Privacy & AI Policy

Last updated: 30 January 2026

Journey is committed to protecting your privacy and being transparent about how data and artificial intelligence (AI) are used.

This policy explains what information we collect, how we use and protect it, how AI-assisted features work, and your rights in relation to your data.

Quick Navigation

Privacy & Data

  • • Privacy Principles
  • • Information We Collect
  • • How We Use Information

AI & Transparency

  • • AI Use & Transparency
  • • Access to User Content
  • • Safeguarding

Security & Storage

  • • Data Storage & Security
  • • Data Retention & Deletion
  • • Cookies & Analytics

Your Rights

  • • Your Rights
  • • Legal Compliance
  • • Children & Student Data

1. Introduction

Journey ("Journey", "we", "us", or "our") is committed to protecting your privacy and being transparent about how data and artificial intelligence ("AI") are used.

This Privacy & AI Policy explains:

  • what information we collect,
  • how we use and protect it,
  • how AI-assisted features work,
  • and your rights in relation to your data.

This policy applies to all users of the Journey website, applications, and related services (collectively, the "Service").

2. Our Privacy Principles

Journey is built on the following principles:

  • 🔒Privacy by default — personal reflections are private
  • 📊Data minimisation — we collect only what is necessary
  • 👁️No surveillance — we do not monitor users in real time
  • 🚫No selling of data — we do not sell personal information
  • 📢No advertising — we do not use personal data for behavioural advertising
  • 🩺Non-clinical use — data is not used for diagnosis or treatment
DATA COLLECTION & USE

3. Information We Collect

We collect only limited categories of information necessary to operate the Service.

3.1 Categories of information

We may collect:

a. Account and identifiers

  • Email address, username, or school-provided identifier
  • Basic account status information

b. User-generated content

  • Reflections, journal entries, or responses you create
  • Optional feedback or messages you send to us

c. Technical and usage data

  • Device or browser type
  • App version and basic diagnostics
  • Aggregated feature usage and error logs

ℹ️ We do not collect biometric data, continuous monitoring data, advertising identifiers, or precise location tracking.

4. How We Use Information

We use information solely to:

  • Provide and operate the Service
  • Enable reflection and journaling features
  • Generate AI-assisted reflective prompts and responses
  • Maintain platform safety, security, and reliability
  • Improve the design and functionality of Journey

We do not use personal data for advertising or for profiling users.

AI TRANSPARENCY

5. AI Use & Transparency

Journey uses AI to support reflective conversations and journaling.

5.1 How AI is used ✓

  • To generate reflective prompts or responses based on user input
  • To support structured self-reflection and personal growth
  • To improve the quality, relevance, and safety of the Service

5.2 How AI is NOT used ✗

  • AI does not diagnose, assess, or predict mental health conditions
  • AI does not provide therapy or clinical advice
  • AI does not make decisions about users
  • AI does not monitor users continuously or in real time

5.3 AI service providers

To deliver AI-assisted features, certain user content may be processed by trusted AI service providers under contractual safeguards. We configure providers to process data solely to provide the Service and, where available, not to use user content to train public or general-purpose models.

AI outputs are probabilistic and may be imperfect. Users remain responsible for how they interpret and act on AI-generated content.

6. Access to User Content

User content is private by default.

  • Only you can access your individual reflections
  • Journey staff access is strictly limited and permitted only where necessary to operate, maintain, or protect the Service
  • Schools, universities, or partner organisations cannot access individual user content

7. Aggregated & Anonymised Insights (Institutions)

For institutional partnerships (e.g. schools or universities):

  • Only high-level, aggregated, and anonymised insights may be shared
  • Individual users cannot be identified
  • Insights are not used for disciplinary, evaluative, or surveillance purposes

8. Safeguarding & Distress-Related Content

Journey does not actively monitor user content.

If content suggests distress or risk:

  • The Service may provide supportive language
  • The Service may encourage seeking help from trusted adults or professionals
  • The Service may display relevant support resources

Journey does not intervene directly and does not replace emergency or professional services.

SECURITY & STORAGE

9. Cookies & Analytics

Journey uses only essential cookies or similar technologies required for authentication, security, and basic functionality.

  • We do not use behavioural advertising cookies
  • We do not use third-party ad tracking
  • We do not sell or share data for marketing purposes

Any limited analytics are used only to understand system performance and improve the Service.

10. Data Storage & Security

We apply reasonable technical and organisational safeguards, including:

  • Secure servers
  • Access controls
  • Encryption where appropriate

No system is completely secure, but we take data protection seriously.

11. Data Retention & Deletion

We retain personal data only for as long as necessary to:

  • provide the Service,
  • maintain safety and integrity,
  • and comply with legal obligations.

You may request deletion of your account and associated data. Some information may be retained where required by law or for legitimate operational purposes.

12. Data Sharing

We do not sell personal data.

We may share limited information only:

  • With trusted service providers who help operate the Service
  • Where required by law or legal process
  • To protect the safety, rights, or integrity of users or the Service

All service providers are required to handle data responsibly and securely.

13. Children & Student Data

Journey takes special care with data relating to minors.

  • Use by students may occur through schools or educational institutions
  • Appropriate consent and safeguards are applied
  • Student data is treated with heightened confidentiality
YOUR RIGHTS & LEGAL

14. Legal Compliance

We process personal data in accordance with applicable data protection laws, including the Hong Kong Personal Data (Privacy) Ordinance (PDPO), and apply GDPR-style data protection principles where relevant.

15. Your Rights

Depending on applicable law, you may have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your data
  • Withdraw consent where applicable

Requests can be made by contacting us.

16. Changes to This Policy

We may update this Privacy & AI Policy from time to time.

Material changes will be communicated where appropriate.

Continued use of the Service indicates acceptance of the updated policy.

17. Contact Us

For privacy or data-related questions, please contact:

📧

Thank you for trusting Journey with your wellbeing journey. Your privacy and security are our top priorities.