What is Career Journal?

Career Journal is a professional career development platform that helps you track and document your achievements, successes, and key moments throughout your career. Using the proven STAR method (Situation, Task, Action, Result), Career Journal enables you to capture your wins as they happen and transform them into powerful stories for promotions, performance reviews, interviews, and resume updates.

How much does Career Journal cost?

Career Journal offers simple, transparent pricing with two options: a monthly plan at $8.00/month billed monthly, or a yearly plan at $4.80/month (billed annually at $57.60) which saves you 40%. Both plans include unlimited achievement tracking, STAR method templates, smart reminder system, professional PDF exports, performance review preparation, interview toolkit, career analytics, and secure cloud storage. You can cancel anytime.

Is my data secure and private?

Yes, your data security and privacy are our top priorities. Career Journal uses industry-standard encryption to protect your information both in transit and at rest. All your achievements, notes, and career data are stored securely in the cloud with regular backups. We never share your personal information or career data with third parties.

How does the STAR method help with career advancement?

The STAR method (Situation, Task, Action, Result) is a proven framework used by top companies and career coaches to structure achievement stories. Career Journal's STAR templates guide you to document the context, your responsibility, what you did, and the measurable impact. This makes it easy to showcase contributions during performance reviews, create promotion documents, ace interviews, and build an impressive resume.

Can I export my achievements for performance reviews and interviews?

Absolutely! Career Journal provides high-quality PDF export functionality that allows you to create professional, polished documents from your tracked achievements. You can select specific wins, filter by date range or project, and generate formatted documents perfect for performance reviews, year-end reviews, promotion packets, or interview preparation.

Can I cancel my subscription anytime?

Yes, you can cancel your Career Journal subscription at any time with no penalties or cancellation fees. Simply cancel from your account settings, and you'll retain access until the end of your current billing period. Your data remains secure and accessible during this time, and you can export all your achievements before your subscription ends. We believe in transparent, flexible billing that puts you in control.

Privacy Policy

Last Updated: November 9th, 2025

Effective Date: November 9th, 2025

1. Introduction

Welcome to Career Journal. Your privacy is important to us.

This Privacy Policy explains how Career Journal (“Career Journal,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our website, applications, and services (collectively, the “Service”).

By using the Service, you agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy should be read in conjunction with our Terms of Service.

2. Who We Are (Data Controller)

Legal Entity: Career Journal

Contact:

Email: privacy@thecareerjournal.com
Website: https://thecareerjournal.com

We act as a “data controller” for the personal information we collect and process through the Service. This means we determine the purposes and means of processing your personal data.

3. Compliance with Canadian Privacy Laws (PIPEDA)

Career Journal complies with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. We are committed to protecting the privacy of Canadian users in accordance with these requirements.

Key PIPEDA Principles We Follow:

Accountability for personal information under our control
Identifying purposes for collection before or at the time of collection
Obtaining consent when required for collection, use, or disclosure
Limiting collection to what is necessary for identified purposes
Limiting use, disclosure, and retention to the stated purposes
Ensuring accuracy of personal information
Protecting personal information with appropriate safeguards
Being open about our policies and practices
Providing access to personal information upon request
Providing recourse for privacy complaints and inquiries

Cross-Border Data Storage: Your personal information may be stored or processed outside Canada (including in the United States), and while it is in another jurisdiction, it may be subject to the laws of that jurisdiction, including lawful access by government authorities, courts, or law enforcement in that jurisdiction.

Privacy Commissioner of Canada: If you have concerns about our privacy practices, you may file a complaint with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.

Conflict with Other Laws: If there is any conflict between this Privacy Policy and PIPEDA or applicable provincial privacy laws, those laws will prevail.

4. Information We Collect

We collect several types of information from and about users of our Service.

