🛡️

Privacy Policy

Last updated: August 12, 2025

1. Introduction

Welcome to What Went Right Today ("WWRT", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

WWRT is a personal wellness platform designed to help you document and reflect on positive experiences in your daily life. We are committed to protecting your privacy and maintaining the confidentiality of your personal information.

2. Information We Collect

2.1 Information You Provide Directly

  • Profile Information: Name, email address, profile image, and birthdate (optional)
  • Win Entries: Personal reflections and achievements you document in the app
  • Account Preferences: Settings and preferences for your account
  • Terms Agreement: Record of your agreement to our terms and conditions

2.2 Information from Third-Party Authentication

  • Google OAuth: When you sign in with Google, we receive your name, email address, and profile image from your Google account
  • Email Verification: We verify that your email address is confirmed with your authentication provider

2.3 Automatically Collected Information

  • Usage Data: Timestamps of when you create, edit, or delete win entries
  • Session Information: Authentication sessions and login history
  • Security Logs: Security events, admin actions, and system access logs
  • Technical Data: IP addresses, browser information, and device identifiers for security purposes

3. How We Use Your Information

3.1 Core Application Functions

  • Providing and maintaining the WWRT service
  • Storing and displaying your win entries securely
  • Enabling account creation and authentication
  • Personalizing your user experience

3.2 Security and Safety

  • Detecting and preventing security threats
  • Monitoring for suspicious or malicious activity
  • Implementing rate limiting and abuse prevention
  • Maintaining audit logs for security purposes

3.3 Administrative Purposes

  • Providing customer support and technical assistance
  • Analyzing usage patterns to improve our service (in aggregate, anonymized form)
  • Complying with legal obligations and regulatory requirements

4. Data Security and Encryption

We implement enterprise-grade security measures to protect your information:

  • Encryption: All win entries are encrypted using AES-256-CBC encryption
  • Secure Authentication: Google OAuth with email verification requirements
  • Secure Cookies: HttpOnly, Secure, and SameSite cookie protection
  • Rate Limiting: Redis-backed rate limiting to prevent abuse
  • Input Sanitization: All user input is validated and sanitized
  • Security Monitoring: Real-time threat detection and response
  • HTTPS: All data transmission is encrypted in transit

5. Information Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

5.2 Limited Sharing Scenarios

We may disclose your information only in the following limited circumstances:

  • Legal Requirements: When required by law, court order, or government regulation
  • Safety and Security: To protect the rights, property, or safety of WWRT, our users, or others
  • Service Providers: To trusted third-party service providers who assist in operating our service (see Section 6)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with user notification)

5.3 Your Win Entries Are Private

Your win entries and personal reflections are private and visible only to you. We do not share the content of your wins with other users or third parties.

6. Third-Party Services

We use the following trusted third-party services to operate WWRT:

  • Google OAuth: For secure authentication (Google Privacy Policy applies)
  • MongoDB Atlas: For secure database hosting and data storage
  • Vercel: For application hosting and deployment
  • Upstash Redis: For security rate limiting and session management
  • TinyMCE: For rich text editing functionality

These services have their own privacy policies and terms of service. We encourage you to review them.

7. Your Rights and Choices

7.1 Account Management

  • Profile Updates: You can update your profile information at any time
  • Win Management: You can edit, delete, or restore your win entries
  • Data Export: You can request a copy of your data
  • Account Deletion: You can request deletion of your account and all associated data

7.2 Privacy Controls

  • Profile Visibility: Your profile and wins are private by default
  • Data Minimization: We only collect data necessary for service functionality
  • Consent Management: You can review and update your consent preferences

8. Data Retention

  • Active Accounts: We retain your data while your account is active
  • Deleted Entries: Deleted win entries can be restored within a reasonable period
  • Security Logs: Security and audit logs are retained for compliance and security purposes
  • Account Deletion: Upon account deletion, we securely delete your personal data within 30 days
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

9. Children's Privacy

WWRT is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that your information receives adequate protection.

11. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the "Last updated" date at the top of this policy
  • Sending email notifications for significant changes (if required by law)

Your continued use of WWRT after any changes indicates your acceptance of the updated policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: whatwentright@outlook.com

Subject Line: Privacy Policy Inquiry

Response Time: We will respond to privacy-related inquiries within 30 days

13. Regional Privacy Rights

13.1 European Union (GDPR)

If you are located in the EU, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectify inaccurate data
  • Right to erase your data ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

13.2 California (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

💡 Privacy Summary

  • Your win entries are encrypted and private
  • We use your data only to provide and improve the service
  • We never sell your personal information
  • You have full control over your data
  • We implement enterprise-grade security measures
  • You can delete your account and data at any time