Privacy policy

Last updated: 18 August 2025

1. Controller and contacts

Controller: Jourloy LLC, Russia. Personal data inquiries: support@jourloy.com. Data is hosted on Russian servers

2. Data we process

We minimise data collection. Currently we process:

  • Account data: nickname; password in hashed form only
  • Contact data: e-mail address (for subscription payments and service notices)
  • Nutrition data: meal logs, calories, macros, product names and amounts
  • Technical data: IP address, request timestamps, session tokens, error logs, device/browser type, language, time zone
  • Analytics: cookie/pixel IDs, device IDs, view and click events, screen paths, session duration (Yandex.Metrica, Google Analytics)
  • Advertising data: ad identifiers and segments for personalised advertising
  • Payment data: processed by the provider; we receive transaction statuses only

3. Legal bases

  • Contract performance — providing Service functionality
  • User consent when accepting the Terms/Policy, including personalised advertising
  • Legitimate interest — security, abuse prevention, error logging, contextual advertising
  • Legal obligations — advertising labelling, accounting, official requests

Revoking consent for personalised advertising prevents us from providing the Service and results in account deletion

4. Purposes of processing

  • Service operation: nutrition tracking, storage, visualisation and support
  • Security: fraud prevention and protection of rights
  • Marketing and ads: personalised and contextual campaigns, measurement, frequency capping
  • Product development: analytics (Yandex.Metrica, Google Analytics)

5. Marketing and advertising

  1. Personalisation is always on. If you disagree, stop using the Service and delete your account
  2. We may use nutrition data, technical identifiers and subscription status for segmentation
  3. We may share necessary data with advertising/tech partners under confidentiality
  4. Ads are labelled as “Advertisement” and may include ERID; placements are reported to ERIR

6. Anonymised and aggregated data

We may collect and share anonymised or aggregated statistics provided they cannot reasonably identify you. We do not sell personal data

7. Retention period

Data is stored while your account exists and/or processing purposes remain. Afterwards it is deleted or anonymised (usually within 30 days; backups may last longer)

8. Security

We apply organisational and technical safeguards (encryption, access controls, hashed passwords). Absolute security is not guaranteed

9. User rights and control

You may request details on processing, correction, blocking or deletion of data, and withdraw consent. Contact support@jourloy.com

Important: personalised ads are required for the Service. Withdrawing consent means the account must be deleted

10. Minors

We do not knowingly process data of users under 18. Accounts detected as underage are removed. Guardians may contact support@jourloy.com

11. Cookies, local storage and pixels

Browser-level cookie controls may reduce tracking elsewhere, but personalisation inside the Service remains active

  1. Strictly necessary — authentication, session, security, settings
  2. Analytics — Yandex.Metrica and Google Analytics
  3. Advertising/pixels — always-on personalisation within the Service

12. Communications

We send service e-mails (receipts, important subscription notices). Marketing e-mails require separate consent

Contact support@jourloy.com for data or Service questions. Password recovery via e-mail is not supported yet

13. Policy changes

We may update this Policy; the current version is published in the Service. Material changes are highlighted in the interface