MJ
Mindful Journal

GDPR Compliance

Your Data Protection Rights Under EU Law

Last Updated: August 11, 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals in the European Union enhanced control over their personal data. At Mindful Journal AI, we are committed to full GDPR compliance and protecting your privacy rights.

Your Rights

Enhanced control over your personal data

Data Security

Robust protection measures and encryption

Transparency

Clear information about data processing

Your GDPR Rights

Right to Access (Article 15)

You have the right to know what personal data we process about you and receive a copy of that data.

Right to Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure (Article 17)

You can request deletion of your personal data under certain circumstances (the "right to be forgotten").

Right to Restrict Processing (Article 18)

You can request limitation of processing of your personal data under certain conditions.

Right to Data Portability (Article 20)

You can receive your personal data in a structured, machine-readable format and transfer it to another service.

Right to Object (Article 21)

You can object to processing of your personal data for certain purposes including direct marketing.

Legal Basis for Processing Your Data

Contract Performance (Article 6(1)(b))

Processing necessary to provide our journaling and AI analysis services.

Consent (Article 6(1)(a))

Optional features like analytics and personalized recommendations (you can withdraw consent anytime).

Legitimate Interests (Article 6(1)(f))

Security, fraud prevention, and service improvement (balanced against your privacy rights).

Legal Obligation (Article 6(1)(c))

Compliance with applicable laws, regulations, and legal processes.

How We Protect Your Data

  • End-to-End Encryption: Your journal entries are encrypted before leaving your device
  • Data Minimization: We only collect data necessary for our services
  • Access Controls: Strict internal access policies and monitoring
  • Regular Audits: Continuous security assessments and compliance reviews

Data Retention Periods

  • Account Data:While account is active
  • Journal Entries:While account is active
  • Analytics Data:26 months (with consent)
  • Support Records:3 years after resolution
  • Deleted Account Data:30 days (complete erasure)

Frequently Asked Questions

Data Protection Contact

For GDPR-Related Inquiries:

  • Privacy Team: Available through in-app support
  • Response Time: Within 72 hours for urgent matters
  • Languages: English, German, French, Spanish

Supervisory Authority:

If you're not satisfied with our response, you have the right to lodge a complaint with your local data protection authority in the EU.

Need to Exercise Your Rights?

We're committed to making your GDPR rights easy to exercise. Contact us through any of the methods above, and we'll guide you through the process.