Umbrella Journal | Privacy policy

Privacy policy

Last updated: March 9, 2026

For Ella-specific privacy details, see the Ella Privacy Supplement.

Umbrella Journal, Inc (“Umbrella Journal,” “us,” "we," or “our”) is committed to protecting and respecting your privacy in connection with your use of our website, www.umbrellajournal.ca (the “Website(s)”), applications (“Apps”) and other products, services and features thereof (the Website, the Apps and such other products, services and features are collectively referred to herein as the “Product” or “Products”, which may be updated from time-to-time at the sole discretion of Umbrella Journal). This privacy policy (“Privacy Policy”) and any other documents referred to herein set forth the basis on which any personal data we collect from you, or that you provide to us, in connection with the Products will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will collect, use and disclose your personal data.

1. DATA WE MAY COLLECT

We may collect and process the following categories of personal data, depending on how you interact with the Products:

Identifiers and contact information (e.g., name, email address). If you contact support or create an account, we process the information you provide.
Account and authentication information (e.g., password, account settings) where accounts are offered.
Device and technical information (e.g., operating system, device type, app version, crash logs, and performance data).
Usage data (e.g., pages viewed, features used, timestamps) and information collected via cookies and similar technologies as described in Section 7.
Communications and feedback (e.g., requests sent to support, survey responses).
Payments: We do not collect or process credit or debit card numbers. In‑app purchases are processed by Apple and Google. For any web purchases, we use a third‑party payment processor.
Referrals: If you invite a friend to the Products, we process their name and email to send the invitation.

2. USES MADE OF THE DATA

We use information held about you in the following ways:

To provide you with the Products.
To answer your questions or requests for information or handle your complaints.
To ensure that content provided by the Products is presented in the most effective manner for you and for your computer or other device.
To provide you with promotional communications, such as email, to the extent that you have provided consent and/or consistent with notice and any opt-out rights to receive such communications under applicable law.
To carry out our obligations arising from any agreements entered into between you and us.
To allow you to participate in interactive features of the Products, when you choose to do so.
To notify you about updates or changes to Product features and content.
To understand your broad, non-specific geographic location to help us identify groups of users by general geographic market (such as zip code, state or country).
To manage your payments and orders.
If you are an existing customer, we will only contact you by electronic means (e-mail or in-Product communication) with information about products and services similar to those which were the subject of a previous sale to you, except if you do not consent to, or opt-out to such communications.

3. AI FEATURES

Some Product experiences use artificial intelligence to generate prompts, reframes, or insights. When you use these features, we process the inputs you provide (for example, journal text, selections, and feedback) to return outputs. We use service providers under contract to host and run these models and we restrict them to processing your data on our instructions. We do not permit AI vendors to use your personal information to train their foundation models. You can choose not to use AI features; core journaling remains available. AI outputs may be inaccurate or inappropriate for your circumstances—please review our Terms for additional details.

To improve quality and safety, we may use aggregated or de‑identified data (not personal information) for evaluation, testing, and model improvements.

4. DE‑IDENTIFIED AND AGGREGATED DATA

We may create aggregated, anonymous, or de‑identified data from personal information by removing or masking elements that identify you. We maintain such data in de‑identified form and will not attempt to reidentify it except to test and validate our de‑identification processes. De‑identified data is not personal information.

5. CONFIDENTIALITY AND SECURITY

The security of your personal data is important to us. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal data, you can contact us at help@umbrellajournal.ca . Except as described under the “Disclosure of Your Data” section below, we do not provide your personal data to any third party without your specific consent, as defined by applicable law. Umbrella Journal maintains technical, administrative and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, misuse or disclosure. Your personal information is accessible to only a limited number of personnel who need access to the information to perform their duties. Please note, however, that no method of transmission over the Internet or method of electronic storage is 100% secure.