4.1 Information You Provide Directly

Account Information:

Email address (required)
Password (encrypted)
Name (if provided)
Profile information (if provided)

Payment Information:

Credit card information (collected and processed by our third-party payment processor - we do NOT store full credit card numbers)
Billing address
Payment history

Content You Create:

Career achievements and documentation
Notes and journal entries
STAR method responses
PDF exports and documents
Any other content you input into the Service

Communications:

Email correspondence with our support team
Feedback and survey responses
Customer service requests

3.2 Information We Collect Automatically

Usage Data:

Pages visited and features used
Time spent on pages
Navigation paths
Buttons clicked and forms submitted
Search queries within the Service
Achievement creation and editing activity

Device and Browser Information:

IP address
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution
Referring website
Geographic location (country/city level based on IP)

Cookies and Similar Technologies:

Session cookies (essential for Service functionality)
Analytics cookies (via PostHog)
Preference cookies (to remember your settings)
See Section 12 (Cookie Policy) for detailed information

3.3 Information from Third-Party Sources

We may receive information about you from:

Payment Processors:

Transaction confirmations
Payment success/failure notifications
Fraud prevention data

Analytics Services:

Aggregated usage statistics
Performance metrics

We do NOT purchase data from data brokers or third-party marketing lists.

4. How We Use Your Information

We use your personal information for the following purposes, based on the legal bases described in Section 5:

4.1 To Provide the Service

Create and maintain your account
Process your subscription payments
Store and display your career achievements
Generate PDF exports and reports
Provide STAR method templates and tools
Enable data synchronization across devices
Provide customer support

4.2 To Improve and Develop the Service

Analyze usage patterns and trends
Identify and fix bugs
Develop new features
Optimize performance and user experience
Conduct research and analytics

4.3 To Communicate With You

Send transactional emails (account confirmations, password resets, payment receipts)
Respond to your inquiries and support requests
Send important Service updates and security alerts
Send marketing communications about new features (with your consent - you can opt out)

4.4 To Ensure Security and Prevent Fraud

Detect and prevent fraud and abuse
Protect against security threats
Monitor for suspicious activity
Enforce our Terms of Service
Comply with legal obligations

4.5 To Comply with Legal Obligations

Respond to legal requests (subpoenas, court orders)
Comply with tax and accounting regulations
Meet data protection and privacy law requirements

We do NOT:

Sell your personal information to third parties
Use your career achievement data for marketing purposes
Share your content publicly without your permission
Use automated decision-making or profiling that produces legal effects

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal information based on the following legal bases:

Contract (Article 6(1)(b) GDPR):

Processing necessary to provide the Service you’ve subscribed to
Account creation, authentication, payment processing

Consent (Article 6(1)(a) GDPR):

Marketing communications (you can withdraw consent anytime)
Non-essential cookies (you can withdraw consent via cookie settings)

Legitimate Interest (Article 6(1)(f) GDPR):

Service improvement and development
Analytics and usage statistics
Fraud prevention and security
Customer support

We have assessed that our legitimate interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 10).

Legal Obligation (Article 6(1)(c) GDPR):

Compliance with laws and regulations
Response to legal requests
Tax and accounting requirements

We do NOT sell, rent, or trade your personal information. We only share your information in the following limited circumstances:

6.1 Service Providers (Data Processors)

We share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to:

Use your information only for the purposes we specify
Implement appropriate security measures
Comply with applicable data protection laws

Our Service Providers Include:

Payment Processing:

Stripe, Inc.
Purpose: Process credit card payments, subscription billing
Data Shared: Payment information, billing address, email
Location: United States
Privacy Policy: https://stripe.com/privacy

Cloud Hosting and Infrastructure:

Amazon Web Services (AWS)
Purpose: Cloud infrastructure and data storage
Data Shared: All user data and content
Location: United States
Privacy Policy: https://aws.amazon.com/privacy/
Cloudflare, Inc.
Purpose: Content delivery network (CDN), hosting, security
Data Shared: All user data and content, connection information
Location: United States
Privacy Policy: https://www.cloudflare.com/privacypolicy/

