Legal
Privacy Policy
Last updated: June 2026
1. Who We Are
ListeningDiary ("we", "us", "our") operates the website at listeningdiary.com and the associated mobile application. We are the data controller for personal information collected through the platform.
For any privacy-related questions or requests, contact us at: privacy@listeningdiary.com
2. What Data We Collect
We collect the following categories of personal data:
Account data
• Email address and username, collected when you register
• Password (stored as a secure hash — we never see your plaintext password)
• Role (Member or Listener) and any profile information you choose to provide
• Marketing preferences — whether you have opted in to receive marketing communications
Usage data
• Pages visited, features used, and session duration — collected to improve the platform
• Device type, browser, and approximate location (country/region) via anonymised analytics
Voice & audio data
• When you use the AI Voice feature, your voice is recorded temporarily, sent to our transcription service for speech-to-text conversion, and deleted immediately afterwards. We do not store audio recordings.
Support session data
• One-to-one chat messages are transmitted through an encrypted channel and are not stored on our servers after a session ends
Community room data
• Messages you post in community rooms are stored to enable the chat experience and for moderation purposes
Journal data
• Journal entries (title, content, mood rating) you create — stored securely and accessible only to you
Progress data
• Your growth path progress — stored against your account to personalise your experience
Payment data (when applicable)
• If you purchase a paid feature or subscription, payment card data is processed directly and securely by Razorpay. We do not store card numbers, CVV codes, or full payment details on our servers. We may retain a payment reference ID and subscription status for billing and support purposes.
Cookies & similar technologies
• See Section 7 for full details
3. How We Use Your Data
We use your personal data to:
• Create and manage your account
• Provide the listening session matching service
• Operate community rooms and enforce community standards
• Store your journal entries and growth progress
• Send you transactional emails (e.g. session notifications, password reset)
• Detect and prevent abuse, fraud, or safety risks
• Improve the platform through aggregated, anonymised analytics
• Comply with legal obligations
We do not sell your personal data. We do not use your data for advertising or share it with advertising networks.
4. Legal Basis for Processing
We process your personal data on the following legal bases:
UK & EEA users (UK GDPR / EU GDPR)
• Contract: to perform the service you signed up for
• Legitimate interests: to keep the platform secure and prevent abuse
• Consent: for optional cookies and analytics (you can withdraw at any time)
• Legal obligation: where required by applicable law
Users in other regions
While UK GDPR / EU GDPR applies to our processing as a UK-based controller, we apply equivalent privacy standards to all users regardless of location. Where local laws (such as CCPA in California, PIPEDA in Canada, PDPA in parts of Asia, or LGPD in Brazil) grant additional rights, we will honour those rights on request. Contact us at privacy@listeningdiary.com for any region-specific request.
5. How We Share Your Data
We share data only with:
Supabase (database & authentication)
Our primary data store and authentication provider. Data is stored in the EU. Supabase is GDPR-compliant.
Stream (real-time chat)
Powers our live chat features. Messages are transmitted through Stream's infrastructure. Stream processes data in accordance with its privacy policy.
Resend (transactional and marketing email)
Used to send account, notification, and (where you have opted in) marketing emails. Only your email address and name are shared for this purpose.
Razorpay (payment processing — when applicable)
If paid features are introduced, Razorpay will process payment transactions. Your payment card data is submitted directly to Razorpay and is never stored on our servers. Razorpay is PCI-DSS compliant.
Vercel (hosting)
Our website is hosted on Vercel's infrastructure. Vercel may process request logs.
We require all third-party processors to maintain appropriate data protection standards. We do not share your data with any other third parties except where required by law or to protect the safety of users.
6. Data Retention
Account data: retained for as long as your account is active, then deleted within 30 days of account deletion.
Journal entries: deleted immediately when you delete them, or within 30 days of account deletion.
One-to-one chat messages: not stored after session ends.
Community room messages: retained for up to 12 months for moderation purposes, then deleted.
Anonymised analytics data: may be retained indefinitely as it cannot be linked back to you.
7. Cookies
We use the following types of cookies:
Strictly necessary cookies
These are required for the platform to function. They include authentication session cookies set by Supabase. You cannot opt out of these without logging out.
Analytics cookies
We use privacy-friendly, anonymised analytics to understand how people use the platform (e.g. which pages are popular, what devices are used). No personally identifying information is collected. You can decline these via our cookie banner.
We do not use advertising cookies or track you across other websites.
You can manage your cookie preferences at any time using the cookie settings link in the footer, or by clearing cookies in your browser settings.
