Privacy Policy

Effective date: 29 May 2026 Last updated: 29 May 2026

This Privacy Policy describes how Hieu Ma ("we", "us", "our") collects, uses, stores, and protects information when you use Mai Journal (the "App"). By using Mai Journal, you agree to the practices described in this policy.

If you have any questions, you can reach us using the contact details at the end of this policy.

1. Information We Collect

We try to collect as little personal information as possible. The categories of information we collect are:

Account information

When you create an account by signing in with Google or Apple, we collect:

  • Your email address
  • Your display name (the name on your Google or Apple account)
  • A unique account identifier generated by Firebase Authentication

We do not store your password. Authentication is handled by your chosen sign-in provider.

Content you create in the App

Mai Journal is a journaling app, so the content you create is stored with your account. This includes:

  • Journal entries
  • Personal goals and "dreams"
  • Weekly planner entries and calendar items
  • Self-reflection content (such as cognitive-distortion exercises)
  • Your settings and preferences

Technical information

We collect a small amount of operational information needed to run the App, including:

  • Device type, operating system version, and App version
  • IP address (used to deliver responses to your requests and to detect abuse; not used to build a tracking profile)
  • Error logs used to diagnose crashes (these do not contain your journal content)

We do not include third-party analytics, advertising, or tracking SDKs in the App. We do not build advertising profiles about you. We do not use cookies for tracking.

2. How We Use Your Information

We use the information we collect only to operate the App. Specifically, we use it to:

  • Create and maintain your account
  • Store and sync the content you create across your devices
  • Respond to your support requests
  • Detect and prevent abuse, fraud, and security incidents
  • Comply with our legal obligations

We do not sell your personal information. We do not share it with advertisers. We do not use it to train artificial-intelligence models.

3. How We Share Your Information

We share information only with the limited service providers necessary to run the App:

  • Google Firebase (Google LLC) — hosts our authentication, database, and backend services. Your account information and content are stored on Google Cloud infrastructure in the United States. Google processes this data on our behalf under its Cloud Data Processing Addendum.
  • Sign in with Google (Google LLC) — if you choose Google sign-in, Google provides us with your name and email address as part of that flow.
  • Sign in with Apple (Apple Inc.) — if you choose Apple sign-in, Apple provides us with your name and email (which may be Apple's private-relay email) as part of that flow.
  • Cloudflare, Inc. — operates a small relay service used during Apple sign-in to exchange authentication tokens.

We do not share your information with any other third parties, except:

  • When required by law (for example, a valid legal request from a court or government authority)
  • To protect the safety, rights, or property of you, us, or the public
  • In the event of a business transfer such as a merger or acquisition, in which case we will notify you before your information is transferred

4. Where Your Information Is Stored

Your account information and content are stored on Google Cloud servers in the United States. If you access the App from outside the United States, you consent to the transfer and processing of your information in the United States.

5. How We Protect Your Information

We protect your information with the following measures:

  • All data is encrypted in transit using TLS (HTTPS).
  • All data is encrypted at rest by Google Cloud's storage infrastructure.
  • Your journal entries are additionally encrypted on your device with a per-user key before being sent to our servers, providing an extra layer of protection.
  • Access to our backend systems is limited to authorized personnel and protected by industry-standard authentication.
  • We review our security practices regularly.

While we use reasonable measures to protect your information, no internet service can be 100% secure. We encourage you to use a strong sign-in method (such as two-factor authentication at your Google or Apple account) and to keep your device secure.

6. Data Retention and Deletion

We retain your account information and content for as long as your account is active.

You can delete your account at any time from the App's settings. When you delete your account:

  • Your account is marked for deletion.
  • A short grace period (typically 30 days) allows you to recover the account if you change your mind.
  • After the grace period, your account and all associated content are permanently deleted from our active systems.
  • Encrypted backups may persist for a limited additional period before being overwritten.

If you would like a copy of your data, please contact us using the details below.

7. Your Privacy Rights

You have the following rights with respect to your information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct information that is inaccurate.
  • Deletion — delete your account at any time from in-app settings, or request deletion by emailing us.
  • Withdrawal of consent — stop using the App and sign out at any time.
  • Complain — file a complaint with a data-protection authority if you believe your rights have been violated.

Users in California

Under the California Consumer Privacy Act (CCPA/CPRA), you have the right to know what personal information we collect, the right to delete that information, and the right not to be discriminated against for exercising your rights. We do not sell personal information.

Users in the European Economic Area, United Kingdom, or Switzerland

We process your personal information on the legal bases of (a) performance of the contract to provide you with the App, and (b) our legitimate interest in operating and securing the service. You have the rights set out in the General Data Protection Regulation (GDPR), including access, rectification, erasure, restriction, portability, and objection.

To exercise any of these rights, contact us at the address below.

8. Children

Mai Journal is not directed to children under 13 (or under 16 in the European Economic Area and United Kingdom). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. A Note About Mental Health

Mai Journal is a self-reflection tool. It is not a substitute for professional mental-health care, diagnosis, or treatment. If you are experiencing a mental-health crisis, please contact the 988 Suicide & Crisis Lifeline (United States) or your local emergency services.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. We will notify you of material changes through the App or via the email address associated with your account.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your information, contact us at:

Hieu Ma — Mai Journal 1875 S. Bascom Avenue, Ste 2400 Campbell, CA 95008 United States

Email: support@mai-journal.app Phone: (408) 694-4276 Website: https://mai-journal.app/