How we protect data
We build privacy and security into Umbrella Journal by default. Below is a high‑level overview for partners. For legal terms, see our Privacy Policy and Terms.
Encryption: TLS in transit; at‑rest encryption for stored data.
Data minimization: We collect only what’s needed to run the service.
Access controls: Role‑based access; least‑privilege principles.
Audit & monitoring: Production access is logged and reviewed.
Backups & continuity: Regular backups and recovery procedures.
Third‑party risk: Vendor review and contractual safeguards.
End‑user privacy
Journal entries belong to the user. Organizations do not receive personal journal content; enterprise partners may receive anonymous adoption and engagement trends only.
Subprocessors
Representative vendors we may use to deliver the service. This list is illustrative and may change; for the latest, contact our team.
| Vendor | Purpose | Region |
|---|---|---|
| Cloud infrastructure | Hosting and storage | Canada/US |
| Email provider | Transactional emails | Global |
| Analytics | Product usage analytics | Canada/US |
We contractually require vendors to protect personal information and use it only to provide their services to Umbrella Journal.