6. NEWSLETTERS OR OTHER ELECTRONIC COMMUNICATIONS

If you sign up to receive promotional materials from us via email and/or push notifications we will use the data you give us to provide the communications you have requested. If you inform us that you wish to cancel email promotional materials by selecting “unsubscribe” at the bottom of such communication or by emailing us at help@umbrellajournal.ca, we will remove you from our mailing list. If you no longer wish to receive push notifications, you may turn them off at the device level. If you provide your phone number to us directly or through a third-party for the specific purpose of receiving an SMS message with a link to our Apps, you will receive such SMS message (the “SMS Service”). Standard text message rates will apply. We will endeavor to comply with these requests as soon as reasonably practicable. Please be advised that you may not be able to opt-out of receiving certain service or transactional email messages from us that are required to provide you with our Products.

7. TRACKING TECHNOLOGIES

Umbrella Journal and our analytics partners use technologies such as cookies, beacons, tags, and scripts to enable a service to recognize your device so you don't have to provide the same data several times during one task, to recognize that you may have already given a username and password so you don't need to do it for every web page requested, and to measure how people are using the Products.

We use local storage, such as HTML5, to store content data and preferences. Third parties with whom we partner to provide certain features on the Products also use HTML5 to collect and store data. Various browsers may offer their own management tools for removing HTML5.

We obtain consent where required by law before setting non‑essential cookies and provide you the opportunity to opt‑out of marketing/analytics cookies. For details and to manage your preferences, see the Cookie Policy or visit Cookie settings. We honor the Global Privacy Control (GPC) signal by treating it as an opt‑out of sale/sharing and disabling marketing/analytics cookies where detected.

8. MOBILE ANALYTICS

We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record data such as how often you engage with the Products, the events that occur within the Products, aggregated usage and performance data, and where the Applications were downloaded from. We may link the data we store within the analytics software to any personal data you submit within the mobile application.

9. LOG FILES

As true of most websites, we gather certain data and automatically and store it in log files. This data may include Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. If you receive the HTML-formatted version of our email newsletter, your opening of the newsletter is notified to us and saved. Your clicks on links in the newsletter are also saved. These and the open statistics are used in aggregate form to give us an indication of the popularity of the content and to help us make decisions about future content and formatting.

10. YOUR DATA RIGHTS

As you may know, a European Union law called the General Data Protection Regulation (“GDPR”) gives certain rights to applicable individuals in relation to their personal data. Accordingly, we have implemented transparency and access controls to help such users, including residents of the EU, Switzerland, and the United Kingdom exercise those rights. As required under applicable law, the rights afforded to you are: A right of access: you have the right to obtain (i) confirmation as to whether personal data concerning you are processed or not and, if processed, to obtain (ii) access to such data and a copy thereof. We provide an easy-to-view snapshot of such data via the “My Data” tab in the Products.

A right to rectification: you have the right to obtain the rectification of any inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

A right to erasure: in some cases, you have the right to obtain the erasure of personal data concerning you. Upon request, Umbrella Journal will permanently and irrevocably anonymize your data such that it can never be reconstructed to identify you as an individual. However, this is not an absolute right and Umbrella Journal may have legal or legitimate grounds for keeping such data.

A right to restriction of processing: in some cases, you have the right to obtain restriction of the processing of your personal data. A right to data portability: you have the right to receive the personal data concerning you which you have provided to Umbrella Journal , in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from Umbrella Journal . This right only applies when the processing of your personal data is based on your consent or on a contract and such processing is carried out by automated means.

A right to object to processing: you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you when such processing is based on the legitimate interest of Umbrella Journal. Umbrella Journal may, however, invoke compelling legitimate grounds for continued processing. When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of such data. You may, in particular, exercise that right by clicking on the “unsubscribe” link provided at the bottom of any messages received.

A right to lodge a complaint with the competent supervisory authority: you have the right to contact the supervisory authority to complain about Umbrella Journal’s personal data protection practices.

A right to give instructions concerning the use of your data after your death: as required by applicable law, you may have the right to give Umbrella Journal instructions concerning the use of your personal data after your death. To exercise one or more of these rights, you can email help@umbrellajournal.ca. You may access your personal data to modify or update at any time via an online account, or by emailing help@umbrellajournal.ca. We will respond to your request in a reasonable timeframe in accordance with applicable law.

