Privacy Policy

Last updated: March 19, 2026

This policy explains how Aurum Diary collects, uses, protects, and discloses the data required to operate the service. It also covers AI-powered features, technical service providers, analytics, and your privacy rights.

Back to Aurum Diary

1. Who handles your data

Aurum Diary processes personal data to provide the service available at aurumdiary.com. For privacy questions or to exercise your rights, contact us at contact@aurumdiary.com.

Because users may write about emotions, relationships, stress, or health-related topics, some content submitted to Aurum Diary may be sensitive depending on what you choose to share.

2. Data we collect

We collect only the categories of data needed to operate Aurum Diary, secure accounts, manage payments, and improve the experience.

  • Account data: email address, first name, sign-in provider, and technical account identifiers.
  • Journal and reflection data: entries, titles, tags, prompts, generated reflections, pattern signals, and related metadata.
  • Subscription and payment data: subscription status, Stripe identifiers, checkout and billing history. We do not store full payment card numbers.
  • Usage and security data: technical logs, device and browser information, session data, approximate IP-related data, product events, anti-abuse signals, and diagnostics.
  • Communication data: email preferences, transactional and onboarding email events, unsubscribe status, and support interactions.

3. How we use data

We use data to provide the service you request, secure accounts, deliver AI-assisted reflection features, manage subscriptions, respond to support requests, send service-related communications, produce internal product analytics, and comply with legal obligations.

We do not publish or sell your journal content. We use your content to deliver the features you activate inside the product.

4. AI-powered features

When you request a reflection, analysis, digest, or other AI-powered feature, the text you choose to submit, together with relevant context required to deliver that feature, may be processed to generate the requested output.

This processing may involve AI service providers acting on our behalf to return the feature you requested. We use that transmission to deliver the service, not to sell your journal entries.

5. Service providers and categories of recipients

We use technical service providers and processors to operate Aurum Diary.

  • Google / Firebase / Google Cloud for hosting, authentication, database, storage, and certain analytics functions.
  • Stripe for payments, billing portal services, and subscription-related webhooks.
  • Resend for transactional and certain onboarding emails.
  • AI providers, including DeepSeek, for reflections and analyses you explicitly request.

6. Cookies, local storage, and analytics

Aurum Diary uses cookies and local storage to maintain sessions, remember certain preferences, and measure how the product is used.

We also use analytics technologies, including Google Analytics and Google Tag Manager, as well as internal product-event tracking. These tools help us understand traffic, conversions, and feature usage.

You can configure your browser to limit some cookies, but doing so may reduce or break parts of the service.

7. Legal bases (GDPR)

Where the GDPR applies, we process personal data on one or more of the following legal bases: performance of a contract to provide Aurum Diary, compliance with legal obligations, legitimate interests in securing and improving the service, and consent where required.

When you use AI-assisted features, the related processing is primarily carried out to provide the service you requested.

8. Security

We use reasonable security measures, including encryption in transit, access controls, security logging, and client-side encryption for supported journal-storage flows.

Some features, including AI-powered features, require operational processing of the text you submit in order to return the requested output. No transmission or storage method is perfectly secure.

9. Data retention

We keep personal data for as long as needed to provide Aurum Diary, keep your account active, administer subscriptions, prevent fraud, resolve disputes, comply with the law, and complete reasonable backup cycles.

If you delete your account, we delete or anonymize data according to our deletion workflow, subject to legal obligations, security logs, temporary archives, and billing or claims-defense needs.

10. International transfers

Depending on where you are located and which service providers are involved, your data may be processed in the European Union, the United States, or other countries where our providers operate.

Where required, we use appropriate transfer mechanisms, such as contractual safeguards or other legal protections recognized under applicable law.

11. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object, export, or port your data, and to withdraw consent where processing depends on consent.

California residents may also request information about the categories of personal information collected, and may request access, correction, or deletion under the CCPA/CPRA.

  • We do not sell personal information.
  • We do not use personal information for cross-context behavioral advertising.
  • To exercise your rights, contact us at contact@aurumdiary.com.

12. Children

Aurum Diary is not intended for children under 16. If you believe a child provided personal data to us in violation of this rule, contact us so we can review and delete the relevant data where appropriate.

13. Changes and contact

We may update this policy to reflect product, legal, or vendor changes. The latest version will be posted on this page with an updated date.

For privacy questions, rights requests, or concerns about this policy, contact us at contact@aurumdiary.com.