Analytics:

PostHog, Inc.
Purpose: Analyze usage patterns, track features, improve Service
Data Shared: Usage data, device information, anonymized user IDs
Location: United States
Privacy Policy: https://posthog.com/privacy

6.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to:

Comply with legal obligations, court orders, or subpoenas
Protect and defend our rights or property
Prevent or investigate possible wrongdoing
Protect the safety of users or the public
Protect against legal liability

6.3 Business Transfers

If Career Journal is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or use of your personal information.

We may share your information for other purposes with your explicit consent.

We do NOT:

Share your information with advertisers
Sell your information to data brokers
Share your content with other users (unless you explicitly choose to)

7. International Data Transfers

Data Storage Location: Your information is primarily stored on servers located in the United States.

7.1 For Canadian Users (PIPEDA Principle 4.8.2)

As disclosed in Section 3, your personal information may be stored or processed outside Canada (including in the United States). While your information is in another jurisdiction, it may be subject to the laws of that jurisdiction, including lawful access by government authorities, courts, or law enforcement in that jurisdiction.

By using our Service, you consent to the transfer of your personal information outside of Canada for the purposes described in this Privacy Policy.

7.2 For EEA, UK, and Swiss Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal information may be transferred to countries outside the EEA/UK/Switzerland, including the United States, which may not provide the same level of data protection as your home country.

Safeguards for International Transfers:

We ensure appropriate safeguards are in place for international transfers:

Standard Contractual Clauses (SCCs): We use EU Commission-approved Standard Contractual Clauses with our service providers
Adequacy Decisions: We may transfer data to countries deemed adequate by the EU Commission (e.g., Canada has received an adequacy decision from the EU Commission)
Additional Security Measures: Encryption in transit and at rest, access controls, regular security audits

Service Provider Locations:

Payment Processing (Stripe): United States
Cloud Hosting (AWS, Cloudflare): United States
Analytics (PostHog): United States

You have the right to request information about the safeguards we use for international transfers. Contact privacy@thecareerjournal.com.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

Active Account:

Account data: Retained while your account is active
Content (achievements, notes): Retained indefinitely while account is active
Usage data: Retained for 12 months for analytics purposes

After Account Cancellation:

Account data: Retained for 30 days (grace period for reactivation)
Content: Retained for 30 days (grace period for reactivation)
After 30 days: All data deleted from production systems

After Account Deletion Request:

Account and content: Deleted within 30 days of request
Backups: May remain in backup systems for up to 90 days

Legal/Financial Records:

Payment records: Retained for 7 years for tax and accounting purposes
Legal communications: Retained as long as necessary for legal compliance

Exceptions:

If we have a legal obligation to retain data (e.g., pending litigation)
If necessary for legitimate business purposes (e.g., fraud prevention)

8.2 Anonymized Data

We may retain anonymized, aggregated data indefinitely for analytics and research purposes. This data cannot be used to identify you personally.

9. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

9.1 Security Measures

Technical Safeguards:

Encryption in transit (TLS/SSL)
Encryption at rest for sensitive data
Secure password hashing (bcrypt or similar)
Regular security updates and patches
Firewalls and intrusion detection systems
Regular security audits and vulnerability scans

Organizational Safeguards:

Access controls (need-to-know basis)
Employee training on data protection
Confidentiality agreements with employees and contractors
Incident response procedures
Data breach notification procedures

Physical Safeguards:

Secure data centers with restricted access
Environmental controls (fire, flood protection)

9.2 Your Responsibility

You are responsible for:

Maintaining the confidentiality of your password
Not sharing your account credentials
Logging out from shared devices
Notifying us of unauthorized access

9.3 No Guarantee

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You use the Service at your own risk.

