miniowl
© 2026 Journely LLC
PrivacyTerms

Privacy Policy

How Miniowl protects your data and respects your privacy

1. Overview and Scope

This Privacy Policy ("Policy") explains how Journely ("we," "our," or "Company") collects, uses, and protects your personal information when you use Miniowl, a macOS activity tracking application. We are based in Tokyo, Japan and operate in compliance with the Act on the Protection of Personal Information (APPI) and related Japanese regulations.

Miniowl is designed with privacy at its core. By default, no data leaves your Mac. Cloud features are strictly opt-in.

By using Miniowl, you acknowledge that you have read and understood this Policy. If you do not agree, please discontinue use immediately.

2. Legal Basis and Compliance

We operate in strict compliance with:

  • Act on the Protection of Personal Information (APPI)
  • Personal Information Protection Committee (PPC) Guidelines
  • Telecommunications Business Act
  • Act on Specified Commercial Transactions

3. What Miniowl Can Access

Miniowl is designed with strict privacy boundaries enforced in code. The build itself fails if any banned API appears in the source tree (the project ships open source so the boundaries are independently auditable).

3.1 What Miniowl CAN read:

  • App bundle ID and name — which application is currently active
  • Window titles — the title of the focused window (via macOS Accessibility API)
  • Idle time — seconds since your last keyboard/mouse input
  • Browser URLs — current tab URL for whitelisted browsers (Chrome, Safari, Arc, Brave) via AppleScript
  • System events — sleep/wake/lock/unlock notifications from macOS

3.2 What Miniowl CANNOT read:

  • Keystrokes — no global event monitoring or keystroke capture
  • Clipboard — no access to clipboard contents
  • Screen content — no screenshots or screen recording
  • File contents — cannot read documents, files, or other application data
  • Page content — cannot read webpage text, forms, or browsing history
  • Microphone or camera — no audio/video access

4. Local Data Storage (Default Behavior)

By default, Miniowl stores all tracking data locally on your Mac at:

~/Library/Application Support/miniowl/

This data includes:

  • Daily activity files (YYYY-MM-DD.mow) in plain JSON-Lines format
  • Compressed historical data (YYYY-MM-DD.mow.gz)
  • Application state (state.json)
  • Optional user-supplied context for personalization (context.md)

No data is sent to any server unless you explicitly opt-in to cloud sync features.

5. Optional Cloud Features (Opt-in Only)

If you sign up for our optional cloud sync service, Miniowl will send limited activity summaries to our servers every 20 minutes for AI-powered categorization. This is OFF by default and must be explicitly enabled from the dashboard.

5.1 Data sent to our servers (only if cloud sync is on):

  • App bundle ID and display name
  • Window title (truncated to 120 characters)
  • URL host and first path segment (for browsers, truncated to 120 characters)
  • Duration of each activity within 20-minute windows
  • Your timezone

5.2 We process this data using:

  • Anthropic Claude API for activity categorization
  • Supabase for authentication and structured data storage
  • Our own servers, primarily hosted in Japan

5.3 What we explicitly do NOT send:

Full URLs, page content, file contents, keystrokes, clipboard data, screenshots, or any data from outside the basic activity tracking surface listed in Section 3.1.

Turning cloud sync OFF triggers a hard-delete of every saved daily summary on our servers, in the same call. Your local Mac data is untouched.

6. Account Information

When you create an account, we collect:

  • Email address (via Google OAuth)
  • Basic Google profile information (display name, avatar)
  • Account creation and last login timestamps
  • Paired device records (device name, platform, hashed device token)

We use Supabase for authentication. We do not store your Google account password or access tokens beyond the session needed to verify your identity.

7. International Data Transfers

Your data is primarily stored on infrastructure located in Japan. Some sub-processors (Anthropic, Supabase) operate globally and may process data in the United States or other jurisdictions. Any international transfers comply with APPI requirements:

  • We use sub-processors that maintain adequate data protection standards (typically equivalent to APPI / GDPR)
  • Data in transit is encrypted with TLS 1.3
  • We do not transfer data to jurisdictions without adequate protections

8. Data Security Measures

  • Encryption in transit: TLS 1.3 for every API call between your Mac and our servers
  • Encryption at rest: AES-256 for stored daily summaries and account data
  • Token storage: Device tokens live in your macOS Keychain on your Mac and as hashed-only records on our servers (we never store the plaintext)
  • Access control: Role-based access for our infrastructure; multi-factor authentication for all administrative access
  • Privacy-by-design: The Mac client's entire network surface is restricted to a single allowlisted source file, enforced at build time

9. Your Rights Under APPI

You have the following rights regarding your personal information:

  • Access: Request disclosure of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of unnecessary data
  • Suspension: Request suspension of data use
  • Portability: Receive your data in a structured format
  • Objection: Object to certain processing activities
  • Cloud sync opt-out: Toggle cloud sync OFF at any time, which immediately purges saved server-side data

To exercise these rights, contact us at hello@journely.me. We will respond within 30 days as required by APPI.

10. Data Retention

  • Local Mac data: Retained on your Mac until you delete it manually
  • Active account data: Retained while your account is active
  • Inactive accounts: Deleted after 2 years of inactivity
  • Daily summaries (cloud sync on): Retained while you keep cloud sync on; immediately purged when you toggle it off
  • Legal records: 5 years as required by Japanese commercial law

11. Cookies and Tracking

On miniowl.me, we use minimal, essential cookies only:

  • Authentication cookies: required to keep you signed in
  • Theme preference: remembers your light/dark mode choice

We do not use advertising cookies, third-party tracking pixels, or sell any data to advertisers. The Mac application itself does not use cookies.

12. Children's Privacy

Miniowl is not intended for individuals under 20 years of age (the age of majority in Japan). We do not knowingly collect personal information from minors. If we discover such collection, we will immediately delete the information.

13. Data Breach Notification

In the event of a data breach that may harm your rights and interests:

  • We will notify the Personal Information Protection Committee (PPC) within 72 hours, as required by APPI
  • We will notify affected users without undue delay via the email address on file
  • We will provide details of the breach scope and the mitigation measures we've taken

14. Changes to This Policy

We may update this Policy to reflect legal changes or service improvements. Material changes will be notified via email at least 30 days before taking effect, and the updated policy will be posted at miniowl.me/legal/privacy with a new "Last updated" date. Continued use after updates constitutes acceptance.

15. Contact Information

Data Controller:

Journely
Location: Tokyo, Japan
Email: hello@journely.me

16. Complaints

If you are unsatisfied with our response to a privacy-related inquiry, you may file a complaint with the Japanese data protection authority:

Personal Information Protection Committee
Website: www.ppc.go.jp
Phone: 03-6457-9680

Last updated: April 28, 2026