← back

privacy

What we keep, and what we cannot read.

Your journal is encrypted in your browser before it ever reaches our servers. The text of your entries, your long-form writing, your captions, your notes and your photos are stored as ciphertext. We cannot read them. Nobody can be compelled to.

Last updated: 2 May 2026.

Who we are

On This Day is a trading name of Christchurch Web Solutions Limited, a company registered in England and Wales (Company No. 10977032) with its registered office at Unit 6, 6 Silver Business Park, Airfield Way, Christchurch BH23 3TA. We are the data controller for any personal data processed through this service. You can reach us at hello@onthisday.app.

What we collect

  • · Your email address
  • · A salted bcrypt hash of your password
  • · An optional name and date of birth (encrypted)
  • · Mood scores, entry dates, dropdown answers
  • · Hashtag names you use, and which entries they belong to
  • · Optional location coordinates per entry
  • · Encrypted blobs containing your entry text, long-form writing, notes, captions and photos
  • · A reminder time and timezone, if you set one

The structured metadata is what powers the visualisations and pattern analysis. Without it, the year view would have no colours and the patterns page would have nothing to show.

What we do not collect

  • · The text of your entries, only ciphertext we cannot decrypt
  • · Your long-form writing, same
  • · Your photos, encrypted in your browser before upload
  • · Your photo captions, encrypted alongside the entry
  • · Your notes, encrypted alongside the entry
  • · Anything else you would recognise as private

Why we are allowed to process this

Under the UK GDPR, the email + password hash + structured metadata + ciphertext we hold are processed under Article 6(1)(b), performance of a contract. You are signing up to use this service; we cannot deliver it without them. We do not rely on legitimate interests for any of this, and we do not process your data for marketing.

Where it lives

All of your data, encrypted blobs, structured metadata, the password hash, is stored on infrastructure we run ourselves on Hetzner servers in the European Union. Photos sit in Cloudflare R2 object storage as ciphertext that Cloudflare cannot read. Transactional email is sent via a self-hosted Postal server also in the EU. There are no transfers outside the European Economic Area for personal data we hold.

Cookies and tracking

One httpOnly session cookie, set when you sign in, cleared when you sign out. That is the only cookie this service sets. It is strictly necessary for authentication, which is why we do not ask for consent, there is nothing to consent to.

No analytics cookies, no advertising cookies, no third-party trackers, no fingerprinting, no session replay. We do not use Google Analytics, Plausible, Fathom, Posthog, Hotjar, or any equivalent. Cloudflare Turnstile is used on the sign-up and login forms for bot protection; it does not set tracking cookies.

Data sharing

We do not sell your personal data. We do not rent it, share it with advertisers, or pool it for any data-partnership scheme. The only third parties who touch your data at all are the infrastructure providers we run on (Hetzner, Cloudflare), and only as ciphertext or as the bare metadata we listed above. If we were ever required to disclose data under legal compulsion, the encrypted blobs would still be unreadable.

How long we keep it

For as long as your account is active. After twelve months of inactivity an account is marked dormant and permanently purged shortly after, entries, notes, photos, the lot. You can delete the account yourself from settings at any time, in which case the user row is purged immediately along with every associated entry, key, photo and note. The ciphertext becomes cryptographically unreadable in the same instant.

Your rights

Under the UK GDPR you have the right to access, correct, delete, restrict, port, or object to our processing of your personal data. In practice the product is built so most of these rights live one click away in your settings:

  • · Access, every entry, note, mood and photo can be read from inside the app, and downloaded as a single ZIP from Settings → Download my journal. The export is decrypted in your browser before it leaves the page.
  • · Erasure, Settings → Delete account purges everything immediately.
  • · Rectification: today and yesterday are editable directly. Past days are sealed by design, but you can add notes to them.
  • · Restriction, objection, portability, email us and we will respond within thirty days.

If you believe we are mishandling your personal data you can complain to the UK Information Commissioner’s Office at ico.org.uk. We would prefer the chance to fix it first, but it is your right.

California residents

We do not sell or share your personal information as those terms are defined under the California Consumer Privacy Act, and we have not done so in the previous twelve months. We have no business need to. Your CCPA rights to know, delete and correct are equivalent to the GDPR rights described above.

Children

This service is not intended for children under 16. We do not knowingly collect personal data from anyone under that age. If you believe a child has signed up, please email us and the account will be deleted immediately.

Changes to this policy

If we make a meaningful change we will update the date at the top, and for material changes we will email registered users. The earlier policy will remain available on request.

Contact

Privacy questions, data requests, or anything else: hello@onthisday.app