WT&F
Pricing For Therapists Reflections Log In Start Tracking

Privacy Policy

Weekly Thoughts & Feelings (WT&F)
Last Updated: January 15, 2026
Effective Date: January 15, 2026

Introduction

Weekly Thoughts & Feelings ("WT&F," "we," "us," or "our") is a personal self-tracking application designed to help individuals in Dialectical Behavior Therapy (DBT) monitor their emotions, urges, behaviors, and skills use. This Privacy Policy explains how we collect, use, store, and protect your information when you use our application and services.

We are committed to protecting your privacy and handling your personal information responsibly. Because we understand the sensitive nature of mental health information, we have designed our service with privacy as a priority.

Important Notice: This Is a Self-Tracking Tool

WT&F is a personal wellness and self-tracking application, not a healthcare provider. We are not a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA). This means:

  • The information you enter in WT&F is not protected by HIPAA
  • We do not provide medical advice, diagnosis, or treatment
  • WT&F is not a substitute for professional mental health care
  • You should continue to work with your licensed therapist or healthcare provider
If you are experiencing a mental health emergency, please contact:
  • 988 Suicide & Crisis Lifeline: Call or text 988
  • Emergency Services: Call 911
  • Crisis Text Line: Text HOME to 741741

WT&F is not designed for use in emergency situations and should not be relied upon for crisis intervention.

Information We Collect

Information You Provide Directly

When you create an account and use WT&F, you may provide:

Account Information:

  • Email address
  • Password (stored in encrypted form)
  • Account type (patient or therapist)
  • Display name or initials (optional)

Diary Card Entries:

  • Emotion ratings (e.g., anger, joy, sadness, anxiety, shame)
  • Urge ratings (e.g., self-harm urges, substance use urges)
  • Behavior tracking (e.g., self-harm, substance use, missed medications)
  • Sleep quality ratings
  • Medication adherence
  • DBT skills used
  • Daily notes
  • Entry dates

Safety Plan Information:

  • Warning signs
  • Coping strategies
  • Support contacts
  • Professional contacts
  • Environment safety notes

Customization Preferences:

  • Which emotions, urges, and behaviors you choose to track
  • Dashboard display preferences

Therapist Linking (if you choose to use this feature):

  • Therapist linking code (for patients)
  • Patient connections (for therapist accounts)

Information Collected Automatically

When you use WT&F, we automatically collect:

  • Device Information: Device type, operating system, browser type
  • Usage Data: Features accessed, time and date of access, pages viewed
  • Log Data: IP address, access times, referring URLs
  • Cookies: Session cookies to keep you logged in (see Cookie Policy below)

We do not use third-party analytics or tracking services. We do not share your data with advertisers or data brokers.

How We Use Your Information

We use your information solely to:

  1. Provide the Service: Store and display your diary entries, generate charts and trends, create PDF reports
  2. Enable Features: Allow therapist linking (if you opt in), maintain streaks, display skills library
  3. Improve the Service: Fix bugs, improve performance, develop new features
  4. Communicate with You: Send service-related emails (password resets, important updates)
  5. Ensure Security: Protect against unauthorized access, detect and prevent fraud

We do NOT:

  • Sell your personal information
  • Share your data with advertisers
  • Use your data for marketing purposes
  • Share your mental health data with third parties (except as described in "Therapist Linking" below)
  • Use your data to train AI models
  • Profile you for purposes unrelated to providing the service

Therapist Linking Feature

WT&F offers an optional feature that allows you to share your data with a therapist who also uses WT&F.

How it works:

  • You (the patient) initiate the connection by entering your therapist's unique linking code
  • Your therapist can then view your dashboard and generate PDF reports
  • You remain in control and can unlink at any time
  • Your therapist can also unlink at any time

What therapists can see:

  • Your diary card entries and trends
  • Your tracked emotions, urges, and behaviors
  • Your skills usage
  • Your safety plan
  • PDF exports of your data

What therapists cannot see:

  • Your email address or password

This is patient-initiated sharing. You choose whether to link with a therapist, and you can revoke access at any time by unlinking from your settings.

