Privacy First

Your journal.
Your business.

Dandelion Reflect is built on a simple belief: a journal should be the most private space in your digital life. Here's how we make that real.

Secure Authentication

Sign in with email and password, a passwordless magic link, or Google OAuth. Your account is protected by industry-standard authentication through Supabase Auth with bcrypt password hashing and secure session tokens.

No Content Analytics

We don't analyze, read, mine, or process the content of your journal entries. No keyword tracking, no sentiment analysis, no behavioral profiling. Your words exist for you alone.

No AI Training

Your journal entries are never used to train AI models — ours or anyone else's. The breathing exercises and mood tracking features work entirely on your device without sending your personal data anywhere.

Row-Level Security

Every database query is enforced with Supabase Row-Level Security (RLS) policies: no other user, and no compromised API path, can ever read your entries. Entries are also encrypted at rest at the infrastructure level. Like almost every cloud service, our operators could technically access the database — we commit to never reading entry content except where the law requires it.

What we deliberately don't do

  • No ads — ever
  • No data selling or sharing
  • No AI training on your entries
  • No advertising or cross-site trackers
  • No social features or public profiles
  • No streak counters or guilt mechanics
  • No content analysis or sentiment mining
  • No email marketing about your journal habits

Frequently Asked Questions

Can anyone else see my journal entries?+

No. There are no social features, no sharing buttons, no public profiles. Dandelion Reflect is a purely personal journal. Your entries are only accessible when you're logged into your account.

Do you sell my data?+

No. We don't sell, share, or monetize your data in any way. We don't run ads. We don't have data partnerships. Your journal exists for one person: you.

How do I delete my account or export my data?+

Email yoshita@dandelion-psychotherapy.com from your account email and we'll permanently delete your account — entries, mood data, everything — or send you an export of your entries, within 7 days. An in-app delete and export button is on the roadmap.

Is my data encrypted?+

Data is encrypted in transit (TLS/HTTPS) and at rest on Supabase's infrastructure. Your connection to Dandelion Reflect is always secured.

Do you use cookies or trackers?+

We use essential cookies for authentication (keeping you logged in), and cookieless, aggregate Vercel page-view analytics so we can see which pages are slow or unused — it cannot identify you and never sees what you write. No advertising cookies, no cross-site trackers, and your journal content is never sent to any analytics service.

Ready for a journal that respects you?

Start writing in a space where your privacy isn't a feature — it's the foundation.

Start Your Private Journal