1. Who we are
Ztill (“we”, “us”) provides a private wellness journaling application. This Privacy Policy explains what personal data we collect, why we collect it, and the choices available to you. It is intended to align with Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) principles. Final counsel-reviewed text should replace this draft before public launch.
2. Information we collect
We collect only what is needed to operate the service:
We do not collect precise location, contacts, or photo library access for core journaling.
- Account identifiers — email address and authentication records (including one-time passcodes).
- User content — check-in answers, journal text, goals, preferences, and generated reflections.
- Consent & audit records — versioned consent acceptances and privacy-related actions.
- Subscription / purchase history — processed via Apple, Google, and/or RevenueCat as configured.
- Product interaction — non-sensitive funnel events (for example, screen progression). Journal text is excluded.
- Diagnostics — optional crash/error reports when enabled; tokens and journal text must be excluded.
3. How we use information
We do not sell personal data. We do not use raw journal text for advertising or third-party marketing analytics.
- Authenticate you and maintain your account
- Provide check-ins, reflections, history, reminders, and preferences
- Generate compact weekly pattern insights when eligible
- Process subscriptions and restore purchases
- Respond to export and deletion requests
- Meet legal obligations and protect the service
4. Processing for reflections
When you request a reflection, your current check-in answers and up to three relevant compact memory facts may be sent to the configured reflection provider to produce structured wellbeing text. Full journal history is not injected automatically. Reflections are for general self-reflection only and are not medical or clinical advice.
5. Sharing
We share personal data only with processors needed to run Ztill, such as hosting, email OTP delivery, subscription platforms, and optional diagnostics — each limited to their purpose. We may disclose information if required by law or to protect rights and safety.
6. Retention & security
We retain account and journal data while your account is active and for a limited period after deletion requests to complete erasure (target: within about 30 days, subject to legal holds). We use access controls, encryption in transit, and operational practices designed to reduce unauthorized access. No method of storage or transmission is perfectly secure.
7. Your rights
Subject to applicable law, you may request access, correction, export, or deletion of your personal data through in-app Privacy controls, or by contacting us. You may withdraw consent where processing is consent-based; some features may then become unavailable.
8. Children
Ztill is not directed at children under 13 (or the minimum age required in your jurisdiction). If you believe a child has created an account, contact us so we can take appropriate action.
9. Contact
Privacy questions and data requests: ztillxyz@gmail.com.
Personal Information Collection Statement: We collect only the information needed to authenticate you, provide check-ins and reflections, maintain preferences and subscriptions, and meet legal obligations. You may request access, correction, export, or deletion through Privacy controls. Privacy notice v2026-07-12 · Final legal text requires Hong Kong counsel review before launch.