Application security and data privacy are fundamental in building trustworthy digital experiences. The promise of user-protection that is assured by apps and also expected by users plays a vital role in ensuring the integrity, confidentiality, and availability of digital systems, applications, and sensitive information.

App security and user-protection have, and continue to remain at the top of users' priorities whenever they are introduced to a new app. At the core of many users' concerns while using a mobile or web app, unsecure apps can be susceptible to breaches and attacks, leaving users at risk of losing their personal information and data.

And these are also non-negotiables at Journey.

Journey has shown promise in its investment in improving the platform's security and privacy measures to ensure a safe and reliable platform for users with every update, revision, and app upgrade. Application security and data privacy are of utmost importance in a journaling or digital diary app like Journey, considering the sensitive and personal nature of the information involved.

Journey is aware of this responsibility it has to its users. Journaling apps like Journey contain highly personal and emotional content. The intimate nature of journaling content means users expect would also expect a high level of privacy. Users trust the app to keep their thoughts, feelings, and experiences confidential, making robust application security measures imperative in preventing unauthorized access to its sensitive content.

Journey's Current Security Measures

Software Security

Journey's security and privacy measures currently include both software and procedures that minimize and prevent security vulnerabilities when it comes to the collection, use, and disclosure of users' information.

Journey's privacy measures span across both software and security measures that are taken in-app.
Journey's privacy measures span across both software and security measures that are taken in-app.

The app only collects needful information when an individual registers for an account, makes a purchase, communicates with them via social media sites, or requests for customer support. With the understanding that a compromised journaling app could lead to unauthorized individuals gaining access to a user's private thoughts and memories, strong software security measures and authentication mechanisms such as End-to-end encryption, passcodes, biometric locks, and hiding one's email address ensure that only authorized users can access their accounts have been put in place in the app.

Cloud Storage Security

Google Drive, like many other cloud storage and collaboration platforms, has a range of security and privacy features to protect user data. As a cloud storage service on Journey, users' data remains solely on their own Google Drive with no access granted to backend servers. Information that is received from users is also encrypted in transmission using HTTPS on the Google Drive.

Journey Cloud Sync, Journey's very own cloud sync service, offers on-demand sync, HLS video and media streaming, a built-in smart search engine, end-to-end encryption, consolidated media viewing, shared journals, bulk and single archive backups, and more. With cloud storage solutions, the security of using it and its increased vulnerability to security threats and breaches considering that it is made available over various networks and connected to the cloud can be a cause for concern to users.

Users can opt to create a Google Drive or Journey Sync Drive cloud storage on Journey.
Users can opt to create a Google Drive or Journey Sync Drive cloud storage on Journey.

While Journey's Journey Cloud Sync service hosts users' data, security measures like End-to-end encryption, and passcode and biometric locks have been put in place to ensure users of their privacy and app security.

The asymmetric encryption has been designed to be secure and verifiable by users and users only. This security measure ensures that data transmitted between a user and Journey remains encrypted and protected from unauthorized access throughout the entire process. With a personal passphrase, users encrypt information in such a way that only they, the owner of the data, can decrypt and read it. Since the information is encrypted on the user's device and can only be decrypted by the owner of the content, a service provider like Journey that is facilitating the cloud sync cannot access or read the content. This ensures that the sensitive information in their journal entries and media files remain confidential and protected from unauthorized access.

Users can only decrypt encrypted journals with their personal passphrase.
Users can only decrypt encrypted journals with their personal passphrase.

The Price of Data Privacy

Data privacy in apps can vary significantly based on the design, policies, and practices of app developers. This ranges from user' data being at risk to data being well-protected and secure on the platform.

When active on digital platforms, users should be privy to how well their data is being protected and kept secure on the platforms.
When active on digital platforms, users should be privy to how well their data is being protected and kept secure on the platforms.

Some apps may collect extensive user data without clear consent or transparency, gathering more data than necessary for the app's functionality. Where there is poor data security, user data could also be potentially be shared with third parties, advertisers, or data brokers without explicit user consent. This can lead to targeted ads or even the sale of user data. Sensitive user data might be stored or transmitted without encryption, making it vulnerable to interception.

Apps that provide some level of transparency regarding data collection practice and request user consent for data usage. Data sharing might occur, but it's disclosed to users, and they have some control over what data is shared and with whom. Sensitive data would also be encrypted during transmission, but storage encryption might be minimal.

With apps that have strong security and privacy measures in place, there is minimal collection of personal data and use techniques like data anonymization or pseudonymization to protect user identities. Any data sharing is opt-in, and users have clear visibility into what data is shared, with whom, and for what purpose. Robust end-to-end encryption is also implemented, ensuring that only authorized parties can access the data.

Where does Journey stand?

Using apps that prioritize data privacy and security like Journey might require users to invest a little bit more time to set up security features, configuring privacy settings, and learning about the app's security practices. In Journey's case, this includes tasks like enabling end-to-end encryption, remembering one's passphrase, setting up the biometric lock or passcode for the app, and reviewing permissions and security prompts that surface. These efforts can sometimes impact the user experience by adding extra steps or causing inconvenience. But when it comes to balancing security with user convenience, these efforts are not futile, and Journey has established its priorities.

