Are my entries private and secure?
Short answer: Yes and yes! Your entries are visible only to you and stored securely with encryption. As long time journal-writers ourselves, we know how important it is that personal entries are private and secure.
Long answer: All user-generated application data is stored in a secure, encrypted database. All sensitive data (like journal entries) is fully encrypted before it is ever stored. This means that in the extremely unlikely chance our database is ever compromised, a hacker would only find encrypted text (aka, a whole bunch of random characters) rather than any sensitive information. Our application is served via SSL (secure sockets layer), which means that all communication between your device and Reflection.app is also secured and encrypted.
We do use third-party software tools for notifications, analytics, and customer support. The data provided to these third parties never includes the contents of your private entries, and are used to provide you with a better user experience. For example, an email that notifies you that you have completed six entries only tracks the number of entries completed, but has no access to the content of them.
The scary-to-admit, but honest, truth is that no online system is impenetrable. Often the biggest risk to user privacy is a weak password, which is why we encourage you to authenticate via Google at sign-in and enable 2-factor authentication on your Google account to further protect your account. You can revoke access to Reflection.app at any time from your Google account security dashboard (instructions here). Authenticating with Google does not give Google access to your personal entries.
If you have any other questions about the privacy and security of your data, please don't hesitate to reach out. 🤓