loss. These backups are protected and encrypted. They are kept only for a limited time and stored securely (likely also with Supabase/AWS).
  • Monitoring: We use tools to monitor for unusual activity on our site (like multiple failed logins, which could indicate a brute force attack) and have alerts for system anomalies. We also utilize reCAPTCHA to block automated abuse.
  • Contracts with Processors: As mentioned, our contracts with data processors (Stripe, etc.) include commitments to security (Stripe is PCI DSS compliant; AWS has a robust security infrastructure, etc.). We review their compliance certifications (like ISO 27001, SOC 2 for those who have it).

Despite all these efforts, no system can be 100% secure. The internet by its nature has risks. We therefore cannot guarantee absolute security of data. However, we adhere to industry best practices and will continue to adapt as new threats emerge. In the unlikely event of a data breach that affects your personal data, we have a breach response plan: we will notify affected users and relevant authorities as required by law (for instance, under GDPR, we would notify the ICO and you if a breach is likely to result in high risk to your rights, within 72 hours of becoming aware of it, when feasible). We would also take steps to mitigate any harm and prevent future incidents.

As a user, you also play a role in security: please keep your account password confidential and use a unique password. If you suspect any unauthorized access to your account, notify us right away. When you finish using the site, especially on a public/shared computer, log out for safety.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements.

Here are some general retention guidelines:

  • Account Information: If you create an account and purchase from us, we will retain your account data (like name, email, order history) as long as your account is active and for a certain period after. We consider an account inactive if you haven’t logged in or ordered in a long time (e.g., a few years). We may periodically delete or anonymize accounts that have been inactive for say, 3-5 years, unless there are orders that we need to keep for legal reasons. However, if you wish to delete your account sooner, you can request that (see Your Rights below). If you delete your account or request erasure, we will scrub personal data but may keep minimal info to prevent fraud or handle disputes (e.g., we might keep your email in a suppression list to know not to contact you or not to re-create the account if a request was made).
  • Orders and Transactions: We retain records of purchases (which include personal data like name, email, address, and purchase details) for at least the duration required by tax laws – typically 6 years in the UK after the end of the financial year, or up to 7 years. This is to comply with audit and tax regulations. These records may be kept in our accounting system and are separate from your user account.
  • Children’s Data in Stories: The personalized story content (which includes child’s name and details) may be stored in our system for a time, especially if you have a subscription (so we recall story progress) or if we generate a PDF for reprint. We don’t currently offer re-downloadable letters, but we might store the text output. We will not keep it longer than necessary. If you have a series subscription, we’ll keep previous story info to maintain continuity. If you end your subscription and delete your account, we will delete these story contents along with your account data, as they are tied. If there’s a legal reason to keep (none obvious for story text), we might keep an anonymized version (e.g., remove the child’s name and personal refs but keep a generic story for our internal research).
  • Interactive Chat Data: Transcripts from the WhatsApp story might be stored for a short period for technical reasons (to generate the next part or for us to review if there was an issue). Typically, once the story session is over, we don’t have a business need to keep the chat. We may delete or anonymize chats after a certain period (say 90 days). However, any personal data in them is also in your story inputs which we have as part of the order. Twilio logs might keep message metadata for longer for their legal obligations (they may retain records of messages sent for some months). We ensure that beyond what Twilio retains, our copy is not kept indefinitely.
  • Marketing Data: If you subscribed to our newsletter and then unsubscribe, we will stop sending you emails immediately. We might keep your email on a “do not contact” list to ensure we respect your opt-out (this is common practice to not accidentally re-add you). If you are just a subscriber (never purchased) and you unsubscribe, we might delete your data entirely after a time. If you are a customer and opt out of marketing, we still keep your data for transactional communications but mark you as no-marketing.
  • Analytics Data: Google Analytics data is retained in Google’s systems as per our settings – we might set a retention of 26 months or so for user-level data (with each new event resetting the clock) – or if we use GA4, data retention might be even shorter for certain data. We don’t keep raw web server logs longer than a few months unless needed for security analysis. Aggregated analytics reports might be kept indefinitely, but they don’t identify individuals.
  • Communications: Support emails or messages we receive from you, we may retain those for a period to reference in case of ongoing issues. Typically, we keep customer support emails for a couple of years in our mailbox, unless you request deletion, which we will do if feasible (bearing in mind if the email contains order info we need for record-keeping, we might redact personal parts and keep the necessary part).
  • Legal Holds: If a dispute or legal issue arises, we may retain relevant information until it is resolved, even if that extends beyond normal retention. For instance, if you filed a complaint or we reasonably believe there's potential litigation, we’d preserve data until it’s resolved to protect evidence.
  • Backup Copies: Data might remain in our encrypted backups for a short time even after deletion from live systems, typically until that backup is rotated out (we might have rolling backups that span a few weeks). We have policies to delete or securely overwrite old backups.

