Lifetime Journal Privacy Policy

Last updated: November 22, 2025

1. Introduction

Welcome to Lifetime Journal. We value and respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy describes how we collect, use, process and protect your information when you use our cross-platform personal journal application.

Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. By using our application, you accept the practices described in this policy.

2. Data Controller

Lifetime Journal is an application developed by AppToLast.

Contact for privacy inquiries:

Email: admin@apptolast.com
To exercise your data protection rights, please use the email above

3. Information We Collect

3.1 Information You Provide Directly

Account information:

Full name (obtained from your Google account)
Email address (obtained from your Google account)
Profile photo (optional, obtained from your Google account)
Google authentication credentials

User-created content:

Journal entries with rich text
Custom journal collections and themes
Multimedia attachments (photos, audio notes) you add to your entries
Custom journal descriptions and covers
Entry dates and metadata (creation date, last modified)
Application configuration preferences

3.2 Automatically Collected Information

Device and app usage data (Firebase Analytics):

Device model and manufacturer
Operating system and version
Application version
Device language
App usage events (features used, session time)
Frequency and duration of app usage
Unique device identifiers (Android ID, iOS IDFV)

Performance and error data (Firebase Crashlytics):

Application crash reports
Error and exception logs
Application performance data
Memory and storage state at time of error
Stack traces and technical diagnostics

Authentication and synchronization data:

Firebase Authentication session tokens
Cross-device synchronization information
Database metadata (timestamps, document versions)
Device biometric data (for local authentication only, not sent to servers)

3.3 Third-Party Information

When you sign in with Google Sign-In, we receive basic profile information from Google LLC according to your Google account settings.

4. Legal Basis for Data Processing (GDPR)

We process your personal data under the following legal bases:

Contract execution: Processing necessary to provide the application services you have requested
Legitimate interest: Improvement of our services, fraud detection, application security
Consent: For optional functionalities such as the use of biometric data for local authentication
Legal obligation: Compliance with applicable laws and regulations

5. How We Use Information

We use the information we collect for the following purposes:

Service provision:

Create and maintain your user account
Sync your journal entries across devices
Store and retrieve your content securely
Provide search and organization functionalities
Enable local biometric authentication (if you enable it)

Improvement and development:

Analyze how users use the application to improve functionalities
Identify and fix technical errors
Develop new features based on usage patterns
Conduct A/B testing of application improvements

Communication:

Send you important notifications about the service
Respond to your inquiries and support requests
Inform you about changes to our terms or policies

Security and compliance:

Detect, investigate and prevent fraudulent or unauthorized activities
Protect the security and integrity of our application
Comply with applicable legal obligations

6. Third-Party Services and Sharing Information

6.1 Service Providers We Use

Firebase (Google LLC):

Lifetime Journal uses the following Firebase services:

Firebase Authentication: Registration and login management with Google
Firebase Firestore: Cloud storage and journal data synchronization
Firebase Analytics: App usage analysis and user behavior
Firebase Crashlytics: Error and performance report collection

Data location:

Your personal data and journal content are stored on Firebase servers located in the European Union (EU)
Firebase Analytics may process some data on Google LLC servers located in the United States

Regulatory compliance:

Google LLC complies with the EU-U.S., UK-U.S. and Swiss-U.S. Data Privacy Frameworks
Firebase provides GDPR-compliant Data Processing Agreements (DPA)
Firebase privacy information is available at: https://firebase.google.com/support/privacy

6.2 We Do Not Sell Your Data

We do not sell, rent or trade your personal data to third parties for their marketing purposes.

6.3 Disclosure by Legal Requirement

We may disclose your information if we are legally required to do so, or if we believe in good faith that such action is necessary to:

Comply with legal processes or government requests
Protect and defend our rights or property
Protect the personal safety of application users or the public
Protect against legal liability

7. Data Storage and Retention

7.1 Where We Store Your Data

Local storage:

A complete copy of your journal data is stored locally on your device using Room Database
This data is protected by your device's operating system security measures
If you enable biometric authentication, secure device APIs are used (biometric data is not sent to servers)

Cloud storage:

All your journal content is synced and stored in Firebase Firestore on servers located in the European Union
Data is encrypted in transit using SSL/TLS
Data at rest is protected by Firebase standard security measures

7.2 Retention Period

We retain your personal data for as long as your account remains active, plus:

Journal content: Retained while your account is active and for 30 additional days after account deletion
Authentication data: Retained while your account is active
Analytics and Crashlytics data: Retained according to Firebase retention policies (generally 60 days for analytics events, 90 days for crashlytics)
Backups: May be retained up to 30 additional days after account deletion

8. Data Security

We implement technical, organizational and physical security measures to protect your personal data:

Technical measures:

SSL/TLS encryption for data in transit
Secure authentication via Google Sign-In (OAuth 2.0)
Optional local biometric authentication (Face ID, Touch ID, fingerprint)
Session tokens with automatic expiration
Firebase Firestore security rules for access control
Automated and encrypted backups

Organizational measures:

Restricted access to personal data only for authorized personnel
Continuous monitoring of suspicious activities
Regular security reviews
Compliance with SOC 2 Type II standards (via Firebase/Google Cloud)

Limitations:

As of today, we do not implement end-to-end encryption of your journal entries
This means your data is protected by Firebase security measures, but we could technically access the content if required by legal or technical necessity
We are evaluating the implementation of end-to-end encryption in future versions

However, no method of transmission over the Internet or electronic storage is 100% secure. Although we strive to protect your data, we cannot guarantee absolute security.

