Notice at Collection
For California residents under the CCPA as amended by the CPRA (Cal. Civ. Code §1798.100(a)). This short-form notice supplements the full Privacy Policy. Last updated: 23 May 2026.
1. Categories collected
| Category | Purpose | Retention |
|---|---|---|
| Identifiers (email, display name, account ID, IP) | Create and operate your account; security | Account lifetime; 30 days after deletion in production, 90 days in encrypted backups |
| Customer records (year of birth, password hash, MFA factors) | Age verification, authentication, account security | Account lifetime |
| Internet/network activity (request logs, device, browser) | Security, abuse prevention, debugging | Up to 12 months |
| Sensitive personal information — journal entries, morning intentions, daily reflections (content revealing mental-health information, GDPR Art. 9) | Provide the journaling service the user explicitly requested. Used only for the user's own review and (opt-out-able) personal insights. Stored under per-row envelope encryption (AES-256-GCM, per-user KEK). | Kept until the user deletes the entry or closes the account. On account deletion: live records erased within 30 days via cryptographic erasure (destruction of the per-user KEK renders all ciphertext unrecoverable); residual references in encrypted backups age out within the 30-day snapshot window (90 days outer bound). |
| Audit log (consent, export, deletion, MFA, processing-pause, insights opt-in/out events) | Security, fraud prevention, regulatory traceability (GDPR Art. 5(2) accountability; EU AI Act Art. 50(3)) | 12 months rolling from event date |
| Email send log (transactional and authentication emails) | Deliverability monitoring, bounce/complaint handling | 6 months rolling; suppression list kept indefinitely (CAN-SPAM/PECR) |
| Commercial information (if/when paid plans launch) | Process subscriptions via PCI-compliant processor (Stripe/Paddle hosted fields) | As required by tax and accounting law (typically 7 years) |
2. Sale or sharing of personal information
We do not sell personal information and we do not share it for cross-context behavioural advertising. We honour the Global Privacy Control (GPC) browser signal as a valid opt-out.
3. Sensitive personal information
We collect sensitive personal information only for the purposes listed above, which are necessary to provide the service you requested or fall within the permitted purposes in CCPA §7027(m). You may limit our use of sensitive personal information from Your Privacy Choices. Deleting your account permanently erases all sensitive data.
4. Your rights
- Right to know, access, and a portable copy of your data.
- Right to correct inaccurate data.
- Right to delete personal information.
- Right to limit use of sensitive personal information.
- Right to opt out of sale/sharing (we do neither, but honoured).
- Right to non-discrimination for exercising these rights.
Exercise your rights from /legal/privacy-choices or email privacy@onwardsupwards.app. An authorised agent may submit requests on your behalf with written, signed authorisation.
5. Contact
Onwards Upwards — privacy@onwardsupwards.app. Toll-free phone is not provided because we operate exclusively online (CCPA §7026(b)).