Privacy Policy

Last updated · 18 May 2026

Jungle Journal is a wildlife identification and journaling app for Southern Africa. We built it with privacy as a design principle: your photos, your journal entries, and the AI that identifies wildlife all live on your phone — not on our servers. This policy explains the few things we do collect, why, and how to control them.

If anything in this policy is unclear, contact us at hello@junglejournal.org.

In one paragraph: We store your account email (or Apple Sign-In ID), a unique account identifier, and any community map sightings you choose to share publicly. Wildlife identification runs entirely on your device — your photos are never uploaded for identification. We use PostHog to collect anonymised usage analytics (which features get used, not who used them). You can delete your account at any time from Settings → Account → Delete Account, which permanently removes your data from our servers.

1. Data we collect

Account data

When you create an account, we store:

Your email address (for email signup) or your Apple Sign-In identifier (for Sign in with Apple).
A unique account ID generated by our authentication provider, Supabase.
The date and time your account was created.

We do not collect your name, age, gender, address, or phone number.

Community map sightings

When you choose to share a sighting to the community map (this is opt-in at each capture), we upload:

The species name you photographed.
The conservation status of that species.
An approximate location. For Endangered species, this is fuzzed by 10–25 km before it ever leaves your device. For Critically Endangered species, and for a small list of poaching-target species (rhinos, pangolins, large vultures, wild dog, cheetah, ground hornbill, certain cranes and tortoises), no location is shared at all — the sighting is silently filtered out.
The time of the sighting, rounded to the nearest hour.
Your account ID, so the sighting can be deleted with your account.

We do not upload the photograph itself. We do not upload your exact GPS coordinates for any species.

Community map sightings are automatically deleted from our servers 48 hours after they are reported.

Usage analytics

We use PostHog (a privacy-friendly analytics platform, hosted in the EU) to understand how the app is used. The events we collect are:

Sign-up, sign-in, sign-out, account deletion.
Capture and journal-save events, with metadata like the field book, conservation status, and image quality score (no photo, no location).
Community map share events (whether shared, not what was shared specifically).

Analytics events do not contain your email, your name, your photos, your coordinates, or any identifying personal information. They are tied to your account ID only after you sign in; before sign-in they use a randomly generated device identifier.

You can opt out of analytics by deleting the app — there is no separate analytics opt-out, because we do not collect anything personally identifying.

Location data (on-device only)

The app may ask for permission to access your location. When granted, your location is used:

To tag sightings in your private journal (stays on your device).
To show your position on the in-app map.
To compute the fuzzed area uploaded with eligible community map sightings (see above).

Your precise GPS coordinates are never transmitted to our servers.

Photos and journal entries

Photos you capture and journal entries you write are stored exclusively in your phone's app storage. They are not uploaded to our servers, backed up online, or shared with any third party. If you delete the app, these are deleted with it.

2. How we use your data

Data	Purpose
Email / Apple ID	To authenticate you when you open the app
Account ID	To attach your sightings and analytics events to a stable identifier
Community map sightings	To show other users where wildlife has recently been seen
Usage analytics	To understand which features matter, identify bugs, and improve the app
Location (on-device)	To tag sightings, show the map, and compute fuzzed coordinates

We do not use your data to:

Train AI models (the identification model is pre-trained and never updated with user data without explicit future opt-in).
Sell or rent to third parties.
Show advertising.
Build a marketing profile.

3. Who we share data with

We rely on three third-party services. Each receives only the minimum data needed for its job.

Provider	What they receive	Where data is stored
Supabase (auth + database)	Your email / Apple ID, account ID, community sightings	Frankfurt, Germany (EU)
PostHog (analytics)	Anonymised event data	Frankfurt, Germany (EU)
Apple (Sign in with Apple)	Only what is needed to verify the sign-in token	Apple's data centres

These providers are bound by their own privacy policies and applicable data protection laws. We do not give them permission to use your data for their own purposes.

We may also share data if we are legally required to (e.g. by a court order). We will push back on any request we believe to be overbroad or unlawful.

4. Where your data is stored

All server-side data is stored in Frankfurt, Germany (the European Union) — both Supabase and PostHog are configured to use their EU regions. Data may be processed elsewhere transiently (e.g. content delivery networks for our static site), but the system of record is in the EU.

5. Your rights

You have the following rights over your data under POPIA (South Africa), GDPR (European Union), and equivalent laws elsewhere:

Access. Request a copy of the data we hold about you.
Correction. Ask us to correct anything that is wrong.
Deletion. Permanently remove your account and associated data — built into the app, see Settings → Account → Delete Account.
Portability. Request your data in a structured, machine-readable format.
Objection. Object to specific uses of your data.
Withdraw consent. Stop using the app at any time.
Complain. Lodge a complaint with the South African Information Regulator (inforegulator.org.za) or your local data protection authority.

To exercise any of these rights, email hello@junglejournal.org. We respond within 30 days.

Account deletion in detail

When you tap Delete Account, we:

Delete your row in our users table, which cascades to delete every community sighting attached to your account.
Delete your authentication record, which invalidates your session and frees up your email / Apple ID to be used again.
Reset your analytics distinct identifier so events from the next user of the device are not attributed to you.

Your on-device journal and photos are not affected by account deletion — they remain on your phone. If you want to remove them too, delete the app.

Deletion is irreversible. There is no recovery, no archive, no soft-delete grace period.

6. Children

Jungle Journal is rated 4+ in the App Store. We do not knowingly collect data from children under 13 without parental consent. If you believe a child has created an account, email hello@junglejournal.org and we will delete the account immediately.

7. Security

We take reasonable steps to protect your data:

All network traffic uses HTTPS / TLS.
Database access is enforced by row-level security, so authenticated users can only read and modify their own data.
Passwords are hashed by Supabase using bcrypt; we never see or store plaintext passwords.
Our codebase is audited for hard-coded secrets and improper data handling before each release.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you within 72 hours and report it to the relevant authority as required by law.

8. Changes to this policy

We may update this policy when the app changes. The "Last updated" date at the top reflects the most recent change. For material changes (anything that expands what we collect or how we use it), we will notify you in the app before the change takes effect.

9. Contact

Email: hello@junglejournal.org
Website: junglejournal.org
Operator: Nelson Chainho, South Africa

If you have a privacy concern, please reach out before lodging a regulatory complaint — we want to fix issues quickly.