Privacy Policy

A Traveler's Journal ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website at atravelersjournal.net and related services.

1. Information We Collect

We collect the following information when you use our service:

• Google Account Information: When you sign in with Google, we receive your name, email address, and profile picture from Google.
• Google Photos Access: With your permission, we create and manage albums in your Google Photos account on your behalf. We do not store your photos on our servers.
• Trip Data: Information you provide about your trips, including trip names, dates, and the QR code identifiers from your physical journal.
• Usage Data: Our hosting provider automatically logs basic request information, including IP address, browser type, and pages visited, for security and operational purposes.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Create Google Photos albums linked to your journal trips
• Display your trip albums on your personal dashboard
• Send transactional emails related to your account, such as welcome and account deletion confirmations
• Maintain the security and reliability of our service and improve features based on aggregated, non-identifying usage information (we never use data obtained from Google APIs for product development, analytics, or service improvement beyond the user-facing features described in this policy)

3. Google Photos Integration

Our service integrates with Google Photos to create and organize trip albums on your behalf. We access your Google Photos account only to create albums when you scan a QR code in your journal. We do not read, modify, or delete existing photos or albums unless explicitly initiated by you. Your photos remain in your Google account and are subject to Google's own Privacy Policy.

A Traveler's Journal's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we only use Google user data to provide and improve user-facing features that are prominent in our application's user interface. We do not use this data for serving advertisements, and we do not allow humans to read this data unless we have your affirmative agreement, it is necessary for security purposes, to comply with applicable law, or our use is for internal operations and the data has been aggregated and anonymized.

4. Cookies and Tracking

We use a small number of cookies and similar technologies to operate our service:

• Essential cookies: Required for authentication and to keep you signed in. These cannot be disabled.
• Analytics: We use Vercel Analytics, which collects aggregated, anonymized traffic data and does not use cookies or track individual users across sites.

If we add any non-essential cookies in the future, users in the EU, UK, and other jurisdictions requiring consent will be presented with a cookie banner before such cookies are set. You can also control cookies through your browser settings.

5. Data Storage and International Transfers

Our website is hosted on Vercel, and account and trip data is stored in Supabase. Both providers encrypt data in transit (HTTPS) and at rest. We do not store your photos or Google Photos content on our servers — your photo content remains in your Google account at all times.

Our service providers (Vercel, Supabase, Resend, and Google) are based in or operate servers in the United States. If you access our service from outside the United States, your information will be transferred to, stored, and processed in the United States. For users in the European Economic Area, United Kingdom, or Switzerland, these transfers are made in reliance on the Standard Contractual Clauses approved by the European Commission, which our service providers incorporate into their terms.

6. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• With Google, when making API calls on your behalf to provide the Google Photos integration
• With Supabase, our database provider, to store your account and trip data
• With Vercel, our hosting and analytics provider, which processes server logs and request data
• With Resend, our transactional email provider, to deliver account-related emails
• If required by law or to protect our legal rights

7. Data Retention

We retain your account data for as long as your account is active. Accounts that have been inactive for more than 24 months may be deleted after we send a notification email to the address on file. Server request logs are retained by our hosting provider for up to 30 days for security and operational purposes.

You may delete your account and all associated data at any time directly from your dashboard using the "Delete Account" option in account settings. Account deletions are processed immediately, and any residual backup data is removed within 30 days. You may also request deletion by emailing us at the address below. Deleting your account does not delete your Google Photos albums — those remain in your Google account and can be managed through Google Photos directly. To revoke our access to your Google account, visit your Google account permissions page.

8. Your Rights

Depending on your location, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Request a portable copy of your data
• Object to or restrict certain processing of your data
• Revoke Google account access at any time via your Google account permissions page
• Lodge a complaint with your local data protection authority (for EU/UK residents)

The legal bases on which we process your personal data are your consent (for Google Photos access) and the performance of our service agreement with you (for account management).

California residents: We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA).

9. Children's Privacy

Our service is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under this age. If you believe we have inadvertently collected such information, please contact us immediately.

10. Security

We take reasonable measures to protect your information from unauthorized access, disclosure, or destruction, including encryption in transit (HTTPS) and at rest through our database provider, restricted administrative access, and regular review of our service providers' security practices. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

Breach notification: In the event of a data breach affecting your personal information, we will notify affected users without undue delay and, where required by law (such as under GDPR), within 72 hours of becoming aware of the breach.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date, and where the changes are material, by email to the address associated with your account.

12. Governing Law

This Privacy Policy is governed by the laws of the State of Connecticut, United States, without regard to its conflict of laws principles. Nothing in this section limits the rights you may have under the data protection laws of your country of residence.

13. Contact Us

A Traveler's Journal is operated by The J&J Shop LLC. If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:
thejandjcompany.shop@gmail.com