Privacy Policy

Log in

Last updated: May 1, 2026

This Privacy Policy describes how Hillwork, LLC (“we,” “us,” or “our”) collects, uses, stores, and shares information when you use our gratitude journaling web application (the “Service”), available at https://thank.hillwork.net.

Contact: support@hillwork.com
Mailing address: Hillwork, LLC, 5441 S Macadam Ave Ste R, Portland, OR 97239
Official policy URL: https://thank.hillwork.net/policy

Please read this policy carefully. By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Who this applies to

This policy applies to visitors and registered users of the Service. We operate the Service to provide a personal gratitude journaling and optional social/group experience. The Service is intended for adults 18 years of age or older; see our Terms of Use for eligibility.

2. Information we collect

2.1 Information you provide

  • Journal content and related data. Text you enter as notes or gratitude entries, optional thoughts or comments on entries, reactions, and similar content you submit through the Service.
  • Profile preferences. Information you may provide in your account or settings (for example, display name, timezone, or notification preferences where available).
  • Email address (email sign-in). If you choose “Sign in with email,” you provide an email address so we can send you a one-time sign-in code. We store a normalized form of that email to maintain your account and sign-in identity.
  • Group and collaboration data. If you use shared groups or invitations, we process identifiers and content needed to operate those features (for example, group membership, invitation tokens or requests, and visibility of notes you choose to share).

2.2 Information collected automatically

  • Cookies and similar technologies. We use cookies (and related server-side mechanisms) to maintain your session after sign-in, protect against session fixation, enforce idle timeouts, and optionally support a bounded “stay signed in” experience using an HttpOnly cookie tied to a server-stored token (not stored in browser localStorage for authentication). Session-related data may include a server-side record of recent activity and browser User-Agent string for session integrity checks.
  • Technical data. Standard server and application logs may include IP address, request timestamps, URLs, and error information—used for security, debugging, and reliability.
  • Optional media. If you attach photos or files where the Service supports it, those files are stored according to our configuration (see Section 5).

2.3 Web Push notifications (if you enable them)

If you opt in to browser push notifications, we store Web Push subscription data needed to deliver notifications to your device (for example, push endpoint URL and related cryptographic keys). Push infrastructure may involve your browser vendor’s push service (for example, Mozilla, Google, or Apple, depending on your browser and OS). We use this only to send notifications you have opted into (such as reminders or reply alerts, where enabled).

2.4 Sign in with Google (limited Google user data)

If you choose Sign in with Google, we use Google’s OAuth 2.0 / OpenID Connect sign-in service. Google may show you what information is shared. Based on our current implementation, we request permissions consistent with these purposes:

Data from Google (typical) How we use it
Subject identifier (sub) Stable identifier linking your Google account to your app account in our database.
Email address Account creation, sign-in, communication with your account, and normalized login email on our side where applicable.
Name / profile name Default display name for your account if you do not set another.

We request Google sign-in with openid, email, and profile-related scopes appropriate to standard “Sign in with Google.” We do not use Google sign-in to access your Gmail messages, Google Drive files, Calendar, Contacts, or other Google APIs beyond what is needed for authentication and basic profile information described above.

For users who sign in with Google, we may store Google’s OAuth refresh token (or equivalent) only where needed to revoke our access when you delete your account, consistent with our account-deletion process. We do not use that token to read your Google data for unrelated purposes.

3. How we use information

We use the information above to:

  • Provide, operate, and improve the Service (save and display your journal, groups, and related features).
  • Authenticate you and keep your account secure (sessions, optional bounded reauthentication, fraud and abuse mitigation).
  • Send transactional emails you request (for example, email sign-in codes) using our configured mail delivery.
  • Deliver optional push notifications you enable.
  • Comply with law and enforce our terms.

We do not sell your personal information. We do not use Google user data for surveillance or tracking beyond what is described here, and we do not use Google sign-in data to serve third-party personalized ads in the Service.

4. Google API Services User Data Policy (Limited Use)

If we receive information from Google APIs, our use of that information will comply with the Google API Services User Data Policy, including the Limited Use requirements: we use Google user data only to provide or improve user-facing features of the Service that are prominent in our offering; we do not use such data for advertising purposes as restricted by that policy; and we do not allow humans to read Google user data except as permitted by the policy (for example, with your consent, for security purposes, or as required by law).