When we have no ongoing legitimate need or legal obligation to process your personal data, we will either delete it or anonymize it. For example, we may convert some of your data into statistical or aggregated form (which is not identifiable) and use that indefinitely for business analysis (as mentioned above, e.g., number of customers in a region).

Your Rights and Choices

You have certain rights regarding your personal data under applicable privacy laws (notably the GDPR for EU/UK users, and analogous rights under other laws). These rights include:

  1. Right to Access: You can request confirmation of whether we are processing your personal data, and if so, request access to that data (commonly known as a “Data Subject Access Request”). This allows you to receive a copy of the personal data we hold about you. We will provide this free of charge, except in cases of excessive or unfounded requests (where we might charge a reasonable fee or refuse, per law). We may need to verify your identity before releasing data (to ensure we don’t give it to the wrong person). Typically, we will respond within one month of your request (or notify you if we need more time for complex requests).
  2. Right to Rectification: If any personal data we have is inaccurate or incomplete, you have the right to have it corrected. For example, if you realize we have the wrong spelling of your name or an outdated email, please inform us and we will update it. Many basic details can also be corrected by you through your account settings on our website. For story content, obviously once printed we can’t change it, but we can correct records for future stories.
  3. Right to Erasure (Right to be Forgotten): You may request that we delete your personal data. This right is not absolute – it applies in certain circumstances. For instance, if you withdraw consent or the data is no longer necessary for the purpose, or if you object to processing and we have no overriding interest to continue, or if we unlawfully processed it. We will honor this right to the extent possible: note that we cannot always delete immediately data that we have a legal obligation to keep (e.g., past transaction records for tax). But we can delete your account and any data that is not required to be kept. In practice, if you ask to delete your account, we will remove personal identifiers from our main systems and only retain minimal info as required. The WhatsApp data, if any, and story content would be wiped as well. If you simply stop using us and want us to purge data, we can do that on request too. We will inform you of what we have deleted and what we might need to keep (and why). Once we no longer need to keep the remainder, we’ll delete that too.
  4. Right to Object: You have the right to object to certain types of processing. For example, you can object to processing based on legitimate interests if you feel it impacts your rights, or object to direct marketing at any time. If you object to marketing, we will stop (that’s straightforward – we always honor opt-outs). If you object to processing for analytics or improvement based on our legitimate interest, we will consider your request and typically comply by stopping that processing for you (for analytics, easier path is just opt out via cookies). If you object to processing necessary for contract (like “don’t use my child’s name in the story” which would defeat the purpose), we’ll discuss with you – likely it means not using the service. But we absolutely respect objections to any processing for which consent is the basis (in which case withdrawal of consent applies, see below).
  5. Right to Restrict Processing: You can ask us to suspend or limit the processing of your personal data in certain scenarios. For instance, if you contest the accuracy of the data, or you’ve objected and we’re considering it, or if processing is unlawful but you don’t want full deletion, or if you need data preserved for legal claims while we’d otherwise delete it. When processing is restricted, we can still store the data but not use it. We would mark it as restricted and only process for exceptions (like with your consent or legal purposes).
  6. Right to Data Portability: For data you provided to us and which we process by automated means on the basis of consent or contract, you have the right to request a copy in a structured, commonly used, machine-readable format, and/or to have that data transmitted to another controller (where technically feasible). In plain terms, if you want a copy of your account data or story input data in a CSV or JSON, we can provide that. This right typically doesn’t cover data we generate (like the story content itself is something we generate, but we’d likely include it if you wanted it, since it’s your child’s story). It’s mainly so you can port your data to another similar service if you wanted (though not many like us out there!).
  7. Right to Withdraw Consent: If we rely on your consent for any processing (e.g., sending marketing emails, using certain cookies, processing child data for additional purposes), you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing done before the withdrawal. It just means going forward we won’t do that processing. For example, you can opt out of marketing, or if you gave consent to use a child’s photo on our website and then change your mind, we’ll remove it. Withdrawing consent for using the child’s data in the story would mean we can’t continue providing the service (because that’s core), but if you did withdraw before we finish, we’d cancel the service (possibly refund if appropriate).
  8. Right not to be subject to Automated Decision-Making: We already stated we don’t do solely automated decisions with legal effect. Under GDPR you have the right not to be subject to one. So, if that scenario changes, we’d ensure compliance.

To exercise any of these rights, please contact us at privacy@journee.club or hello@journee.club. We may need to ask for information to verify your identity (to ensure it’s you or an authorized person making the request). We will respond to your request as soon as possible, generally within one month. If your request is complex or numerous, we may extend the deadline by up to two further months, but we’ll inform you of that.

For requests that are manifestly unfounded or excessive (especially if repetitive), we may either charge a reasonable fee or refuse to act, as allowed by law. But we will try to be as accommodating as possible. Our goal is to give you control over your data.

