JourneyLoop JourneyLoop

Legal Compliance

GDPR, CCPA, and privacy law compliance

We are fully committed to privacy law compliance with comprehensive protections that meet or exceed requirements under major privacy regulations worldwide. Regardless of where you live, we honor the privacy rights granted under GDPR and CCPA universally for all JourneyLoop users.

GDPR Compliance (European Union)

The General Data Protection Regulation (GDPR) is the EU's comprehensive data protection law. We comply with all GDPR requirements for users in the European Economic Area (EEA).

Legal Basis for Processing

We process your data under multiple legal bases to comply with GDPR:

  • Contract Performance

    Processing session data and providing AI insights is necessary to deliver the coaching platform service you've contracted for.

  • Legitimate Interest

    We have a legitimate interest in improving platform quality, preventing fraud, and ensuring system security.

  • Consent

    For optional features like marketing communications, we obtain your explicit consent.

Your GDPR Rights

Right to Access

View all personal data we hold about you

Data Portability

Export your data in machine-readable format

Right to Rectification

Update or correct inaccurate information

Right to Erasure

Request complete data deletion

Restrict Processing

Limit how we process your data

Right to Object

Object to certain processing activities

Learn more about Your Data Rights →

International Data Transfers

We primarily use US-based infrastructure providers (Heroku, Supabase on AWS). For EU users, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) with all vendors
  • Encryption in transit and at rest for all data transfers
  • Regular vendor compliance audits and assessments

CCPA Compliance (California)

The California Consumer Privacy Act (CCPA) grants California residents specific rights over their personal information. We comply with all CCPA requirements.

Categories of Information We Collect

We collect the following categories of personal information:

  • Personal Identifiers

    Name, email address, account credentials

  • Professional Information

    Coaching session content, client relationships, professional notes

  • Commercial Information

    Subscription records, billing history (processed by Stripe)

  • Usage Data

    Feature usage patterns, device information, browser type

See full details on Data Collection →

Your CCPA Rights

Right to Know

Request disclosure of data collection practices

Right to Access

Obtain a copy of your personal information

Right to Delete

Request deletion of your personal data

Right to Opt-Out

Control over data sharing and processing

Non-Discrimination

No penalties for exercising privacy rights

Right to Correct

Update inaccurate personal information

We Do Not Sell Personal Information

JourneyLoop does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We have not sold personal information in the past 12 months and do not have plans to do so in the future.

Your Privacy is Protected: Your data is used exclusively to provide and improve the JourneyLoop service.

Additional Compliance Measures

Clear Consent Processes

Transparent consent mechanisms for all data collection and processing activities.

Privacy Impact Assessments

Regular privacy reviews for all new features and data processing activities.

Regular Compliance Audits

Ongoing monitoring and review of privacy practices and vendor compliance.

Documentation & Records

Detailed records of processing activities, vendor agreements, and compliance measures.

Breach Notification

Procedures to notify affected users within 72 hours of discovering a data breach.

Team Training

Regular privacy and security training for all JourneyLoop team members.

Data Protection Officer

We have designated a Data Protection Officer (DPO) responsible for overseeing our privacy compliance and serving as your point of contact for privacy questions.

Contact Our DPO

For privacy-related questions, concerns, or to exercise your privacy rights, contact our DPO at:

Email: privacy@journeyloop.ai

Response time: Within 30 days for GDPR/CCPA requests. We typically respond much faster for straightforward requests.

Right to Lodge a Complaint

If you're not satisfied with how we've handled your privacy concerns, you have the right to lodge a complaint with a supervisory authority:

EU/EEA Residents

Contact your national Data Protection Authority. Find your authority at:

edpb.europa.eu

California Residents

Contact the California Attorney General's Office at:

oag.ca.gov

Related Privacy Topics