9. Your Privacy Rights (GDPR)

As a user located in the European Union, you have the following rights regarding your personal data:

9.1 Right of Access

You can access all your journal data directly from the application.

9.2 Right of Rectification

You can edit and correct your journal entries, profile and preferences directly from the application.

9.3 Right of Deletion (Right to be Forgotten)

To delete your account and all your data:

Currently, account deletion must be requested by contacting: admin@apptolast.com
We will process your request within a maximum of 30 days
Deletion is permanent and irreversible
The following will be deleted:
- Your user profile
- All your journal entries and multimedia content
- All your data stored in Firebase (Authentication and Firestore)
- Your preferences and settings
Data in backups will be deleted within 30 additional days

9.4 Right of Data Portability (Export)

Data export:

Data export functionality in PDF and EPUB formats is currently in development
Once implemented, you will be able to export all your journal content directly from the application
In the meantime, you can request a copy of your data by contacting: admin@apptolast.com
We will provide your data in structured JSON format within 30 days

9.5 Right to Restriction of Processing

You can request restriction of processing of your personal data in certain circumstances by contacting us.

9.6 Right to Object

You can object to the processing of your personal data for direct marketing purposes or based on legitimate interests.

9.7 Right to Withdraw Consent

When processing is based on your consent, you can withdraw it at any time. This will not affect the legality of processing before withdrawal.

9.8 How to Exercise Your Rights

To exercise any of these rights, contact us through:

Email: admin@apptolast.com
Subject: "GDPR Rights Request - Lifetime Journal"

We will respond to your request within 30 days. We may request additional information to verify your identity before processing the request.

9.9 Right to File a Complaint

If you are not satisfied with how we handle your personal data, you have the right to file a complaint with the data protection authority in your country.

10. International Data Transfers

Although your journal data is stored on servers located in the European Union, some data may be transferred internationally:

Firebase Analytics:

Some analytical data may be processed on Google LLC servers located in the United States
Google LLC complies with the EU-U.S., UK-U.S. and Swiss-U.S. Data Privacy Frameworks
Google provides EU-approved Standard Contractual Clauses (SCC)

Protection guarantees:

All service providers that process data outside the EU comply with GDPR
EU Standard Contractual Clauses apply
Data is protected by equivalent security measures

11. Children's Privacy

Lifetime Journal is not directed to children under 13 years of age.

We do not knowingly collect personal information from children under 13 years of age. If we discover that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information from our servers as soon as possible.

If you are a parent or guardian and believe your child has provided us with personal information, contact us at admin@apptolast.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements or other operational reasons.

Notice of changes:

We will notify you of any material changes through a notification within the application
The "Last updated" date at the beginning of this policy will be updated
For significant changes, we may request your explicit consent before they take effect

Your responsibility:

We recommend that you periodically review this policy to stay informed about how we protect your information
Continued use of the application after changes constitutes your acceptance of the updated policy

13. Cookies and Tracking Technologies

Lifetime Journal does not use cookies as it is a native mobile application.

However, we use similar technologies:

Device identifiers:

Android Advertising ID (Android) / IDFV (iOS) for Firebase Analytics
These identifiers help us analyze app usage and improve user experience
You can disable advertising tracking in your device settings:
- Android: Settings > Google > Ads > Opt out of Ads Personalization
- iOS: Settings > Privacy > Tracking > Disable "Allow Apps to Request to Track"

Local storage:

We use local storage (Room Database) to cache app data and enable offline functionality
This data is stored exclusively on your device

14. Use of Analytical Data

We use Firebase Analytics to understand how users interact with our application:

Data collected:

User events (open app, create entry, use features)
Approximate demographic data (country, language)
Device information (model, OS, app version)
Engagement metrics (session duration, usage frequency)

Purpose:

Improve user experience
Identify popular or problematic features
Optimize application performance
Make informed decisions about development of new features

User options:

Analytics data is mostly aggregated and anonymous
We currently do not offer Analytics opt-out, but we are evaluating this option
You can contact us to request exclusion from analytical data collection

15. Contact

If you have questions, comments or concerns about this Privacy Policy or our privacy practices, contact us through:

Email: admin@apptolast.com

For requests to:

Exercise GDPR rights (access, deletion, portability, etc.)
Delete your account
Export your data
Privacy or security inquiries
Report privacy issues

Response time: We commit to responding to all privacy inquiries within 30 days.

16. Consent

By creating an account and using Lifetime Journal, you:

Confirm that you have read and understood this Privacy Policy
Accept the collection, use and processing of your personal data as described in this document
Confirm that you are at least 13 years of age
Accept the use of Firebase Analytics and Crashlytics to improve the application

If you do not agree with this policy, please do not use our application. You can withdraw your consent at any time by deleting your account by contacting admin@apptolast.com.

This policy has been designed to comply with the General Data Protection Regulation (GDPR) of the European Union and other applicable privacy laws.