9.4 Data Breach Notification

In the event of a data breach that may affect your personal information:

We will notify you via email within 72 hours of discovery
We will notify relevant supervisory authorities as required by law
We will provide information about the breach, affected data, and steps taken
We will provide guidance on protective measures you can take

10. Your Privacy Rights

Depending on your location, you have certain rights regarding your personal information.

10.1 Rights for All Users

Access and Export:

You can access your account information and content at any time through your account settings
You can export your data by contacting support@thecareerjournal.com

Correction:

You can update your account information through your account settings
Contact us if you need help correcting inaccurate data

Deletion:

You can delete your account through account settings
Contact privacy@thecareerjournal.com to request immediate deletion

Cancellation:

You can cancel your subscription at any time through account settings

Under GDPR, you have the following rights:

Right of Access (Article 15):

Request confirmation of whether we process your personal data
Request a copy of your personal data
Request information about processing purposes, categories, recipients, retention

Right to Rectification (Article 16):

Request correction of inaccurate or incomplete personal data

Right to Erasure / “Right to be Forgotten” (Article 17):

Request deletion of your personal data in certain circumstances
Note: We may retain data if required by law or for legitimate purposes

Right to Restriction of Processing (Article 18):

Request restriction of processing in certain circumstances (e.g., while we verify accuracy)

Right to Data Portability (Article 20):

Request your personal data in a structured, machine-readable format
Request transfer of your data to another service provider where technically feasible

Right to Object (Article 21):

Object to processing based on legitimate interests
Object to direct marketing (we will stop immediately)
Object to automated decision-making (if applicable)

Right to Withdraw Consent (Article 7(3)):

Withdraw consent for processing at any time (where processing is based on consent)
Withdrawal does not affect the lawfulness of processing before withdrawal

Right to Lodge a Complaint (Article 77):

Lodge a complaint with your local supervisory authority if you believe we have violated GDPR

EU Supervisory Authorities: https://edpb.europa.eu/about-edpb/board/members_en

10.3 Additional Rights for California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:

Right to Know (§1798.100):

Request disclosure of personal information we collected about you in the past 12 months
Categories of personal information collected
Categories of sources
Business or commercial purposes
Categories of third parties with whom we shared information

Right to Delete (§1798.105):

Request deletion of personal information we collected from you
Subject to certain exceptions (e.g., legal obligations, fraud prevention)

Right to Correct (§1798.106):

Request correction of inaccurate personal information

Right to Opt-Out of Sale/Sharing (§1798.120):

We do NOT sell your personal information
We do NOT share your information for cross-context behavioral advertising

Right to Limit Use of Sensitive Personal Information (§1798.121):

If applicable, you can limit use of sensitive personal information

Right to Non-Discrimination (§1798.125):

We will not discriminate against you for exercising your CCPA rights
We will not deny service, charge different prices, or provide different quality

10.4 How to Exercise Your Rights

To exercise any of the above rights:

Email: privacy@thecareerjournal.com

Include in your request:

Your name and email address associated with your account
Specific right(s) you wish to exercise
Sufficient detail to allow us to locate your information

Verification:

We may ask you to verify your identity before fulfilling requests
We may request additional information to confirm your identity
For California residents: We may use a two-step verification process

Response Time:

GDPR: We will respond within 30 days (extendable to 60 days for complex requests)
CCPA: We will respond within 45 days (extendable to 90 days for complex requests)

Authorized Agents:

California residents may designate an authorized agent to make requests on your behalf
We may require proof of authorization

No Fee:

We do not charge a fee for your first request in a 12-month period
We may charge a reasonable fee for excessive, repetitive, or manifestly unfounded requests

11.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve your experience.

