What Went Well Get started

Privacy Policy

Effective date: May 21, 2025

1. Overview

What Went Well ("we", "us", "our") takes your privacy seriously. This policy explains what data we collect, how we use it, and the choices you have. Your journal entries are yours — we have no interest in reading them, selling them, or using them to train AI models.

2. Data We Collect

We collect only what is necessary to operate the Service:

  • Account data: name, email address, hashed password, and optional OAuth identifiers (Google, Apple).
  • Journal content: your entries and responses. If you enable end-to-end encryption, this content is encrypted on your device before it reaches our servers — we cannot read it.
  • Settings and preferences: reminder times, theme selection, question preferences, and notification tokens.
  • Billing data: subscription status and Stripe customer ID. We do not store full card numbers; Stripe handles payment processing.
  • Support messages: name, email, and message content when you contact us via the support form.
  • Device tokens: push notification tokens for web and iOS, stored only while you have notifications enabled.

3. End-to-End Encryption

You may opt in to end-to-end encryption in account settings. When enabled, all journal response bodies are encrypted on your device using AES-256-GCM with a key derived from a passphrase only you know. Encrypted content is stored on our servers as ciphertext we cannot decrypt. If you lose your passphrase, your encrypted entries cannot be recovered — there is no server-side reset path.

4. Analytics and Cookies

We use analytics cookies only on the marketing pages (this site's public-facing pages such as the home page, terms, and privacy policy). No analytics or tracking scripts run inside the journaling application (/app/*).

A cookie consent banner is shown on marketing pages before any analytics cookies are set. You may decline and no tracking will occur. Essential session cookies required for login are not subject to this banner.

5. How We Use Your Data

  • To provide and maintain the Service
  • To send push and email reminders you have configured
  • To process billing and manage your subscription
  • To respond to support requests
  • To understand aggregate usage patterns via marketing-page analytics (with consent)

We do not sell your data. We do not use journal content for advertising or AI training.

6. Third-Party Services

We share limited data with the following sub-processors:

  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • Pusher — push notification delivery.
  • Apple APNs — iOS push notifications (device token only).
  • S3-compatible storage — file storage for exports and avatars.

We do not share personal data with any other third parties except as required by law.

7. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all personal data — including journal entries, responses, and preferences — is permanently deleted from our systems. Billing records may be retained as required by applicable law.

8. Your Rights

You have the right to:

  • Access your data (Pro users can export a full JSON archive)
  • Correct inaccurate account information via account settings
  • Delete your account and all associated data at any time
  • Withdraw consent for analytics cookies at any time

To exercise any of these rights, use account settings or contact us.

9. Security

We use industry-standard measures including HTTPS for all data in transit, bcrypt-hashed passwords, httpOnly session cookies, and optional end-to-end encryption for journal content. No method of transmission over the Internet is 100% secure. We encourage you to use a strong password and enable two-factor authentication.

10. Children

The Service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notice. Continued use of the Service after changes constitutes acceptance.

12. Contact

Privacy questions or requests? Contact us.