← Back to Home

Privacy Policy

Last updated: February 25, 2026

Introduction

Discretio (“we,” “our,” or “us”) is a service operated by David Botha trading as Static Syntax. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our micro-journaling application and website (collectively, the “Service”).

By using Discretio, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

When you create an account, we collect:

  • Email address
  • Name (if you sign up with Google)
  • Profile picture (if you sign up with Google)
  • Password (encrypted, if you use email/password authentication)

Journal Content

We collect and store the journal entries you create within the Service. This includes:

  • Your written journal entries (encrypted at rest)
  • Mood data associated with entries (if you use mood tracking)
  • Activity data (streak counts, skip days, entry dates)

Usage Data

We automatically collect certain information when you use our Service:

  • Timezone information (to display entries correctly)
  • Basic server logs (IP address, request timestamps) retained by our hosting provider for security purposes

Payment Information

If you subscribe to premium features, payment processing is handled by our third-party payment processor. We do not store your full credit card number or payment credentials on our servers. We may receive limited billing information (such as the last four digits of your card and billing address) for record-keeping purposes.

How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain the Service: Including authentication, storing your journal entries, tracking streaks, generating insights, and displaying your activity history
  • To improve our Service: Analyzing usage patterns to enhance user experience
  • To communicate with you: Sending service updates, security alerts, and support messages
  • To ensure security: Detecting and preventing fraud, abuse, and security incidents

Google User Data

Our Service allows you to sign in using your Google Account. When you do so, we access your Google email address and basic profile information (name and profile picture).

Discretio's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate our platform (Supabase for database hosting)
  • Legal Requirements: If required by law, court order, or governmental regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

Data Security

We implement industry-standard security measures to protect your information:

  • Data encryption in transit (HTTPS/TLS)
  • Encryption at rest: Your journal entries are encrypted using AES-256-GCM before being stored in our database
  • Encrypted password storage using bcrypt
  • Secure authentication tokens and session management
  • Regular software updates and dependency maintenance
  • Automatic daily database backups provided by our infrastructure provider

Your journal content is decrypted only when needed to display it to you. We do not access your journal content except as necessary to provide the Service or when legally required.

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. You may request deletion of your account and associated data at any time through account settings or by contacting us at hello@discretio.app.

After account deletion:

  • Your journal entries are permanently deleted within 30 days
  • Personal information is removed from our active databases
  • Some data may be retained in backups for up to 90 days for disaster recovery purposes
  • Anonymized usage statistics may be retained indefinitely

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Data Portability: Request a copy of your data in a machine-readable format
  • Withdraw Consent: Withdraw consent for data processing where consent was the legal basis
  • Object to Processing: Object to certain types of data processing

To exercise these rights, please contact us at hello@discretio.app.

Cookies and Tracking

We use cookies to maintain your session and provide the Service:

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Store your timezone for displaying entries correctly

We do not currently use analytics or tracking cookies. If we add analytics in the future, we will update this policy accordingly.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected and how it is used
  • Right to request deletion of personal information
  • Right to opt-out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract Performance: To provide the Service you signed up for
  • Legitimate Interests: To improve and secure our Service
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: To comply with applicable laws

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For material changes, we will provide prominent notice or seek your consent as required by law.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: hello@discretio.app