Privacy Policy

Last updated: April 23, 2026

Gratitude Journal is a personal voice-journaling web app. It is designed so that your journal entries stay with you — stored in your own Google Drive, never on any server we control. This page explains what happens to your data when you use it.

Data the app collects

None. The developer of this app does not collect, store, or receive any of your journal entries, audio, personal information, or usage data. There is no server-side database. There is no analytics or tracking.

How transcription works

The app uses your browser's built-in Web Speech API for voice transcription. Depending on your browser, the audio may be sent to your browser vendor's speech recognition service (for example, Google or Apple) to produce the transcript. This is your browser's own behavior and is not something the app itself controls. The resulting text is handled only within your browser and saved to your own Google Drive when you tap Save.

How storage works

When you sign in with Google, the app requests a narrow permission called drive.file. This scope allows the app to read, edit, and delete only the specific files it creates in your own Google Drive — nothing else. The app cannot see, list, or touch any other file in your Drive.

Your journal entries are written to a plain text file in a folder called Gratitude Journal in your own Drive. Only you have access to these files, just like any other document you own in Drive.

Authentication

Sign-in uses Google's OAuth 2.0 authorization-code flow. After you grant consent, Google issues a refresh token to the app, which the app stores in an HttpOnly cookie bound to your browser and the app's domain. This cookie is never visible to JavaScript and is sent only to this app's own backend endpoints — not to the developer, and not to any third party. The app uses the refresh token, server-side, to mint short-lived access tokens that are then used to read and write your own Drive files. You can revoke the refresh token (and therefore all access) at any time from your Google Account permissions page; tapping the close button in the app also revokes it. No authentication tokens are stored in any database — they live only in your browser's cookie and in transient serverless function memory.

Cookies and tracking

The app itself sets no cookies and uses no analytics, tracking pixels, or advertising. The only third-party resource the app loads is Google's sign-in SDK, which your browser requests directly from Google when you sign in. No journal content is sent back to the developer.

Revoking access

You can revoke the app's access to your Drive at any time from your Google Account permissions page. Existing journal files in your Drive remain yours; delete them there if you no longer want them.

Children

This app is not directed to children under 13 and does not knowingly collect information from anyone.

Changes to this policy

If this policy changes, the "Last updated" date above will change. Because the app does not store any user contact information, we cannot notify users directly.

Contact

Questions about this policy can be sent to lili675846@gmail.com.