HourJourney Privacy Policy

1. Introduction

HourJourney (“we,” “us,” or “our”) operates hourjourney.io (the “Service”), a supervised hours tracking platform designed for California pre-licensed clinicians pursuing LMFT, LPCC, and LCSW licensure under the California Board of Behavioral Sciences (“BBS”) requirements. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account information (name, email, password)
• Professional information (license type, registration status, degree status, BBS registration number)
• Hours log data (supervision session details, hour categories, supervisor information, session dates)
• Payment information (processed securely through Stripe; we do not store full credit card numbers)
• Communications (messages or feedback you send to us)

2.2 Information Collected Automatically

• Log data (IP address, browser type, pages visited, time/date)
• Device information
• Usage data (features used, clicks, session duration)
• Analytics data (via Vercel Analytics)
• Cookies for session management and authentication

3. How We Use Your Information

• To operate and maintain the Service including BBS-compliant hour tracking and PDF export
• To process your subscription and payments through Stripe
• To send account-related communications via Resend
• To monitor and analyze usage trends to improve the Service
• To detect and prevent fraud, abuse, or security incidents
• To comply with applicable legal obligations

4. How We Share Your Information

We do not sell your personal information. We share data only with:

• Supabase (database hosting and authentication)
• Stripe (payment processing)
• Vercel (application hosting)
• Resend (transactional email)

We may disclose information if required by law. In case of merger/acquisition, data may be transferred with notice.

5. Data Retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within a reasonable period unless required for legal compliance. Aggregated anonymized data may be retained indefinitely.

6. Cookies and Tracking Technologies

HourJourney uses cookies for session authentication, remembering preferences, and analytics via Vercel Analytics. You may configure your browser to refuse cookies.

7. Data Security

We implement industry-standard safeguards:

• Encrypted data transmission (HTTPS/TLS)
• Secure database hosting through Supabase with row-level security
• Hashed and salted password storage
• Access controls

8. Your Rights and Choices

You have the right to:

• Access your personal data
• Correction of inaccurate data
• Deletion of your data
• Portability of your data
• Opt-out of marketing emails

Contact us to exercise your rights. We respond within 30 days.

9. California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

• Right to Know what personal information we collect
• Right to Delete your personal information
• Right to Opt Out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination for exercising your rights

10. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect data from children.

11. Third-Party Links

We are not responsible for the privacy practices of linked third-party sites.

12. Changes to This Privacy Policy

We will update the “Last Updated” date and notify via email or in-app notice for material changes.