Privacy policy

Sanctuary Journal — Effective date: June 2, 2026

1. Introduction

Fritz Gabriel is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, and protect your data when you use Sanctuary journal. This policy complies with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and other applicable privacy laws.

2. Data Controller

The data controller responsible for processing your personal data is:

  • Fritz Gabriel
  • Address: 8A rue surweg 67660 Betschdorf, France
  • Email: [email protected]

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

  • Email address
  • Password (stored in hashed form — never in plain text)
  • Account creation date

We use Cloudflare Turnstile to protect our forms from bots. Turnstile may collect technical data such as your IP address and browser information for this purpose. See Cloudflare Turnstile Privacy Addendum.

3.2 Journal Content

The journal entries you write are stored on our servers so you can access them across your devices. This content is strictly private and accessible only to you.The journal entries you write are stored on our servers so you can access them across your devices. This content is strictly private and accessible only to you.

3.3 Technical Data

To ensure the proper functioning of the service, we collect minimal technical data:

  • Technical error logs

4. Purposes and Legal Bases

Your data is processed for the following purposes:

  • Account creation and management: performance of a contract (Art. 6.1.b GDPR)
  • Storage and synchronization of journal entries: performance of a contract (Art. 6.1.b GDPR)
  • Security and fraud prevention: legitimate interest of the Publisher (Art. 6.1.f GDPR)
  • Compliance with legal obligations: legal obligation (Art. 6.1.c GDPR)

5. No Tracking or Advertising

Sanctuary journal uses no tracking cookies, no third-party analytics tools, no behavioral tracking pixels, and displays no advertising. None of your data is shared with advertising networks or data brokers.

6. Data Sharing

We never sell, rent, or share your personal data with third parties for commercial purposes. Your data may only be disclosed to:

  • Our technical sub-processors (hosting, infrastructure), bound by data processing agreements compliant with the GDPR
  • Competent authorities, only where required by law
  • Cloudflare (Turnstile — bot protection): Cloudflare Turnstile Privacy Addendum.

7. International Transfers

If any of our sub-processors are located outside the European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

8. Data Retention

Your data is retained for as long as your account is active. Upon account deletion:

  • Journal entries and account data are permanently deleted within 30 days
  • Technical logs are retained for a maximum of 12 months for security purposes
  • Billing data is retained for 7 years to comply with accounting obligations

9. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Secure password hashing
  • Access to data restricted to authorized personnel only

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: obtain a copy of the data we hold about you
  • Right of rectification: correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): request deletion of your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interest
  • Right to restriction: request the temporary suspension of a processing activity
To exercise your rights, contact us at: [email protected]. We will respond within one month. If you believe your rights are not being respected, you may lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or the CNIL in France — www.cnil.fr).

11. Policy Updates

We may update this Privacy Policy from time to time. In the event of a material change, you will be notified via an in-app notification or by email. The effective date at the top of this document will always reflect the latest version.

12. Contact

For any questions regarding the protection of your personal data, please contact us at: [email protected]