11. LEGAL BASES OF PERSONAL DATA PROCESSING

In accordance with GDPR, Umbrella Journal provides the following information regarding its Article 6 legal bases for personal data processing: The performance of the contract (the Umbrella Journal Terms & Conditions ) between you and Umbrella Journal for the data processing relating to your use of Umbrella Journals ’s Products (including your orders and payments);

Umbrella Journals’s legitimate interest, more specifically:

Our business interest in providing you with emails and push notifications for timely introductory materials and information about your Umbrella Journal account, and our Product features and updates.
Our financial interest in providing you with promotional offers and/or discounts with respect to paid subscriptions and special offerings, such as the Umbrella Journal partnership Plan.
Our business interest in offering you particularized or adapted content based on your usage of the Products.
Our business interest in collecting data regarding your general usage activities for the purpose of improving our Umbrella Journal user experience.
Our business interest in requesting that you partake in Product surveys in order to better understand your needs and expectations.
Our financial interest in providing you the opportunity to purchase Umbrella Journal subscriptions for the benefit of a third party through the Umbrella Journal “gifting” program.
Our business interest in providing you the opportunity to invite a “Friend” to Friend and share information about your Umbrella Journal activities with your connected “Friends”.
Our business interest in providing you with customer service communications regarding your account, questions about our content offerings or your CBT practice, or any other matters directed to customer service staff, in order to have clear and easy communication with you and to respond to all your requests.
Our business interest in collecting data related to unplanned downtime or errors in the Products.
Our business interest in complying with our legal obligations, such as maintaining accurate financial records.
Our business interest in verifying your eligibility in a Community and providing limited reporting to Partners associated with such Community, as further described in section 6.

We may disclose your personal data with and among our subsidiaries, ultimate holding company, and any affiliates, which include Umbrella Journal CBT Inc.

We may also disclose your personal data to third parties as follows:

In some circumstances, based on your specific requests, we may need to disclose your personal data to a third party so that it can provide a service you have requested from such party, or fulfill a request for data from such party. An example of this is the SMS Service.
In some circumstances, we may disclose the personal data that you have provided to Umbrella Journal to a third party that offers and/or provides goods or services complementary to our own for the purpose of enhancing our users’ experiences by offering you integrated or complementary functionality, complementary services or bundled pricing options.
In some limited circumstances, our email service provider may receive certain information you share in-app to provide you with personalized email communications.
If Umbrella Journal’s service providers (like hosting, IT maintenance, market analytics, and payment service providers) require this data to provide services to Umbrella Journal. Umbrella Journal requires each of its service providers to agree to maintain the confidentiality and security of your personal data.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation such as to comply with a subpoena, bankruptcy proceedings, similar legal process, or in order to enforce or apply our agreements with you; or to protect the rights, property, or safety of Umbrella Journal , our customers, or others. This includes exchanging data with other companies and organizations for the purposes of fraud protection and credit risk reduction.

13. DATA RETENTION

The retention periods applied by Umbrella Journal comply with applicable legislation in effect on the date hereof, namely:

For data relating to your account: such data will be permanently and irrevocably anonymized in the event that your account is: (i) inactive for a period of two (2) years. Moreover, we will permanently and irrevocably anonymize your account data within thirty (30) days of your written request to do so via email to help@umbrellajournal.ca.
For transactional data relating to your purchases: such data is kept for the entire period of the contractual relationship, then in accordance with legal obligations and applicable statute of limitation periods. Please note that this data does not include Payment Card information, which is processed by our third-party payment processors, and not Umbrella Journal.
For data collected based on your consent to receive our marketing communications: we will use such data until you opt out, withdraw consent or applicable law requires that such data is no longer used.
When your data are collected in the context of requests/queries: such data are kept for the period necessary to process and reply to such requests or queries.
When cookies or other trackers are placed on your terminal, they are kept for a period of 12 months. Other data will be kept as long as necessary for the purposes pursued and in compliance with our legal obligations, including the applicable statute of limitations.

