Junk Drawer JournalSign in

Privacy Policy

Effective date: April 14, 2026

Junk Drawer Journal ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use our service at thejunkdrawercollective.ca (the "Service"), how we use it, and the choices you have. Please read it carefully.

By creating an account or using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account & Profile Information

When you register, we collect:

  • Email address and hashed password (managed by Supabase Auth)
  • Display name and avatar image, if you choose to provide them
  • Account creation date and last-updated timestamp
  • Subscription tier (free, premium, or founder), period (monthly / annual / lifetime), and subscription start date

1.2 Content You Create

Your creative work is stored on our servers, including:

  • Journal titles, descriptions, and page canvas data (layout, text, element positions)
  • Page thumbnails generated from your canvas
  • Media files you upload — photos, images, and PDFs — along with their metadata (file name, type, size, dimensions, and any capture date embedded in the file)
  • Tags you apply to media items
  • Media folder names and organisation

1.3 Usage & Analytics Data

We collect limited usage signals to operate and improve the Service:

  • Ad impression logs (which ad placement was shown, timestamp) — used to measure ad performance and enforce premium ad-free status
  • Storage consumption to enforce plan limits
  • Number of PDF exports used (to enforce free-tier limits)

1.4 Payment Information

When you upgrade to Premium, payment is processed by our third-party payment provider (Stripe). We do not store your full card number, CVV, or bank details. We retain a transaction record containing: amount, currency, payment method type, provider transaction ID, and status (succeeded / failed / refunded).

1.5 Technical Information

Like most web services, our infrastructure (Supabase and Vercel) may automatically collect IP addresses, browser type, operating system, and referrer URLs in server logs for security and diagnostic purposes. We do not combine this data with your account information for profiling.

2. How We Use Your Information

  • To provide the Service — storing your journals, rendering pages, and exporting PDFs.
  • To manage your account — authentication, subscription status, and storage quota enforcement.
  • To display advertising — free-tier users see sponsored placements. We log impressions internally; we do not sell your personal data to advertisers. If we integrate a third-party ad network (e.g., Google AdSense), their own privacy policies will apply to their data collection.
  • To process payments — fulfilling Premium upgrades and issuing refunds.
  • To communicate with you — account-related emails (password reset, billing receipts). We do not send marketing emails without your consent.
  • To improve the Service — understanding aggregate usage patterns to prioritise features and fix bugs.
  • To ensure security — detecting abuse, preventing unauthorised access, and complying with legal obligations.

3. Sharing Your Information

We do not sell your personal information. We share it only in these limited circumstances:

  • Service providers — the third parties below process data on our behalf under their own privacy policies and data-processing agreements:
    • Supabase — database, authentication, and file storage
    • Vercel — application hosting and edge delivery
    • Cloudflare — DNS, CDN, and email routing for our domain
    • Stripe — payment processing for Premium upgrades
    • Resend — sending transactional email (e.g., signup confirmations, password resets, support replies)
    • Sentry — error reporting and session replay so we can diagnose bugs you encounter
    • Google AdSense — serving ads on the free tier (see section 6 for cookie details)
  • Legal requirements — We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public.
  • Business transfers — If we merge with or are acquired by another company, your information may be transferred. We will notify you before your data is subject to a materially different privacy policy.

4. Data Retention

We retain your account data and content for as long as your account is active. If you delete your account, we will delete your personal information and media files within 30 days, except where retention is required by law (e.g., payment records, which we keep for 7 years for tax purposes).

5. Your Rights & Choices

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — update inaccurate or incomplete information via your account settings.
  • Deletion — request deletion of your account and all associated data.
  • Data portability — request an export of your journals and media.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.
  • Opt out of advertising — upgrade to Premium to remove all ads and ad impression logging.

To exercise any of these rights, email us at support@thejunkdrawercollective.ca. We will respond within 30 days.

6. Cookies & Local Storage

We use cookies and browser local storage in two categories:

6.1 Essential

  • Authentication cookies — set by Supabase to keep you logged in. These cannot be disabled without logging you out.
  • Cookie consent record — your accept/decline choice is stored in your browser's local storage so we don't ask again on every visit.
  • Editor state — zoom level and sidebar preferences are stored in browser memory (Zustand) and are never sent to our servers.

6.2 Advertising (free tier only)

Free-tier accounts see ads served by Google AdSense. When ads are enabled, AdSense and its partners may set cookies and similar tracking technologies on your device to:

  • Serve advertisements and measure their delivery
  • Apply frequency capping (so you don't see the same ad repeatedly)
  • Detect invalid traffic and prevent fraud
  • Where you have consented, personalize ads based on your interests

Users located in the European Economic Area, the United Kingdom, or Switzerland are asked for consent before personalized ads are shown. Outside those regions, ads may be personalized based on AdSense's default settings; you can opt out of personalized advertising at adssettings.google.com.

For full details on how Google AdSense uses data, see policies.google.com/technologies/ads.

Premium subscribers see no ads. When you upgrade to Premium, the AdSense placements stop rendering and AdSense cookies are not set as part of the Service.

You control whether non-essential cookies (including advertising) are set via the cookie consent banner shown on your first visit. To change your choice later, use the "Cookie preferences" link in the page footer.

7. Security

We use industry-standard safeguards including TLS encryption in transit, row-level security policies in our database so users can only access their own data, and hashed password storage. No system is perfectly secure; please use a strong, unique password and contact us immediately at support@thejunkdrawercollective.ca if you suspect unauthorised access to your account.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. International Transfers

Our infrastructure is hosted in data centres operated by Supabase and Vercel, which may be located outside your country of residence. By using the Service, you consent to your information being processed in those jurisdictions. We take steps to ensure appropriate protections are in place.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or an in-app notice. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Junk Drawer Journal
Email: support@thejunkdrawercollective.ca