Skip to main content

Privacy Policy

Effective date: October 20, 2025 | Last updated: October 20, 2025

1) Who We Are (Controller) & How To Contact Us

Controller: Sunpia Inc.
Contact email: contact@sunpia.io

If you are in the EEA/UK and wish to exercise regional rights, contact us at the email above. If we appoint an EU/UK representative, we will update this Policy.

2) Scope & Definitions

  • Account: Your Discord account used to access the Service.
  • Discord: The platform operated by Discord Inc. through which you access the Service.
  • Personal Data: Information relating to an identified or identifiable individual.
  • Service Providers: Third parties that process data on our behalf (e.g., hosting, support, AI models).
  • User Content: Messages, journal entries, notes, reminders, to-dos, and related data you submit.

This Policy applies to data processed when you interact with Journaley on Discord and any related support channels or status pages we operate.

3) What We Collect

A. Discord Account & Context

  • Discord User ID and username (including discriminator, if applicable)
  • Server (Guild) IDs where the bot is present
  • Channel IDs and message metadata necessary to operate the Service

B. User Content

  • Journal entries, notes, reminders, to-dos, and related timestamps
  • User Messages
  • Settings and preferences (e.g., timezone, reminder times, feature flags)

C. Usage & Diagnostics

  • Command usage frequency and feature utilization
  • Session timestamps and performance metrics
  • Error logs and diagnostic data

D. We do not intentionally collect

  • Email address or phone number (unless you contact us directly)
  • Payment information (the Service is currently free)
  • Precise geolocation or biometric data

We may collect other data necessary for the function of the app.

4) Sources of Personal Data

  • Directly from you via interactions with the bot on Discord (DMs and permitted channels)
  • Automatically from Service operation (usage logs, diagnostics)
  • From Service Providers as needed to run core features (e.g., Discord delivery metadata)

5) How We Use Personal Data (Purposes)

  • Provide and maintain the Service (core journaling, reminders, to-dos)
  • AI-powered features (e.g., summaries, follow-ups, natural language parsing)
  • Notifications (daily check-ins, reminders, roundups via Discord)
  • Security and abuse prevention (detect spam/abuse, rate limiting)
  • Service improvement (feature tuning, analytics on aggregated/anonymous data)
  • Customer support (respond to inquiries, troubleshoot)
  • Legal compliance (respond to lawful requests, enforce our Terms)
  • Business continuity (e.g., merger/acquisition due diligence and transfer)

6) Legal Bases (EEA/UK/CH)

Where applicable law requires a legal basis, we rely on:

  • Contract performance (providing the Service you requested)
  • Legitimate interests (improving features, security, preventing abuse), balanced against your rights
  • Consent (where required by law—for example, certain AI processing)
  • Legal obligation (compliance with applicable laws)

7) Sharing & Disclosures

We share Personal Data only as needed to provide, secure, and improve the Service:

  • Discord, Inc. (platform operation and message delivery)
  • AI model provider(s) (e.g., OpenAI) when you invoke AI features; your inputs/outputs may be processed by the AI provider per its policies
  • Hosting & infrastructure (compute, storage, logging)
  • Professional services (legal, accounting, security consultants, under confidentiality)
  • Legal or safety (to comply with law; protect rights, safety, and property)
  • Business transfers (merger, acquisition, financing, or similar event)

We do not sell or share your Personal Data as "sell" or "share" are defined by the California Consumer Privacy Act (CCPA/CPRA).

8) International Transfers

We may process and store data in the United States and other countries.

9) Data Security

We implement commercially reasonable measures including, where applicable:

  • Access controls and authentication
  • Secure server configuration and monitoring

No system is 100% secure. We will notify you of certain security incidents as required by law.

10) Data Retention

We retain data only as long as necessary for the purposes in §5, or as required by law.

Illustrative defaults (configurable):

  • Journal entries/notes: retained until you delete them
  • Reminders/to-dos: removed after completion or manual deletion
  • Account references: for the life of your use plus a reasonable period for dispute resolution and legal requirements

13) Your Rights

General (applies broadly)

  • Access (learn what we hold about you)
  • Rectification (correct inaccuracies)
  • Deletion (request erasure, subject to lawful exceptions)
  • Portability (receive certain data in a portable format)
  • Withdraw consent (where processing relies on consent)

EEA/UK/Switzerland (GDPR)

  • Restriction (limit processing in specific circumstances)
  • Object (to processing based on legitimate interests)
  • Complain (to your local data protection authority)
  • Erasure ("right to be forgotten")

California (CCPA/CPRA)

  • Right to know (categories and specific pieces of Personal Data)
  • Right to delete (subject to exceptions)
  • Right to correct
  • Right to opt-out of "sale"/"sharing" (we do not sell/share Personal Data)
  • Right to non-discrimination for exercising rights

14) How To Exercise Your Rights

Email: contact@sunpia.io
Subject line: "Privacy Rights Request"
Include: your Discord User ID, Discord username, and a description of your request. We may ask for additional verification to protect your account.

If we deny a request (e.g., cannot verify identity or a legal exception applies), we will explain why and how to appeal by replying to the decision email with "Appeal Request."

15) Third-Party Policies You Should Review

  • Discord: Your interactions occur on Discord. See Discord's Privacy Policy.
  • OpenAI (API). When you use AI features, we transmit only the data reasonably necessary (e.g., prompts, relevant message context, settings) to the OpenAI API to generate outputs and return them to you. OpenAI processes that data under its own terms and privacy notices. Please review OpenAI's current privacy and API data-usage policies for details on retention, security, and whether inputs/outputs are used for service improvement or model training. Provider practices may change over time.

We do not control third-party policies. Where feasible, we configure integrations to minimize data exposure.

16) Do Not Track

We do not track your browsing across third-party sites and do not respond to DNT signals.

17) Changes To This Policy

We may update this Privacy Policy from time to time. Unless otherwise stated, changes are effective when posted with a new "Last updated" date. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

18) Your Consent

By accessing or using the Service, you acknowledge that you have read this Privacy Policy and consent to the collection, use, and disclosure of information as described here to the extent permitted by applicable law. If you do not agree, do not use the Service.

19) Contact

Email: contact@sunpia.io
Mail: Sunpia Inc., 1 Miramar St, La Jolla, Apt 3321, San Diego, CA 92037

For privacy-related inquiries, please include "Privacy Inquiry" in the subject line.