11.2 How We Use Cookies

We use the following types of cookies:

Strictly Necessary Cookies (Essential):

Purpose: Enable basic functionality, authentication, security
Examples: Session cookies, authentication tokens, security tokens
Legal Basis: Legitimate interest (necessary for Service functionality)
You cannot opt out of these cookies

Analytics Cookies (Non-Essential):

Provider: PostHog
Purpose: Understand how users interact with the Service, track feature usage, identify bugs
Information Collected: Pages visited, features used, anonymized user IDs, device information
Legal Basis: Consent (EU/UK/Canadian users), Legitimate interest (others)
Opt-Out: You can opt out via cookie settings

Cookie Consent Banner: When you first visit our Service, a cookie consent banner will appear for all users. This banner allows you to:

Accept all cookies (necessary and non-essential)
Reject non-essential cookies (only strictly necessary cookies will be used)
Customize your cookie preferences
Review our full Cookie Policy

For users in the EU, UK, and Canada, we require explicit consent before setting non-essential cookies. Strictly necessary cookies will be set automatically as they are required for the Service to function.

Preference Cookies (Non-Essential):

Purpose: Remember your settings and preferences
Examples: Language preferences, display settings
Legal Basis: Consent
Opt-Out: You can opt out via browser settings (but this may affect functionality)

11.3 Third-Party Cookies

PostHog Analytics:

PostHog may set cookies to track usage across sessions
Privacy Policy: https://posthog.com/privacy

11.4 Managing Cookies

Browser Settings:

You can configure your browser to refuse all cookies or alert you when cookies are sent
Most browsers allow you to delete cookies
Note: Disabling cookies may affect Service functionality

Do Not Track:

We currently do not respond to Do Not Track (DNT) signals
We may implement DNT support in the future

Session Cookies: Deleted when you close your browser
Persistent Cookies: Remain on your device for a set period (typically 30 days to 2 years) or until you delete them

12. Marketing Communications

12.1 Transactional Emails (Required)

You will receive certain transactional emails related to your use of the Service, including:

Account creation confirmation
Password reset emails
Payment receipts and billing notifications
Important Service updates and security alerts
Responses to your support requests

You cannot opt out of transactional emails as they are necessary for the Service.

12.2 Marketing Emails

We may send you marketing communications about:

New features and updates
Tips for using the Service
Special offers or promotions

Marketing emails are sent only with your consent.

How to Opt Out:

Click the “Unsubscribe” link in any marketing email
Email privacy@thecareerjournal.com with “Unsubscribe” in the subject

We will process opt-out requests within 2-5 business days.

13. Third-Party Links

The Service may contain links to third-party websites or services that are not owned or controlled by Career Journal.

We are not responsible for:

The privacy practices of third-party websites
The content of third-party websites
The accuracy or reliability of third-party services

We recommend:

Reviewing the privacy policy of any third-party website you visit
Being cautious about sharing personal information with third parties

Third-party links we may include:

Social media platforms (if applicable)
Payment processor websites
Documentation or help resources
Blog posts or external resources

14. Changes to This Privacy Policy

14.1 Right to Modify

We may update this Privacy Policy from time to time to reflect:

Changes in our data practices
Changes in applicable laws
New features or services
Feedback from users or regulators

14.2 Notice of Changes

For Material Changes:

We will notify you at least 30 days before changes take effect
Notice will be sent via email to your registered email address
Notice will be posted prominently on the Service
We may require you to re-consent to the updated Privacy Policy

For Non-Material Changes (e.g., clarifications, formatting):

We will post the updated Privacy Policy on this page
The “Last Updated” date at the top will be revised
Continued use of the Service constitutes acceptance

14.3 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14.4 Previous Versions

You can request previous versions of this Privacy Policy by contacting privacy@thecareerjournal.com.

15. California “Shine the Light” Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes.

We do NOT share your personal information with third parties for their direct marketing purposes.

If you are a California resident and have questions, contact privacy@thecareerjournal.com.

16. Nevada Privacy Rights

Nevada law (SB 220) allows Nevada residents to opt out of the sale of certain personal information.

We do NOT sell your personal information as defined by Nevada law.