Data Storage and Security

Where Your Data Is Stored

Your data is stored on secure servers provided by Railway.app, a cloud hosting service based in the United States. Our database uses PostgreSQL with encryption at rest.

Security Measures

We implement the following security measures:

  • Encryption: Passwords are hashed using industry-standard algorithms; data is encrypted in transit (HTTPS/TLS)
  • Access Controls: Only you (and your linked therapist, if applicable) can access your data
  • Secure Sessions: Session tokens expire after periods of inactivity
  • No Third-Party Tracking: We do not use Google Analytics, Facebook Pixel, or similar tracking tools

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your data as follows:

  • Active Accounts: Your data is retained as long as your account is active
  • Deleted Entries: When you delete a diary entry, it is permanently removed from our database
  • Account Deletion: When you delete your account, all your data is permanently deleted within 30 days
  • Backups: Database backups may retain deleted data for up to 90 days for disaster recovery purposes

Your Rights and Choices

All Users

You have the right to:

  • Access: View your data through the app (free users: last 14 days; premium users: full history)
  • Correction: Edit your diary entries within 7 days of creation
  • Deletion: Delete individual entries or your entire account
  • Data Export: Download your data in PDF format (free users: 7 days; premium users: up to 28 days)
  • Withdraw Consent: Unlink from therapists or delete your account at any time

California Residents (CCPA/CPRA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You can request what personal information we collect, use, and disclose
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out of Sale: We do not sell your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at support@diary-card.com.

Categories of Personal Information Collected (for CCPA disclosure):

  • Identifiers (email address, IP address)
  • Health-related information (emotion ratings, urge ratings, behaviors) - Note: This is sensitive personal information under CPRA
  • Internet activity (usage data, log data)
  • Inferences (trends derived from your diary entries)

We do not sell or share personal information for cross-context behavioral advertising.

European Union Residents (GDPR Rights)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

Legal Basis for Processing:

  • Contract: Processing necessary to provide the service you requested
  • Consent: Processing based on your explicit consent (e.g., therapist linking)
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., security, service improvement)

To exercise these rights, contact us at support@diary-card.com.

Cookies and Similar Technologies

WT&F uses only essential cookies necessary for the service to function:

  • Session Cookies: Keep you logged in during your session
  • CSRF Tokens: Protect against cross-site request forgery attacks

We do not use:

  • Advertising cookies
  • Third-party tracking cookies
  • Analytics cookies from external services

You can configure your browser to refuse cookies, but this may prevent you from using WT&F.

Children's Privacy

WT&F is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For users between 13 and 18, we recommend using WT&F only with parental or guardian awareness and in conjunction with a licensed therapist.

Third-Party Services

WT&F uses the following third-party services to operate:

Service Purpose Data Shared
Railway.app Hosting and database All app data (encrypted)
WeasyPrint PDF generation Data included in PDFs (processed locally)

We do not use:

  • Google Analytics
  • Facebook Pixel
  • Advertising networks
  • Data brokers

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For significant changes, we will notify you via email or in-app notification
  • Continued use of WT&F after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

Email: support@diary-card.com
Website: https://wtfapp.up.railway.app

Summary of Key Points

Topic Summary
What we arePersonal self-tracking app, NOT a healthcare provider
HIPAAWe are not covered by HIPAA
Data sellingWe do NOT sell your data
Third-party trackingWe do NOT use Google Analytics, Facebook, or ad trackers
Therapist sharingOptional, patient-initiated, revocable at any time
Data deletionYou can delete entries or your entire account anytime
SecurityHTTPS encryption, hashed passwords, no third-party tracking
EmergenciesWT&F is NOT for emergencies - call 988 or 911

This Privacy Policy was last reviewed on January 15, 2026.