Jenora
Sign InGet Early Access

Legal

Privacy Policy

Effective date: March 30, 2026

Jenora (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use the Jenora mobile application, web application, and related services (the “Services”), how we use and protect that information, and your rights regarding your data.

Jenora is designed for personal growth, mental health support, and recovery. We understand that the information you share with us is sensitive. We treat it accordingly.

1. Information We Collect

Information you provide directly

  • Account information: Email address, display name, and password when you create an account.
  • Onboarding responses: Your focus area (recovery, mental health, personal growth), self-reported patterns, values, and goals — used to personalize your roadmap.
  • Reflections and journal entries: Check-ins, mood logs, guided reflections, and journal entries you create within the app.
  • Worksheet responses: Responses to structured exercises, CBT tools, and psychoeducation activities.
  • Zone planning data: Green, yellow, and red zone plans and entries you create.
  • Progress data: Roadmap progress, learning history, and activity records.

Information collected automatically

  • Usage data: Features used, pages visited, and general interaction patterns — used to improve the app experience.
  • Device information: Device type, operating system, and app version for debugging and compatibility purposes.
  • Authentication tokens: Secure session tokens used to keep you signed in safely.

Information from therapist connections

If you choose to connect your account to a therapist or clinician using the Jenora Therapist Portal, you control exactly which categories of data (check-ins, mood logs, zone scores, roadmap progress) are visible to them. No data is shared with a connected therapist by default. See Section 4 for details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, personalize, and improve the Jenora Services
  • Build and maintain your personalized roadmap and progress history
  • Display your data to connected therapists, only with your explicit consent
  • Send you in-app notifications and service-related communications
  • Diagnose technical issues and improve app reliability
  • Comply with legal obligations

We do not use your mental health data for advertising, marketing profiling, or any purpose unrelated to delivering the Services to you.

3. How We Protect Your Information

  • Encryption in transit: All data transmitted between your device and our servers uses TLS (Transport Layer Security).
  • Encryption at rest: Data stored in our database is encrypted at rest using industry-standard methods.
  • Access controls: Role-based access controls ensure that system components can only access data necessary for their function.
  • Session security: Sessions are managed using secure, httpOnly cookies with role-differentiated expiration — 8 hours for clinician accounts and 14 days for personal accounts.
  • Infrastructure: Jenora is built on Google Firebase, a SOC 2 Type II and ISO 27001 certified platform.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we take reasonable and industry-standard measures to protect your data.

4. Therapist Access and Consent

The Jenora Therapist Portal allows licensed clinicians to view a structured summary of a client’s engagement and progress — only when the client has explicitly consented.

  • Consent is required before any data is shared. A therapist cannot view any client data until the client links their account and selects what to share.
  • You control the scope. You choose which categories of data are visible. You can change or revoke this at any time from within the app.
  • Revocation is immediate. When you revoke a therapist’s access, they lose visibility immediately.
  • Therapist access is logged. Access events to your data via the portal are logged for auditability.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

  • Service providers: We use third-party services (such as Firebase for authentication, database, and hosting) that process data on our behalf under strict data processing agreements.
  • Connected therapists: Only data you explicitly consent to share, as described in Section 4.
  • Legal requirements: If required by law, court order, or governmental authority, we may disclose information as necessary.
  • Safety: If we believe disclosure is necessary to prevent imminent harm to you or others, we may share information with appropriate parties.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

You can request deletion of your account and associated data at any time by contacting us at privacy@jenora.com.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of the personal data we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your personal data
  • Restrict or object to certain processing of your data
  • Receive your data in a portable format
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@jenora.com. We will respond within 30 days.

8. HIPAA Notice

Jenora is not currently a HIPAA-covered entity and does not operate as a Business Associate under HIPAA for clinical practice management. We are actively working toward formal HIPAA alignment and will update this policy when that milestone is reached.

Therapists using the Jenora Therapist Portal should be aware of this status and evaluate their own obligations before using the portal for clients subject to HIPAA protections.

9. Children’s Privacy

Jenora is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.

10. Third-Party Services

Jenora uses the following third-party infrastructure:

  • Google Firebase — Authentication, database (Firestore), and cloud hosting. Subject to Google’s privacy and security standards.

We do not integrate advertising networks, social media trackers, or analytics platforms that profile you across the web.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page and, for material changes, notify you via in-app notice or email. Your continued use of the Services after any change constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your data, please contact us:

Jenora
Email: privacy@jenora.com

Have a question about your data? Contact us

← Back to home