If you are a Nevada resident and have questions, contact privacy@thecareerjournal.com.

17. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Career Journal - Privacy Team

Email: privacy@thecareerjournal.com

Response Time:

We aim to respond to all privacy inquiries within 10 business days
For GDPR/CCPA requests, we will respond within the legally required timeframes (30-45 days)

18. Supervisory Authority

18.1 EEA, UK, and Swiss Users

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.

Find your supervisory authority:

EU: https://edpb.europa.eu/about-edpb/board/members_en
UK: Information Commissioner’s Office (ICO) - https://ico.org.uk
Switzerland: Federal Data Protection and Information Commissioner (FDPIC) - https://www.edoeb.admin.ch

18.2 California Users

California residents may file complaints with:

California Attorney General 1300 I Street Sacramento, CA 95814 Phone: (916) 445-9555 Website: https://oag.ca.gov/contact

19. Governing Law and Jurisdiction

Governing Law: This Privacy Policy and any disputes arising from it are governed by and construed in accordance with the laws of the Province of British Columbia and the laws of Canada applicable therein, without regard to conflict of law principles.

Jurisdiction: Any legal action or proceeding relating to this Privacy Policy or your personal information shall be brought exclusively in the courts located in British Columbia, Canada. You consent to the jurisdiction and venue of such courts.

International Users: If you are accessing the Service from outside Canada, you acknowledge that your information will be transferred to, stored, and processed in the United States and Canada, and you consent to such transfer and processing in accordance with this Privacy Policy and applicable law.

Compliance with Multiple Jurisdictions: Where you are subject to privacy laws in multiple jurisdictions (e.g., GDPR in the EU, CCPA in California, PIPEDA in Canada), we will comply with the requirements of all applicable laws. In the event of any conflict between this Privacy Policy and applicable privacy laws in your jurisdiction, the applicable laws will prevail.

END OF PRIVACY POLICY

Privacy Policy

1. Introduction

2. Who We Are (Data Controller)

3. Compliance with Canadian Privacy Laws (PIPEDA)

4. Information We Collect

4.1 Information You Provide Directly

3.2 Information We Collect Automatically

3.3 Information from Third-Party Sources

4. How We Use Your Information

4.1 To Provide the Service

4.2 To Improve and Develop the Service

4.3 To Communicate With You

4.4 To Ensure Security and Prevent Fraud

4.5 To Comply with Legal Obligations

5. Legal Bases for Processing (GDPR)

6. How We Share Your Information

6.1 Service Providers (Data Processors)

6.2 Legal Requirements

6.3 Business Transfers

6.4 With Your Consent

7. International Data Transfers

7.1 For Canadian Users (PIPEDA Principle 4.8.2)

7.2 For EEA, UK, and Swiss Users

8. Data Retention

8.1 Retention Periods

8.2 Anonymized Data

9. Data Security

9.1 Security Measures

9.2 Your Responsibility

9.3 No Guarantee

9.4 Data Breach Notification

10. Your Privacy Rights

10.1 Rights for All Users

10.2 Additional Rights for EEA, UK, and Swiss Users (GDPR)

10.3 Additional Rights for California Residents (CCPA/CPRA)

10.4 How to Exercise Your Rights

11. Cookie Policy

11.1 What Are Cookies

11.2 How We Use Cookies

11.3 Third-Party Cookies

11.4 Managing Cookies

11.5 Cookie Duration

12. Marketing Communications

12.1 Transactional Emails (Required)

12.2 Marketing Emails

13. Third-Party Links

14. Changes to This Privacy Policy

14.1 Right to Modify

14.2 Notice of Changes

14.3 Review Regularly

14.4 Previous Versions

15. California “Shine the Light” Law

16. Nevada Privacy Rights

17. Contact Us

18. Supervisory Authority

18.1 EEA, UK, and Swiss Users

18.2 California Users

19. Governing Law and Jurisdiction