Privacy Policy

• We collect: the minimum necessary to provide the App — your email address (for sign-in) and the journal content you choose to write.
• We protect: data is encrypted in transit, and database access is restricted so that you can access only your own entries.
• We respect: we do not sell, rent or trade your personal information or journal content.
• Your control: you can export or permanently delete your data from within the App at any time.
• Usage context: we collect limited information about how and when the App is used — including your device timezone, an approximate country inferred from your network connection, and non-content measurements of your responses (such as character and word counts). We use this only to understand usage in aggregate; we do not use it to track your precise location, and these measurements do not include the text you enter.
• Feedback contact: during early access we will only email you for feedback if you expressly opt in.

Enquicken Connect is an educational wellbeing and journaling tool. It is not a medical, diagnostic, counselling or crisis service, and it does not provide medical advice, diagnosis or treatment. While your entries may relate to your feelings, health or wellbeing, this information is processed solely to provide the journaling service to you.

The kind of personal information we collect and hold about you depends on how you use the App, and may include:

• Identity & contact data: your email address (used to send one-time sign-in codes) and any profile details you choose to provide, such as a display name.
• Journal content: your prompt responses, elaborations, timestamps, and the metadata needed to display, search and export your journal (for example, which prompt format an entry used).
• Usage data: where product analytics is enabled, we record pseudonymous events such as pages viewed, prompts opened, responses saved, and errors encountered. Before you sign in, we may record anonymous login-page error codes (such as an invalid sign-in code) linked only to a random browser cookie identifier — not your email — so we can fix sign-in problems. These events are designed not to include the text of your journal entries. When you save a response, we also record non-content measurements of that response, such as its character count, word count, and internal quality signals derived from those counts (for example, whether a response appears unusually short or repetitive); these measurements do not include the text of your entry. We record your device timezone (for example, Australia/Sydney) when you sign in and with certain usage events, to understand when the App is used in users’ local time. We also record an approximate country, inferred from your IP address by our hosting provider when you sign in, which we use only in aggregate to understand the geographic mix of users. This is not precise geolocation and may be inaccurate, for example if you use a VPN or are travelling.
• Session security data: when you sign in, we record a coarse device class (phone or computer), whether the App is installed as a home-screen web app, and a truncated browser user-agent string, to apply your chosen sign-in duration and idle lock settings on that device. This is separate from product analytics session identifiers.
• Technical data: standard server and security information, such as IP address, browser type and request timestamps, collected automatically by our infrastructure providers to operate and secure the App. We may infer an approximate country from your IP address for the purposes described above.
• Feedback preference: whether you have opted in to be contacted for feedback, and the date that preference was recorded.

The Privacy Act 1988 (Cth) ("Privacy Act") defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. If information does not disclose or enable your identity to be ascertained, it will in most cases not be classified as Personal Information and will not be subject to this policy.

Sensitive Information includes information about an individual’s health, among other categories. Journal entries you write may include health or other sensitive information. We collect such information only because you choose to record it in the App, and we use it only for the primary purpose for which it was provided (operating your private journal), for a directly related secondary purpose, or with your consent or as required or authorised by law.

We use your personal information to:

• authenticate you and maintain your account;
• store, display, search and export your journal entries;
• operate, secure, troubleshoot and improve the App, including during early access testing;
• measure aggregate, de-identified product usage where analytics is enabled, including time-of-day patterns, the prompt formats used at different times, and response length patterns, in each case without accessing the text of your entries;
• report product engagement and retention to stakeholders (such as investors or grant providers) in de-identified, aggregate form only;
• contact you for feedback, where you have expressly opted in;
• respond to your support requests; and
• comply with our legal obligations.

We will never sell, rent or trade your personal information or journal content.

To operate the App we rely on a minimal set of trusted service providers. Your personal information may be stored or processed by these providers, including on infrastructure located overseas (primarily in the United States). Key providers are:

• Supabase — authentication, database and file storage for your account and journal data.
• Cloudflare — application hosting, content delivery, and inferring an approximate country from your IP address at sign-in.
• ZeptoMail (Zoho) — transactional email delivery, used to send your sign-in codes.

By using the App, you consent to your personal information being transferred to and stored in the jurisdictions in which our service providers operate, including the United States. While we take reasonable steps to engage providers that maintain recognised security standards, you acknowledge that if your personal information is mishandled in an overseas jurisdiction we may be unable to ensure the same remedies are available to you as under Australian law.

We take reasonable steps to protect your personal information. Data is encrypted in transit using HTTPS (TLS), and database access is protected by row-level security so that each account can access only its own data. We do not operate our own physical servers; data is held within our providers’ infrastructure.

We retain your account and journal data for as long as your account remains active. You may permanently delete your account and associated data from within the App at any time, subject to short-term backup cycles and any retention required by law.

Pseudonymous analytics events and response measurement records (character and word counts, without your text) are retained at an individual level for up to 90 days, after which they are removed once aggregated into summary metrics. Those aggregated metrics may be retained for up to two years for product measurement and investor reporting. Deleting a single journal entry removes its text from your journal; the related non-content measurement may be retained until the next scheduled removal of analytics records. Deleting your account removes all remaining individual analytics records promptly; periods already included in aggregated metrics are not retroactively removed.

Your device timezone and approximate country, where stored on your profile, are retained while your account is active and are deleted when you delete your account. No method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

The Australian Privacy Principles permit you to request access to the personal information we hold about you (Australian Privacy Principle 12) and to request correction of information that is inaccurate, out of date or incomplete (Australian Privacy Principle 13).

Much of this is self-service: you can view, export and delete your own data from within the App. For any other request, contact us using the details below. We aim to respond within 30 days.

The App is intended for adults aged 18 years and over. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

We may update this Privacy Policy from time to time. The date of the most recent revision will appear at the top of this page ("Last updated"). Your continued use of the App after any change constitutes acceptance of the revised policy.

If you have a complaint about how we have handled your personal information, please contact us first using the details below. All complaints will be considered by Enquicken, and we may seek further information to clarify your concerns. If you are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner.

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or wish to make a complaint, you can contact us using the details below. We are Enquicken (trading as Enquicken Wellbeing), ABN 88 271 863 279.