14. LINKS TO THIRD PARTY SITES

The Products may, from time to time, contain links to and from the Products of our partner networks, advertisers and affiliates. If you follow a link to any of these external websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites or their policies. Please check these policies before you submit any personal data to these external websites.

15. USE OF Umbrella Journal BY MINORS

You must be 18 years of age, or the age of majority in your province, territory or country, to sign up as a registered user of the Products. Individuals under the age of 18, or the applicable age of majority, may utilize the Products only with the involvement of a parent or legal guardian under such person's account.

16. CHILDREN’S PRIVACY

Our Products are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete the information promptly. Parents or guardians who believe a child has provided us personal information may contact help@umbrellajournal.ca.

For users in the EEA/UK where a higher age of consent may apply (typically 13–16, depending on the country), we will obtain consent from a parent or guardian when required by law.

17. INTERNATIONAL TRANSFERS AND SAFEGUARDS

The subsidiaries, service providers or other third parties listed above to whom Umbrella Journal may disclose your personal data may be domiciled abroad, and in particular outside the European Union, Switzerland, and the United Kingdom.

In such case, Umbrella Journal will require them to take, in accordance with applicable legislation, contractual, organizational and technical measures designed to ensure an adequate level of protection of your personal data, such as the use of Standard Contractual Clauses approved by the European Commission.

International transfers and safeguards. Where we transfer personal data outside of your jurisdiction (for example, to Canada, the United States, or other countries where we or our service providers operate), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and conduct transfer risk assessments. If and when Umbrella Journal participates in the EU‑U.S. Data Privacy Framework (and, if applicable, the UK Extension and Swiss‑U.S. DPF), we will state that here and link to our program listing.

For personal data collected from individuals located in the European Union, Switzerland and the United Kingdom, you can object to processing based on legitimate interests and opt‑out of disclosures to third parties (apart from service providers) or uses materially different from the purposes for which the data was originally collected or subsequently authorized. You can contact Umbrella Journal at help@umbrellajournal.ca to exercise these choices.

For information about categories of service providers and subprocessors, see our Subprocessors page.

General disputes arising from your use of our Websites, Apps, Products, and other services are addressed in our Terms & Conditions. If you have questions or concerns regarding our collection, use, sharing, or international transfer of personal data as described in this Privacy Policy, please contact us using the information at the end of this Policy. You also have the right to lodge a complaint with your local data protection authority.

CCPA/CPRA ADDENDUM

Effective Date: October 29, 2025 Last Reviewed On: October 29, 2025

This California Consumer Privacy Act (“CCPA”) Addendum for California residents supplements the information contained in the above Privacy Policy and applies solely to all visitors, users and others who reside in the State of California. We adopt this CCPA Addendum to comply with the CCPA, and any terms defined in the CCPA have the same meaning when used in this Addendum.

1. INFORMATION WE MAY COLLECT FROM YOU

Our Products collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device, whether collected online or offline (“personal information”). In particular, the Products have collected the following categories of personal information from consumers within the last twelve (12) months:

CATEGORY	EXAMPLES	COLLECTED
Identifiers	First and last name, email address, Internet Protocol address, online identifiers.	No
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).		No
Internet or other similar network activity.	Browsing history or information on a consumer’s interaction with the Products or our advertisements on third-party platforms.	No

The specific types of personal information we collect are described more fully in section 1 of the Privacy policy.Personal information does not include: (1) deidentified or aggregated consumer information; (2) publicly available information from government records; or (3) information excluded from the CCPA’s scope.

We obtain the categories of personal information listed above from the following categories of sources:

Directly from you. For example, from forms you complete when registering for the Products. Indirectly from you. For example, from observing your actions on our Products.

Directly from Partners associated with your Community, if you have a Community Subscription that is authenticated through the Community’s use of eligibility files as described in section 6 of the Privacy Policy

2. USE OF PERSONAL INFORMATION

We may use or disclose the personal information we collect for the purposes described in section 9 of the Privacy Policy.

3. SHARING PERSONAL INFORMATION

We may disclose your personal information to third parties for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not to use it for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category 1: Identifiers
Category 2: Personal Information
Category 3: Internet activity

Specific examples of such sharing activities can be found in sections 6 and 11 of the Privacy Policy .

