Privacy Policy

Privacy Policy

Last updated: 1st October, 2025

Chocho Journal (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our app and services.


1. Who We Are

Chocho Journal is operated by Oriono Digital LIMITED, registered in the United Kingdom under company number 14864124. For any questions about this policy, please contact us at help@chochojournal.com.


2. What Data We Collect

We collect only the data necessary to provide our journaling service:

  • Account information: First name, email address, sign-in provider (Apple/Google).

  • Profile details: gender (if you choose to provide it).

  • Health entries: symptoms, mood, energy, meals, reminders, notes, and other self-logged data.

  • App usage data: logs of check-ins, exports, and reminders.

  • Payment information: handled securely by our payment provider (Paddle). We do not store your card details.


3. Why We Collect Your Data

We process your data for the following purposes:

  • To provide and personalise your journaling experience.

  • To generate summaries, charts, and exports.

  • To deliver reminders and onboarding emails (via Resend).

  • To process subscriptions and payments (via Paddle).

  • To improve our app through analytics (Google Analytics/Tag Manager).

We do not provide medical advice. All data is for self-tracking purposes only.


4. Legal Basis for Processing

Under UK GDPR, health data is considered a “special category.” We process your data on the basis of:

  • Explicit consent: You provide consent during onboarding before entering any health data.

  • Contractual necessity: To provide the subscription service you purchase.

  • Legal obligations: To comply with UK tax or accounting requirements.


5. Data Storage & Security

  • All data is stored securely using encrypted databases provided by Supabase.

  • We implement technical and organisational measures to prevent unauthorised access.

  • We never sell or share your health data with third parties.


6. Data Retention

  • Your journal entries are retained as long as your account is active.

  • You may delete your account and all associated data at any time.

  • Some non-personal data may be retained for legal or financial record-keeping.


7. Your Rights

Under UK GDPR, you have the right to:

  • Access the data we hold about you.

  • Correct inaccurate data.

  • Delete your account and data (“right to be forgotten”).

  • Export your data.

  • Withdraw consent at any time.


8. Third-Party Services

  • Supabase (hosting and database).

  • Paddle (payments).

  • Resend (emails).

  • Google Analytics/Tag Manager (usage analytics).

These providers process your data on our behalf and are subject to appropriate safeguards.


9. Children’s Privacy

Chocho Journal is not intended for users under 16. We do not knowingly collect data from children.


10. Changes to this Policy

We may update this policy occasionally. If we make significant changes, we will notify you via email or within the app.


11. Contact

If you have any questions about this Privacy Policy, please contact us at help@chochojournal.com.