Your Choices (not requiring a formal request):

  • You can always review and update certain information by logging into your account (like updating your email or password).
  • You can opt out of marketing emails by clicking “unsubscribe” in any such email.
  • You can manage cookies via our Cookie consent banner or your browser settings (see Cookie Policy below).
  • If using WhatsApp and you want to stop messages, send “STOP” or equivalent.
  • If you don’t want us to use your child’s data anymore, you can choose to stop the service and ask us to delete it (as per above).
  • If you want to remain a customer but perhaps limit some data use (like you want to use the service but opt out of analytics and advertising tracking), you can absolutely do that via cookie settings and by letting us know to flag your account for minimal data use. We won’t penalize or reduce your service; you might just miss out on some targeted offers or improvements which is fine.

Children’s Privacy

Protecting children’s privacy is at the core of Journee’s values. This service is designed to be parent-mediated: a parent or guardian provides the child’s personal data and oversees the experience. We do not knowingly allow children under the age of 13 to sign up or provide personal information directly. If you are under 13, please do not attempt to use our site or send any personal data about yourself to us.

For U.S. residents, we comply with the Children’s Online Privacy Protection Act (COPPA). We do not collect personal information from children under 13 without obtaining verifiable parental consent. In our model, the act of a parent providing the child’s information and purchasing the product is the mechanism of consent (similar to how a parent’s credit card transaction can serve as COPPA consent verification). If no purchase is made (e.g., if we ever offered a free trial for a child’s use), we would implement another parental consent method like requiring a credit card verification or signed form.

If we become aware that we have inadvertently collected personal data directly from a child under 13 (or under the applicable age in other jurisdictions) without parental consent, we will take immediate steps to delete that information. For example, if a child somehow emailed us or signed up pretending to be an adult, once discovered, we would remove their data. If you believe that a child under 13 may have provided us personal data without parental consent, please contact us at privacy@journee.club so we can investigate and delete it.

Parental Controls: As a parent, you have the right to review the personal information we have collected about your child, and to request deletion of your child’s information at any time. You also have the right to refuse to permit further collection or use of the child’s information. To exercise these, contact us (we will verify you are the parent/guardian). Keep in mind, if you withdraw consent for us to use the child’s info, we will be unable to continue providing the personalized story service (since that relies on using their info). But we will respect your decision and do the necessary deletions.

We do not use any child’s personal data for marketing purposes. We don’t send emails to the child (we send them to the parent). We don’t share the child’s data with third parties for any reason except as needed to fulfill the service (printing, delivering, story generation). We certainly do not sell or monetize children’s data. If in our advertising we mention generic things like “magical letters for kids age 5-10”, that is not based on any specific child’s data – it’s just general marketing. We might use aggregated stats (like “join thousands of happy kids”) which are not linked to any child’s identity.

All story content we generate is designed to be child-friendly; we filter out inappropriate content and we adhere to child-safety principles in our AI model. We do not allow user-generated public content that could expose children’s info.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users and to personalize/improve your experience. For detailed information, please see our Cookie Policy below, which forms part of this Privacy Policy. In short:

  • We use essential cookies for things like login sessions, and non-essential cookies for analytics and advertising.
  • We obtain consent for non-essential cookies where required. When you first visit, you’ll see a cookie notice or banner. You can adjust your preferences anytime.
  • Third parties may set cookies on our site (e.g., Google, Facebook) – we do our best to control this via consent management, but know that if you accept those cookies, those third parties process data per their policies.
  • You can also manage cookies via your browser settings (e.g., block or delete cookies), though doing so may impair site functionality.

We also may use technologies like web beacons in emails (to know if you open an email) – that’s standard for email platforms. You can disable images in email if you don’t want that.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and, if appropriate, provide a more prominent notice (such as a statement on our homepage or an email notification). We encourage you to review this policy periodically to stay informed about how we protect your data. Your continued use of Journee’s services after any update constitutes your acceptance of the changes, to the extent permitted by law. If you do not agree to any updated policy, you should stop using our services and may request deletion of your data.

Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

  • Email: privacy@journee.club or hello@journee.club
  • Postal Mail: Data Protection Officer, Letter Journey Limited, 61 Wilmot Road, London E10 5LT, United Kingdom.

We will address your inquiry as soon as possible. If you have a concern about how we have handled your personal data and we are unable to resolve it, you have the right to lodge a complaint with a supervisory authority. In the UK, that is the Information Commissioner’s Office (ICO). In the EU, you can contact your local Data Protection Authority. We would, however, appreciate the chance to deal with your concerns before you approach a regulator, so please consider reaching out to us first.

Thank you for trusting Journee with your family’s story. We are dedicated to safeguarding your privacy and creating a safe, joyful experience for you and your children.