Privacy Policy

Last Updated: May 26, 2026

Eject is operated by Nexodule Services LLC ("we", "our", "us"), a company registered at 30 N Gould St Ste N, Sheridan, WY 82801, United States. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Eject mobile application ("App").

1. Information We Collect

We collect information you provide directly when you create an account or use the App:

• Account Data: Email address (used for authentication via magic link — no password is stored).
• Journal Entries: The text content you write in your journal entries (up to 280 characters each), including entry type (journal, to-do, or note).
• Images: Photos you attach to journal entries are uploaded and stored in secure cloud storage.
• Categories: The names and descriptions of your journal categories (a default set of 20 is created for each user and can be customized).
• Analysis Messages: Questions you ask the AI analysis feature and the AI-generated responses.
• Preferences: Your chosen theme (light/dark/system), language, reminder settings, and notification preferences.

2. How We Use Your Data

Your data is used strictly to provide the Eject service:

• Store and display your journal entries, to-dos, and notes.
• Send your entry text to AI services for automatic categorization and semantic threading (linking related entries).
• Send your entries to AI services when you use the Analysis feature to get insights about your journal.
• Schedule local notifications for daily journaling reminders.
• Export your journal data as a CSV file when you request it.

We do not sell, rent, or trade your personal data to third parties for advertising or marketing purposes.

3. Third-Party Services

We use the following third-party services to operate the App:

• Supabase: Cloud database, user authentication (magic link email login), and file storage (journal images). Hosted on secure, SOC 2 compliant infrastructure.
• Google Gemini API: Processes your journal entry text for automatic categorization, generates text embeddings for semantic threading, and powers the Analysis feature. When you write a journal entry or ask an analysis question, the text content of relevant entries is sent to Google's servers for processing. Images are not sent to the AI — only text.
• RevenueCat: Manages in-app subscription entitlements. RevenueCat receives an anonymous app user ID to verify your subscription status. No personal data (email, journal entries) is shared with RevenueCat.

These services process data solely on our behalf and are bound by their own privacy policies.

4. Purchases & Subscriptions

Eject offers an optional paid subscription ("Eject Premium") that unlocks additional features. Key points about purchases:

• All payments are processed securely by Google Play (and in the future, Apple App Store). Eject does not collect, store, or have access to your payment card details.
• Subscription management — including upgrades, downgrades, and cancellations — is handled entirely through your Google Play or App Store account settings.
• We use RevenueCat as a subscription management platform to verify your entitlement status. RevenueCat receives only an anonymous identifier and does not have access to your personal or journal data.
• Refund requests are subject to the refund policies of Google Play or Apple.

5. Device Permissions

The app may request the following device permissions:

• Photo Library: To select photos to attach to your journal entries. Selected photos are uploaded to secure cloud storage.
• Biometrics (Face ID / Fingerprint): To optionally lock the app for added privacy. Biometric data never leaves your device — the App only receives a pass/fail result from the operating system.
• Notifications: To send local daily journaling reminders. These notifications are scheduled entirely on your device and do not transmit any data to external servers.

All permissions are optional and can be managed through your device settings at any time.

6. Data Storage & Security

Your account data, journal entries, categories, analysis messages, and attached images are stored securely in Supabase's cloud infrastructure with row-level security (RLS) — meaning only you can access your own data, even at the database level. Authentication tokens are stored on your device using secure storage. All data transmission between the App and our servers occurs over encrypted HTTPS connections.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data — including your profile, journal entries, images, categories, and analysis history — is permanently and irreversibly deleted from our servers.

8. Your Rights & Data Control

You have the right to:

• Access & Export: Export all your journal entries at any time as a CSV file from the Settings screen.
• Delete: Permanently delete your account and all associated data directly within the App (Settings → Delete Account).
• Control: Change your email, language, theme, and notification preferences at any time.

If you are located in the EU/EEA, you may also exercise your rights under the GDPR by contacting us.

9. Children's Privacy

Eject is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us at info@geteject.app.

Nexodule Services LLC
30 N Gould St Ste N
Sheridan, WY 82801, United States