As a secure and privacy-conscious app, Journey also require users to pay for its premium membership and services. While some free apps generate revenue by offering their services for free to users while monetizing user data; by collecting various forms of user data, such as personal information, browsing habits, location data, etc., paid apps do not rely on user data for funding.

Is Journey Cloud Sync safe?

Journey's recent addition to their platform, Journey Cloud Sync, is a cloud storage solution that is native to the Journey platform. With this addition, the journaling experience on the platform is said to have expanded, with new and unlimited possibilities having been opened up with the now available faster and on-demand sync, a built-in smart search engine, faster online media streaming, end-to-end encryption, consolidated media viewing, shared journals, and other features.

The nucleus of Journey Cloud Sync, it's on-demand feature, provides a much quicker and more efficient way of managing a large number of journal entries and media files on Journey. With on-demand, users now get to stream over large media files in a much shorter span of time. The new on-demand cloud sync also allows users to synchronize data between their devices and a cloud storage service upon request. It enables users to access and update their journal entries seamlessly across multiple devices while ensuring that the data remains consistent and up to date.

Undoubtedly, these multi-device, online streaming services are sure to raise concerns over data security. These concerns are rooted in the potential vulnerabilities associated with storing and transmitting personal data over the internet. If the app's cloud storage is not properly secured, there's a risk of unauthorized access to user data. Data breaches can result in sensitive information, such as personal details, payment information, and stored files, being exposed to malicious actors.

With cloud storage, there's a concern that someone with malicious intent could gain unauthorized access to stored files. This could lead to identity theft, financial fraud, or exposure of personal content.

Users may also worry about the security of their data during transmission and storage. End-to-end encryption ensures that data is encrypted on the user's device, transmitted securely to the cloud, and decrypted only when accessed by the user. Lack of proper encryption can expose data to interception and unauthorized access.

Journey Cloud Sync's Privacy & Security Features

Yet, Journey has shown promise in keeping their user's privacy and the safe-keeping of their journal entries a priority.

In line with their continuing efforts to ensure data and user privacy, Journey Cloud Sync comes with End-to-end encryption. When a user creates a Journey Cloud Sync drive, they can choose to turn on end-to-end encryption. With standard asymmetric end-to-end encryption protocols and technologies being put in place, journal entries and images can be further protected and kept private in the platform, allowing our users to continue to feel safe using Journey.

To provide further agency and security to it's users, Journey has also been looking into exploring open-source Journey Cloud Sync, through which users can self-host their data. While the most private and safe way to maneuver Journey is still the available End-to-end encryption, users with the technical knowledge and knack to set up self-hosting can benefit from this safety feature as well.

Encryption, by far, ensures reliable data privacy and user security on Journey.
Encryption, by far, ensures reliable data privacy and user security on Journey.

The Possibility of Self-Hosting

Self-hosting data on an app involves managing and storing your data on your own servers or infrastructure, rather than relying on external third-party services. This gives you more control over your data's security, privacy, and accessibility. This can be particularly relevant when dealing with sensitive or private information, as it reduces the reliance on external entities to handle and protect your data.

Self-hosting your journal data gives you more control over your data's security, privacy, and accessibility.
Self-hosting your journal data gives you more control over your data's security, privacy, and accessibility.

For instance, if you're using an app to manage personal information like notes, files, or journals, self-hosting means that the data is stored on your own servers or cloud storage, under your direct control. This contrasts with relying on the app's provider to store and manage your data on their servers.

When introduced to the Journey platform however, users will need to pay for the usage of the app. While self-hosting may provide data Control, privacy, flexibility, and offer you some sort of independence, it may not be as cost-efficient as holding a Journey Cloud Sync drive on Journey itself.

What more can Journey users do?

While Journey has shown commitment in ensuring the privacy and security of their users with already existing app features such as the passcode and biometric locks, as well as recent additions such as End-to-end encryption in Journey Cloud Sync, it is no doubt that responsibility also lies on the users' part to make full use of the security measures that have been in put in place in the app.

Users can create a Journey account with their Google account or Apple ID.
Users can create a Journey account with their Google account or Apple ID.

Users can choose to use Apple sign-in to hide their email address, so Journey has no means of identifying them. By enabling End-to-end encryption in their Journey Cloud Sync drives, setting up passcodes and biometric locks to restrict anyone else from having access to the app on their devices, and looking into the possibility of self-hosting with Journey, users can most definitely journal without having to worry about anyone getting access to their reflections.

The concept of keeping a personal diary has transformed into a more convenient and accessible experience through the use of digital diary apps like Journey. However, this convenience comes with a responsibility—a responsibility to safeguard data privacy and ensure user-security; on both ends, user and app developers.

The significance of data privacy cannot be overstated, as our personal insights, reflections, and emotions deserve protection from unauthorized access. On the users' part, by understanding the potential risks, taking your own security precautions, and being discerning about the apps you choose, you're taking steps toward creating a safe digital haven for your thoughts. The importance of encryption, secure authentication methods like biometric and passcode locks, and regularly updating your app cannot be emphasized enough.

But if you're looking for a space where you can feel comfortable expressing your thoughts without concerns about the security of your personal information, Journey has a seal of approval.