Journalwerx

Legal

Privacy Policy

Effective May 10, 2026

Introduction

Journalwerx (“Journalwerx,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you entrust to us. This Privacy Policy explains what information we collect when you use the Journalwerx website, application, and related services (the “Service”), how we use it, who we share it with, and the choices you have.

By creating an account or using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.

Information We Collect

We collect information in three broad categories: information you provide directly, information we collect automatically as you use the Service, and information from a small set of third-party service providers we rely on to run the Service.

Information you provide

  • Account information. Your name, business name, email address, phone number, and business address when you create or update your account.
  • Billing information. Payment method details are collected and processed directly by our payment processor, Stripe. Journalwerx does not receive or store full credit-card numbers; we store only the non-sensitive identifiers and metadata Stripe returns to us (such as customer and subscription IDs, last-four card digits where applicable, and billing status).
  • Business data you enter. Records you create or upload in the course of using the Service — clients, jobs, estimates, invoices, quotes, change orders, work orders, employees, subcontractors, payment requests, photos, files, and similar content.
  • Communications. Emails and documents you send to your customers through the Service, support inquiries you send to us, and any other messages you direct through our systems.

Information collected automatically

  • Usage data. Pages you visit, features you use, time spent in different areas of the application, and interactions with buttons and controls.
  • Device and connection data. Browser type and version, operating system, IP address, general geographic region inferred from IP, screen size, and referrer URL.
  • Cookies and similar technologies. Session cookies used for authentication and preference cookies (such as the chosen theme). We do not use cross-site advertising cookies or set tracking pixels for third-party advertisers.
  • Server logs. Routine request logs, error logs, and system-event logs generated by our hosting and database providers. These logs help us debug issues, secure the Service, and improve performance.

How We Use Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service, including features you have configured.
  • Process payments, manage subscriptions, and send billing receipts and renewal notices.
  • Send transactional messages, such as account verification emails, password resets, billing notifications, and in-product alerts you have enabled (for example, customer-view notifications).
  • Respond to your support requests and other communications.
  • Detect, investigate, and prevent fraud, security incidents, abuse, and violations of our Terms of Service.
  • Analyze aggregated usage patterns to understand which features are valuable and where the Service can be improved.
  • Comply with legal obligations, enforce our agreements, and protect the rights, property, and safety of Journalwerx, our users, and others.

How We Share Information

We share personal information only as described in this Policy. We do not sell personal information to third parties, and we do not share user data for third-party advertising purposes.

Service providers (data processors)

We use a small set of vendors to run the Service. These providers process information only as needed to deliver their services to us and are bound by their own privacy and security commitments.

  • Stripe— processes subscription payments and stores payment-method data on our behalf.
  • Resend— delivers transactional email (verification, billing, notifications, and documents you send through the Service).
  • Neon— hosts the Journalwerx production database in United States-based data centers.
  • Vercel— hosts the Journalwerx application and serves it to your browser.

Other circumstances

  • Legal requests. We may disclose information in response to a valid subpoena, court order, or other binding legal process, or when we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers. If Journalwerx is involved in a merger, acquisition, asset sale, or similar transaction, user information may be transferred as part of that transaction. Any successor entity will be bound by terms at least as protective as this Policy.
  • With your consent. We may share information with additional third parties when you direct us to do so or otherwise consent.

Data Retention

We retain your account and business data for as long as your account remains active. After cancellation, we retain your data for thirty (30) days to allow you to export it, after which we may permanently delete it from our production systems.

We may retain certain information for longer where required by law (for example, tax and payment records), to resolve disputes, to enforce our agreements, or to support legitimate business operations such as security investigations. Routine encrypted backups maintained by our hosting providers may persist for additional time consistent with those providers’ backup retention policies before being overwritten.

Data Security

We follow industry-standard practices to protect your information, including:

  • TLS encryption for data in transit between your browser and the Service.
  • Encryption at rest for the production database and for sensitive credential fields (such as connected email tokens).
  • Authentication enforced through Better Auth, with password hashing and email-verification gates.
  • Role-based access controls and per-organization data isolation so one customer’s data is not visible to another’s.
  • Payment-card data handled entirely by Stripe, which is certified to the PCI-DSS Level 1 standard.

No security system is impenetrable. While we take reasonable measures to protect your information, we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and for promptly notifying us at support@journalwerx.com if you suspect any unauthorized access.

Your Rights and Choices

You have the following rights with respect to the personal information we hold about you:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Update or correct inaccurate information directly through your account settings or by contacting support.
  • Deletion. Request deletion of your personal information, subject to any legal retention requirements or legitimate business purposes we have in retaining it.
  • Data export. Export your business data at any time through the Service’s export tools.
  • Cancellation. Close your account at any time from the Billing page.

To exercise any of these rights, contact us at support@journalwerx.com. We may need to verify your identity before fulfilling certain requests.

California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information:

  • The right to know what categories of personal information we collect and how we use them.
  • The right to know whether we sell or share personal information. Journalwerx does not sell personal information and does not share it for cross-context behavioral advertising.
  • The right to opt out of the sale or sharing of personal information. Because we do not sell or share personal information, this right is not applicable to our practices.
  • The right to request deletion of personal information.
  • The right to correct inaccurate personal information.
  • The right not to be discriminated against for exercising your privacy rights.

To exercise any CCPA right, contact us at support@journalwerx.com. We will verify your identity and respond within the timeframes required by law.

Cookies and Tracking

We use a minimal set of cookies and similar technologies:

  • Essential cookies are required to authenticate your session and run core features of the Service. The Service will not function without them.
  • Preference cookies remember choices such as your selected theme.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking technologies. You can disable cookies in your browser settings, but doing so will prevent you from signing in or using significant parts of the Service.

Children's Privacy

The Service is intended for use by individuals who are at least eighteen (18) years old. We do not knowingly collect personal information from anyone under 18. If you become aware that a child has provided us with personal information, please contact us at support@journalwerx.com and we will take reasonable steps to delete that information from our systems.

International Users

Journalwerx is operated from the United States, and our production data is stored in United States-based data centers. If you access the Service from outside the United States, you understand and consent to the transfer, storage, and processing of your information in the United States, which may have data-protection laws different from those of your country.

Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective” date at the top of this page reflects the most recent revision. For material changes that affect how we use or share your personal information, we will notify you through email or in-app notification.

Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of the updated terms.

Contact

For privacy-related questions or to exercise any of the rights described above, contact us at support@journalwerx.com.