8. Your Rights
Depending on where you are located, you have some or all of the following rights:
• Access: request a copy of the personal data we hold about you
• Rectification: ask us to correct inaccurate or incomplete data
• Erasure: ask us to delete your data ("right to be forgotten")
• Restriction: ask us to limit how we process your data
• Portability: receive your data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: for any processing based on your consent (e.g. analytics cookies)
UK users
These rights are provided under the UK GDPR. You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
EEA users
These rights are provided under the EU GDPR. You may lodge a complaint with your local data protection authority (DPA).
Users in other regions
We apply equivalent rights to all users where technically and legally feasible. Californian residents may additionally exercise rights under the CCPA (including the right to know and the right to opt out of sale — we do not sell your data). Contact us for any region-specific request.
To exercise any of these rights, email privacy@listeningdiary.com. We will respond within 30 days.
9. Children's Privacy
ListeningDiary is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has registered, please contact us immediately at privacy@listeningdiary.com and we will delete the account.
Users aged 13–17 may use the platform with parental consent. We encourage parents to discuss online safety with their children.
10. Security
We take data security seriously. Measures include:
• Passwords stored as salted hashes (never in plaintext)
• All data in transit encrypted via TLS
• Row-level security on our database so users can only access their own data
• One-to-one chat messages not persisted after sessions end
• Regular security reviews of our infrastructure
No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@listeningdiary.com.
11. User-Generated Content
ListeningDiary allows users to post messages in community rooms, submit journal entries, and communicate through support sessions. The following applies to all content you create on the platform:
Your responsibility
You are solely responsible for any content you post, transmit, or share on the platform. By posting content you confirm that you have the right to do so and that it does not violate any applicable law or the rights of any third party.
Prohibited content
You must not post content that is: unlawful, abusive, defamatory, obscene, threatening, or harassing; that infringes any intellectual property right; that contains personal data of others without their consent; or that is intended to deceive or defraud.
Our rights
We reserve the right — but are not obligated — to review, edit, or remove any content that we reasonably believe violates these standards or our Terms of Service, at any time and without notice. We may also suspend or terminate accounts that repeatedly violate these rules.
Platform liability
We act as an intermediary host for user-generated content. We are not the author, editor, or publisher of user content and, to the extent permitted by law (including Section 230 of the Communications Decency Act and the UK Electronic Commerce (EC Directive) Regulations 2002), we are not liable for content posted by users. If you believe content on the platform infringes your rights or violates our policies, please contact us at support@listeningdiary.com.
Content licence
By posting content on ListeningDiary you grant us a limited, non-exclusive, royalty-free licence to store, display, and transmit that content solely for the purpose of operating the platform and providing the service to you. We do not claim ownership of your content.
12. Email Communications
We send two categories of email:
Transactional emails (sent to all users)
These are required for the service and are sent regardless of marketing preferences:
• Account confirmation and password reset emails
• Session request notifications and scheduling updates
• Support ticket replies
• Listener application status updates
• Billing receipts and subscription notices (when applicable)
• System alerts directly related to your account or safety
Marketing emails (sent only with your consent)
If you opted in at registration or through your account settings, we may also send:
• Platform news and feature announcements
• Tips for getting the most out of ListeningDiary
• Occasional promotional offers
You can withdraw consent and unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing email, or by updating your preferences in account settings. Unsubscribing from marketing will not affect transactional emails.
For UK and EEA users, marketing emails are sent on the basis of your consent under UK GDPR / EU GDPR Article 6(1)(a). You may withdraw consent at any time.
All emails are sent via Resend (our email delivery provider). Your email address and name are shared with Resend solely for delivery purposes.
If you believe you have received an email from us in error, please contact privacy@listeningdiary.com.
13. Pricing and Subscriptions
The ListeningDiary platform is currently offered free of charge to all users. We do not currently charge subscription fees, collect payment information, or process financial transactions through the platform.
If we introduce paid features or subscription tiers in the future, we will:
• Provide clear and prominent disclosure of all charges before you are asked to pay
• Obtain your explicit consent before any recurring billing begins
• Process payments securely via Razorpay. Your card data is submitted directly to Razorpay (PCI-DSS compliant) and is never stored on our servers
• Comply with applicable consumer protection laws, including the Consumer Rights Act 2015 (UK), and the relevant app store payment policies (Apple App Store / Google Play)
• Provide a straightforward cancellation mechanism
Any future pricing changes will be communicated to existing users with reasonable advance notice.
14. International Transfers
We are based in the UK. Your data may be processed by our third-party providers in the EU or US. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses or adequacy decisions).
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice on the platform. The "Last updated" date at the top of this page reflects the most recent version.
16. Contact Us
For any privacy questions, requests, or complaints:
Email: privacy@listeningdiary.com
For general support: support@listeningdiary.com