Privacy Policy

• Account & sign-in. When you sign in with Google, Apple, or an email magic link, our authentication provider (Google Firebase) gives us your email address and a unique account ID. Your provider may also share a name or photo at sign-in, but we don't store them.
• Your journal. The WOOP entries, notes, check-ins, coach conversations, and bookmarks you write are stored privately and scoped to your account.
• Handwriting photos. If you use the handwriting reader, the photo you upload is stored with owner-only access and processed by optical character recognition to extract the text.
• Preferences. Settings like belief-tradition preferences and notification choices. Optional belief-memory content is encrypted at rest.
• Your AI key. The coach uses a language-model API key that you provide. We encrypt it at rest and use it only to make the coach and review requests you trigger.
• Diagnostics. Crash and performance data (via Sentry) and lightweight in-app usage events (counts and metadata — never your journal content) so we can keep the app healthy.
• Notifications. If you opt in to reminders, a device push token.

We use a small set of service providers to run woop.day. Each processes data only to deliver the service:

• MongoDB Atlas — database for your journal and account data.
• Google Firebase — authentication, handwriting-photo storage, and push notifications.
• Google Cloud Vision — handwriting text recognition (a language model may be used as a fallback).
• Your chosen AI provider — coach and review requests are sent to the language-model provider whose key you configured, under that provider's own terms.
• Sentry — error and performance monitoring.
• Vercel — hosting.

To provide the journal and coach, save your work, run the analysis you ask for, send notifications you opt in to, and keep the service secure and reliable. We do not sell your data, show you ads, or use your journal content to train our own models.

• Edit or delete any entry; deleted entries move to trash, then are permanently removed.
• Export your data from Settings.
• Lock the app behind a privacy lock and passkey.
• Opt out of belief content and notifications at any time.
• Request access, correction, or deletion of your account and data — contact support.

Data is encrypted in transit (HTTPS) and at rest. Your AI provider key and optional belief-memory are additionally encrypted with a dedicated key. No method is perfectly secure, but we hold your journal to a high bar.

woop.day is not directed to children under 13, and we do not knowingly collect their data.

If we change this policy we'll update the effective date above. Material changes will be reflected here before they take effect.

Questions about your privacy? Reach us through support.