5. Where data is stored and subprocessors

  • Our servers and database. Account data, journal content, authentication identifiers, OTP challenges (stored in hashed form), optional push subscription records, and related tables are stored on hosting infrastructure provided by IONOS SE (or its affiliates), which we use as our primary hosting vendor. Unless we tell you otherwise in this policy or in-product notices, data is processed in the United States. Hillwork, LLC is organized under the laws of the State of Oregon; our mailing address is at the top of this policy.
  • Email delivery. Sign-in codes and other emails are sent using SMTP through settings we configure (which may include mail services bundled with our hosting or a separate email provider). Those providers process recipient addresses and message content only as needed to deliver mail.
  • Push services. Push notifications may be routed through your browser’s push network (operated by third parties such as Mozilla, Google, or Apple). Those services receive technical data needed to deliver the notification; they act as infrastructure providers, not as controllers of your journal content.

We may use additional subprocessors for reliability or security; material changes to how we share data will be reflected in updates to this policy.

6. Retention

  • Account data is kept while your account is active.
  • Sessions expire after idle timeout on the server; optional refresh authentication has a bounded maximum lifetime (not indefinite).
  • Sign-in codes (email OTP) are short-lived and invalidated according to our database rules.
  • Google OAuth tokens stored for revocation are removed when your account is deleted or when no longer needed.
  • Server logs may be retained for a limited period for security and operations.

When you delete your account through the Service, we permanently delete your user-owned data held in our database and remove associated files we store (for example, uploaded media tied to your account), subject to reasonable backup rotation delays. Content that belongs to other users (for example, another member’s notes in a shared context) may remain as described at deletion time in the product. We attempt to revoke our Google OAuth access when you delete your account if a stored refresh token is available.

7. Security

We use industry-typical measures appropriate to the Service, including HTTPS in production, secure cookie settings where configured, server-side session controls, and hashed storage for secrets such as one-time codes. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, or to object to certain processing. You may:

  • Update profile or preference settings in the Service where available.
  • Delete your account using the account deletion flow in the Service (permanent).
  • Withdraw optional features such as push notifications in your browser or in-app settings.
  • Contact us at support@hillwork.com for privacy requests.

If you signed in with Google, you can also remove the Service’s access to your Google Account at any time in your Google Account settings (connected apps). That does not delete data already stored in our Service; use account deletion in our app for that.

9. Children’s privacy

The Service is intended for users who are 18 or older and is not directed at children. We do not knowingly collect personal information from anyone under 18. If you are under 18, do not use the Service or provide personal information to us. If you believe we have collected information from someone under 18, contact support@hillwork.com and we will take appropriate steps.

10. International users

Hillwork, LLC is based in the United States (Oregon). If you access the Service from outside the United States, your information may be processed in the United States (including on servers or services located or operated there). By using the Service, you understand that your data may be transferred to the United States or other jurisdictions that may have different data protection laws.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” date. For material changes, we may provide additional notice (for example, a notice in the Service). Continued use after changes constitutes acceptance of the updated policy.

12. U.S. state privacy notices and EU/UK users

Oregon consumers — Oregon Consumer Privacy Act (OCPA)

Oregon law includes the Oregon Consumer Privacy Act (OCPA), which may grant Oregon residents certain privacy rights when the law applies to a business. Applicability depends on factors such as revenue and how much personal data the business processes; exemptions may apply. This policy does not determine legal applicability.

If you are an Oregon resident and believe OCPA applies to our processing of your personal data, you may contact support@hillwork.com to submit requests or questions (for example, access, correction, or deletion, where applicable). We describe account deletion in Section 8. We do not sell personal information as defined under typical state privacy laws.

Other U.S. states

Certain states (including California) impose additional privacy rights and disclosure obligations. If you are a resident of those states, you may have additional rights. Contact support@hillwork.com.

EU / UK / Switzerland

The European Economic Area, United Kingdom, and Switzerland impose specific rules on international transfers and individual rights. Contact support@hillwork.com for requests.

This section is a general summary and is not legal advice. Qualified counsel should confirm whether OCPA or other laws apply to Hillwork’s metrics and practices.

This Privacy Policy is published at https://thank.hillwork.net/policy.

© 2026 Hillwork, LLC. All rights reserved.