Urgesurf journal privacy policy

Topics:

  1. How we treat your journal data
  2. Your journal data and third party providers
  3. Your journal data and our AI provider
  4. How we ensure your journal data is secure

How we treat your journal data

Journals contain some of the most private and sensitive content a person can write. That's why at Urgesurf we consider this data to be as sensitive and important to protect as password data, if not more.

We will never read your journals. We've set up a system of permissions to ensure that no-one at the company has access to where the journal data is stored other than the founder who is registed as the data controller under the EU's "GDPR" regulation. This means that the founder can't legally access that data without a legitimate reason.

Under the GDPR, you as the user also have the right to:

  1. A copy of the personal data itself.
  2. Information about the purposes of processing.
  3. Recipients (or categories of recipients) who have received or will receive the data. (At Urgesurf we guarantee via the T&C's that this will forever be no-one when the data in question is Journal data.)
  4. The period for which the data will be stored (or criteria for determining it).
  5. The existence of rights to rectification, erasure, restriction, and objection.

Your journal data and third party providers

We will never send your journal data to third party providers. We'll also never automatically transfer your journal data to any AI service provider. For more information on this read below.

Any user on our free plan can be confident in the knowledge that their journal entries will never be sent to an AI service for the puproses of training any sort of model.

Your journal data and our AI provider

We will never send your journals to an AI service provider unless you explicitly allow us to do so, on a per-journal basis.

For each journal, any AI functionality will require you to press a button to undertake that AI functionality. It is only at that point that the journal data will be sent, and where possible, only the minimum amount of data required for the feature will be sent.

How we ensure your journal data is secure

  1. HTTPS always - This means that no-one can sit between you and the Urgesurf service to snoop on any data you're sending through.
  2. Strict data permission structure - This means that no-one, not even within the company, can use their data accounts to access journal data.
  3. Explicit, atomic AI consent - We'll never send your journal data to an AI service provider unless you explicitly allow it through the Urgesurf interface.
  4. Stringent security - We constantly monitor for vulnerabilities and update our code-base as soon as possible. We also use all security best practices within our codebase to minimise attack surfaces.
  5. (Coming soon) Biometric locking - We'll soon be adding biometric security locks to the app so that even on unlocked devices, your journals can optionally sit behind another layer of security.