We do not sell your personal information for money. We may “share” personal information for cross‑context behavioral advertising as defined by the CPRA (for example, via cookies or similar technologies on our websites). You can opt‑out of “sale”/“sharing” by visiting our Do Not Sell or Share page, by adjusting your Cookie settings, or by enabling the Global Privacy Control (GPC) signal in your browser. We honor GPC where detected.

In the last twelve (12) months, we’ve disclosed the following categories of personal information to advertising partners as described above:

Category 1: Identifiers
Category 2: Personal Information
Category 3: Internet activity

4. YOUR RIGHTS AND CHOICES

Access to Specific Information and Data Portability RightsThe CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting that personal information.
The categories of third parties with whom we share that personal information.
The categories of personal information we share with third parties.
The specific pieces of personal information we collected about you (also called a data portability request).

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will permanently and irrevocably anonymize your personal information, unless an exception applies.

We may deny your deletion request if certain CCPA exemption apply, including but not limited to, if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it. Exercising Access, Data Portability, and Deletion Rights to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Emailing us at help@umbrellajournal.ca

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

Upon receiving a request for access, portability, or deletion, we will confirm receipt of the request within 10 business days and provide information about our verification process and how we will process the request.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response to the email address associated with the account for account holders, and to the email address provided with the request submission for non-account holders.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily readable and useable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

5. Notice of Right To Opt-Out

We may partner with third parties to manage our marketing on other platforms, where such advertising is based on your past visits to our Products. These partners may use cookies to deliver such advertising. You may opt out of “sale”/“sharing” of personal information for cross‑context behavioral advertising at any time by visiting our Do Not Sell or Share page or adjusting your Cookie settings. We honor the Global Privacy Control (GPC) signal by treating it as an opt‑out request and disabling marketing/analytics cookies.

We do NOT use cookies so that third parties can serve ads to you about their own products or services.

We do NOT sell or rent your personal information to any third parties for their own advertising or marketing purposes.

6. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

7. Changes to our CCPA Addendum

We reserve the right to amend this CCPA Addendum at our discretion and at any time. When we make changes to this CCPA Addendum, we will post the updated notice on the Website and update the effective date. Your continued use of our Products following the posting of changes constitutes your acceptance of such changes.

8. Contact Information

If you have any questions or comments about this CCPA Addendum, the ways in which we collect and use your information described above and in the Privacy Policy ,your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: help@umbrellajournal.ca

Other U.S. State Privacy Notices

Residents of Virginia, Colorado, Connecticut, Utah, Minnesota, Rhode Island, and Oregon may have additional rights, including the right to opt out of targeted advertising and certain profiling, and to access, correct, delete, or obtain a copy of personal information, subject to exceptions. You can exercise opt‑out choices by visiting our Do Not Sell or Share page, adjusting your Cookie settings, or emailing help@umbrellajournal.ca. We do not sell personal information for money. Nevada residents have a limited right to opt out of sales; we do not sell personal information for monetary consideration and therefore do not trigger that requirement.

We do not use sensitive personal information for targeted advertising. We honor the Global Privacy Control (GPC) signal by treating it as an opt‑out of sale/sharing and disabling marketing/analytics cookies where detected.

Canada (PIPEDA) Notice

If you are in Canada, you have rights to access, correct, and withdraw consent (subject to legal and contractual limits). We rely on consent, performance of a contract, our legitimate interests (such as to provide and improve the Products and ensure security), and legal obligations as our legal bases. We store and process personal information in Canada, the United States, and other countries where we or our service providers operate. When we transfer personal information across borders, we use appropriate safeguards (for example, standard contractual clauses) and perform transfer assessments as required.

To exercise your rights or raise a concern, contact our Privacy Officer at help@umbrellajournal.ca. If we cannot resolve your concern, you may contact the Office of the Privacy Commissioner of Canada or your provincial privacy authority. Quebec (Law 25) residents may also request de‑indexing in applicable circumstances under that law.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to help@umbrellajournal.ca.