Privacy Policy
We've written this policy in plain English. We are a small UK-based studio and we take your privacy seriously. The short version: we collect the minimum data needed to run the app, your journal entries are private, we never sell your data, and you have full rights under UK GDPR to access, correct, or delete what we hold.
Contents
1. Who we are 2. What data we collect 3. How we use your data 4. Data storage and security 5. Who we share data with 6. How long we keep your data 7. Your rights under UK GDPR 8. Cookies 9. Children 10. Changes to this policy 11. Contact us1. Who we are
Blackbox Journal is developed and operated by Okunola Digital Studios Ltd, a company registered in England and Wales. For the purposes of UK data protection law, Okunola Digital Studios Ltd is the data controller.
Our contact details are:
- Email: privacy@okunolastudio.com
- Website: okunolastudio.com
- Jurisdiction: England and Wales
2. What data we collect
We collect the minimum data necessary to provide the service. Here's a full breakdown:
Data you provide directly
| Type | Examples | Purpose |
|---|---|---|
| Account information | Email address, name | To create and manage your account |
| Journal entries | Morning/evening check-ins, free writing, gratitude entries | Core app functionality. Encrypted — we cannot read them. |
| Mood ratings | Mood score (Great/Good/Okay/Low/Struggling) | Mood tracking and trend analysis |
| Wheel of Life ratings | Scores for Career, Health, Finances, Family, etc. | Life balance tracking |
| Waitlist signups | Name and email | To notify you when the app launches |
Data collected automatically
| Type | Purpose |
|---|---|
| Device type and OS version | Technical support and compatibility |
| App usage data (e.g. which screens you visit, feature usage frequency) | To improve the app |
| Crash reports | Bug fixes and stability |
| IP address (at account creation) | Fraud prevention and security |
Journal entries are end-to-end encrypted. Your raw written words are encrypted before they leave your device. Even if our servers were breached, your private journal entries would be unreadable. AI analysis operates only on encrypted summaries stored separately, never on your raw text.
3. How we use your data
We use your data only for the following purposes, with the legal basis for each:
| Purpose | Legal basis |
|---|---|
| Providing the app and its features | Contract performance (fulfilling our service to you) |
| Account management and authentication | Contract performance |
| AI pattern detection and insights | Consent (you can opt out at any time) |
| Sending product updates and launch notifications | Consent (you can unsubscribe at any time) |
| Improving the app and fixing bugs | Legitimate interests (making a better product) |
| Fraud prevention and security | Legitimate interests and legal compliance |
| Complying with legal obligations | Legal obligation |
We will never use your data for advertising, profiling for third parties, or any purpose not listed above.
4. Data storage and security
Your data is stored using Supabase, a secure backend platform with data centres in the EU (Frankfurt, Germany). All data is stored within the European Economic Area (EEA) unless explicitly noted.
Security measures
- Journal entries are encrypted before leaving your device
- Connections use TLS 1.2+ encryption in transit
- Passwords are hashed using bcrypt — we never store plaintext passwords
- Access to production data is restricted to essential personnel only
- We perform regular security reviews of our codebase and infrastructure
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected users without undue delay.
5. Who we share your data with
We do not sell your data. We do not share it with advertisers. We share data only with the following service providers, who are contractually bound to process it only as we instruct:
| Provider | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database and authentication | EU (Frankfurt) |
| Apple Inc. | App Store distribution and push notifications | USA (Standard Contractual Clauses apply) |
| AI model providers (to be confirmed) | Pattern detection and insights generation | EU-region servers where possible |
We may also disclose data where required by law, court order, or regulatory authority.
6. How long we keep your data
- Active accounts: We retain your data for as long as your account is active.
- Deleted accounts: When you delete your account, all personal data and journal entries are permanently deleted within 24 hours. Aggregated, anonymised analytics may be retained.
- Waitlist signups: Retained until you launch the app (at which point you become a user) or until you unsubscribe, whichever comes first.
- Legal obligations: Some financial or legal records may be retained for up to 7 years as required by UK law.
7. Your rights under UK GDPR
Under UK data protection law, you have the following rights:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can ask us to correct inaccurate or incomplete data.
- Right to erasure — You can ask us to delete your personal data ("the right to be forgotten").
- Right to restrict processing — You can ask us to limit how we use your data in certain circumstances.
- Right to data portability — You can request your data in a structured, machine-readable format.
- Right to object — You can object to processing based on legitimate interests or for direct marketing.
- Rights related to automated decision-making — You can request human review of any automated decisions that significantly affect you.
To exercise any of these rights, contact us at privacy@okunolastudio.com. We will respond within 30 days. If you are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
The Blackbox Journal mobile app does not use cookies.
Our website (okunolastudio.com) uses a small number of cookies:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| cookie_consent | Essential | Remembers your cookie consent choice | 1 year |
| _analytics (TBD) | Analytics (opt-in only) | Anonymised site usage statistics | Session |
We do not use advertising cookies or track you across other websites. You can manage or withdraw your cookie consent at any time using our cookie settings banner.
9. Children
Blackbox Journal is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at privacy@okunolastudio.com and we will delete it promptly.
Users between 13 and 17 should use the app with parental awareness. The app contains self-reflection prompts about mood, stress, and emotional wellbeing and is designed for adults.
10. Changes to this policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of the page. For significant changes, we will notify you by email (if you have an account) or by a notice within the app.
Continued use of Blackbox Journal after changes take effect constitutes acceptance of the updated policy.
11. Contact us
For any questions about this privacy policy or how we handle your data:
- Email: privacy@okunolastudio.com
- General enquiries: hello@okunolastudio.com
- Website: okunolastudio.com
We aim to respond to all privacy-related queries within 5 business days, and we are required by law to respond to formal data subject access requests within 30 days.