Last updated: December 08, 2025

Joyward (“the App”) is operated by Capicua LLC (“Capicua,” “we,” “us,” or “our”).
We are committed to protecting your privacy and handling your personal data in accordance with the

General Data Protection Regulation (GDPR) and other applicable laws.

This Privacy Policy explains what personal data we collect, how we use it, how long we keep it, and the rights you have as a user.

If you have any questions, please contact us at:
📧 info@wearecapicua.com
📍 1133 Broadway, Office 530, New York, NY, United States

1. Data Controller

Capicua LLC is the Data Controller for all personal data processed through Joyward.

We do not currently appoint a Data Protection Officer (DPO). You may contact us directly regarding all privacy matters.

2. Personal Data We Collect

We only collect information necessary to operate Joyward and deliver its core functionality.

2.1. Account & Identity Information

• Name
  
  

• Email address
  
  

• Password or OAuth login credentials
  
  

• Date of birth (users must be 18+)
  
  

2.2. User-Generated Content

Joyward allows users to create short personal entries (up to 250 characters). These may include:

• Journaling entries
  
  

• Acts of kindness entries
  
  

• Personal reflections
  
  

• Uploaded images or media
  
  

Note:
These entries may contain wellbeing-related reflections, but the App does not ask for or require any mental-health diagnosis, medical information, or veteran/military status.

2.3. Device & Communication Data

• Push notification tokens (to deliver reminders or app updates)
  
  

We do not collect:

• App usage analytics
  
  

• Click tracking
  
  

• Session duration
  
  

• Approximate location (no GPS, city, or IP-based location retained)
  
  
  

3. How We Use Your Data

We use your information only for the following purposes:

3.1. To Create & Manage Your Account

• Authenticate login
  
  

• Securely store your profile information
  
  

3.2. To Operate the Core Features of Joyward

• Save and display your journaling entries
  
  

• Store uploaded images or media
  
  

• Sync your data across devices if applicable
  
  

3.3. To Communicate with You

• Send optional push notifications
  
  

• Respond to support inquiries
  
  

We do not use your data for advertising, commercial profiling, automated decision-making, or sale of data.

4. Legal Bases for Processing (GDPR)

We process your data under the following legal grounds:

• Contractual necessity: Creating and maintaining your Joyward account
  
  

• Consent: Use of push notifications; storing optional wellbeing/journaling content
  
  

• Legitimate interests: Maintaining app security and preventing misuse
  
  

You may withdraw consent at any time.

5. Data Retention

We retain personal data only as long as necessary for the purposes described above or as required by law.

• Account data → retained until you delete your account
  
  

• Journaling entries and media → retained until manually deleted or account deletion
  
  

• Push notification tokens → retained until you disable notifications or delete the app
  
  

When data is no longer needed, we securely delete or anonymize it.

6. Children’s Privacy

Joyward is not intended for individuals under 18.
We do not knowingly collect personal data from anyone under 18. If we learn that a minor has created an account, we will delete it.

7. International Data Transfers

Your data is processed in the United States, where Capicua LLC and our service providers are located.

If you are in the European Economic Area (EEA), your data may be transferred outside the EU and protected by:

• Standard Contractual Clauses (SCCs)
  
  

• Adequate safeguards provided by our third-party service providers, such as Firebase
  
  

8. Third-Party Service Providers

We use trusted external providers to operate Joyward:

Firebase (Google LLC)

Used for:

• Authentication
  
  

• Database and storage
  
  

• Crash reporting
  
  

Firebase may process data in the United States and other regions.
All processing complies with GDPR and Google’s data protection terms, including SCCs.

We do not use:

• Advertising tools
  
  

• Analytics
  
  

• Marketing platforms
  
  

• AI or automated decision-making
  
  

• Stripe or payment processors
  
  

9. Your GDPR Rights

If you reside in the EEA or the UK, you have the following rights:

9.1. Right of Access

You may request a copy of your personal data.

9.2. Right to Correction

You may correct inaccurate or incomplete information.

9.3. Right to Deletion (“Right to be Forgotten”)

You may request deletion of your account or any personal data.

9.4. Right to Restrict Processing

You may ask us to limit how your data is used.

9.5. Right to Data Portability

You may request your data in a structured, machine-readable format.

9.6. Right to Withdraw Consent

You may withdraw consent at any time (e.g., disabling notifications).

9.7. Right to Object

You may object to processing based on legitimate interests.

To exercise any of these rights, email:
📧 info@wearecapicua.com

We respond to all requests within 30 days.

10. Data Security

We implement technical and organizational measures to protect your data, including:

• Encrypted storage
  
  

• Secure login authentication
  
  

• Restricted internal access
  
  

• Regular security monitoring
  
  

No system is 100% secure, but we take all reasonable steps to safeguard your information.

11. Changes to This Policy

We may update this Privacy Policy to reflect new features, legal requirements, or security improvements.
When updates occur, we will:

• Post the updated version on the website
  
  

• Update the “Last Updated” date above
  
  

Significant changes may also be communicated via email or in-app notice.

12. Contact Us

For any privacy-related questions, concerns, or GDPR requests, you may contact us at:

📧 info@wearecapicua.com
📍 1133 Broadway, Office 530, New York, NY, United States