Privacy Policy

Last updated: April 2026

Your Privacy Matters

Terpa is a Canadian-made wellness journal designed with privacy at its core. We are committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

What We Collect

• Email address (for account authentication)
• Journal entries you create (encrypted at rest using AES-256-GCM)
• Subscription and payment status (processed by Stripe — we never see your card details)
• Age verification status (we never store your date of birth)
• Essential cookies required for authentication and core functionality

How We Use Your Information

• To provide and maintain the Terpa service
• To generate your personal analytics and insights
• To process subscription payments
• To verify you meet the legal age requirement

What We Never Do

• Sell, rent, or share your personal data with advertisers, data brokers, or third parties for marketing purposes
• Store your date of birth
• Track your location
• Use advertising or tracking cookies
• Share data with employers, insurers, or law enforcement without a valid legal order
• Transfer your personal data outside of Canada without adequate protection

Data Security

Journal notes are encrypted using AES-256-GCM with per-user encryption keys. Your data is stored in encrypted databases with strict access controls. We use industry-standard security measures to protect your personal information.

Your Rights Under PIPEDA

As a Canadian resident, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Withdraw consent for the collection of your information
• File a complaint with the Office of the Privacy Commissioner of Canada

Cookies

Terpa uses only essential cookies required for authentication and core functionality. We do not use advertising, analytics, or tracking cookies.

Data Retention & Deletion

You can delete your account and all associated data at any time from the Settings page. Upon deletion, all personal data including encrypted journal entries are permanently removed.

Third-Party Services

• Clerk — authentication (email, session management)
• Stripe — payment processing (PCI-DSS compliant, we never see card data)
• Vercel — hosting and infrastructure
• Neon — encrypted database hosting

Contact

For privacy inquiries or to exercise your rights under PIPEDA, contact us at privacy@terpa.app

Governing Law

This Privacy Policy is governed by the laws of Canada, including PIPEDA and applicable provincial privacy legislation.