Hello everyone!

TL;DR:
Journiv is a a beautiful, self-hosted, privacy-first journaling app with mood tracking, daily prompts, and meaningful insights. The mission is simple: your memories should always stay yours. Own them, don’t rent them.

Journiv 0.1.0-beta.4 is now live on GitHub and fully Docker-hostable.
Start owning your thoughts and memories forever and keep them completely private.

The Story Behind Journiv

I got into self-hosting last year and while exploring options journaling solution, I realized there wasn’t a truly modern, self-hosted equivalent to Day One or Apple Journal. Most alternatives were either general note apps or old abandoned projects.

I wanted something focused on journaling with:

• “On This Day” memories
• Prompt-based journaling
• A clean, minimal, distraction-free writing experience

So… I built my own: Journiv, a beautiful (at least I am trying to make it so), self-hosted, privacy-first journaling app with mood tracking, daily prompts, and meaningful insights.

Get Involved

Give Journiv a try, share your feedback and report issues. It means a lot at this stage.

I decided to finally clean up an old account on CivitAI (civitai.com/). Nothing unusual - I just wanted to exercise my right to be forgotten, the one I heard about so much on Reddit before, being a regular lurker.

I sent them a polite email citing Article 17 GDPR. Gave them enough info to find me (email, username, first login date, payment history). Didn’t use my real name, didn’t log in - partly because I didn’t want to trigger Cloudflare’s fingerprinting again.

Their reply?

"When users delete their account, this action is permanent, since we delete any and all data associated with that account."

Maybe? There’s no way to verify their claim without re-engaging. No public deletion policy (civitai.com/content/privacy). No confirmation. No alternative. Only if you log in to do it. Which means triggering Cloudflare’s tracking system again.
I shouldn’t have to expose myself to surveillance just to ask to be forgotten.

Honestly, I was taken aback a little. But fair enough, I thought. I still have a shield for myself - let’s escalate.

I filed with the Irish Data Protection Commission (DPC) - mostly because they accept anonymous, English requests.
They closed my case within days with this:

You’re from Ukraine. Not our problem.

No discussion of whether CivitAI targets EU users (they do!). No interest in the fact they process personal data globally. Didn’t even ask if I was in the EU at that time. Just a flat rejection based on my location.

Fine. Maybe NGOs can help?
I contacted:
- Access Now
- EDRi
- Digitalcourage
- epicenter.works
- Even tried the UK ICO (turns out, CivitAI blocks UK users now, so no luck there)
Out of all of them, only epicenter.works replied - twice - telling me to contact noyb.
Which is silly, because I already did. Over a month ago. Still no reply.

So here I am.
I did everything I could - correctly, thoroughly, and in good faith. But all I got in return is silence, deflection, bureaucracy.
Don’t get me wrong - I still believe in the idea of GDPR. I want to believe in it. But the enforcement? It’s a paper tiger. All bark, no bite. And worst of all, it doesn’t even have self-respect - happy to roll over the moment someone shows up without an EU passport.
This wasn’t about being petty or creating drama. I just wanted to get in control of my data, as was promised by the GDPR declaration.
But apparently, even that is too much to ask.

Anyway, vent over. Just wanted to share this so others don’t waste months chasing rainbows like I did.

And maybe - just maybe - someone at noyb, DPC, or CivitAI will finally read it and feel ashamed enough to act.

P.S. Why I'm posting it here:
- I think it fits this community topic
- This post was removed from r/gdpr by moderators
- Some subreddits ignored my request to approve this post on their subreddits
- r/privacy requires karma to post
- I was shadowbanned by Reddit for no apparent reason
- Similar post saw zero reaction on Mastodon instance
- Twitter & Bluesky requires solving a captcha that I'm incapable of solving
In addition, since the initial post on Reddit and Mastodon weeks ago, I've sent emails to various privacy oriented news outlets and public organizations, but I was ignored by all, but EFF which replied "we can't help you".

EDIT: To clarify a recurring point: GDPR does not require you to be an EU citizen or resident to be protected.
Under Article 3(2), it applies to any company that offers goods/services to people in the EU - even if the user is from Ukraine, the US, or elsewhere. if anyone think I'm in wrong, please provide source. I don't see what I'm doing wrong here.

Proof (screenshots)

My GDPR request sent to support@.

Reasserting rights after their first refusal.

"Use the button." No erasure guarantee.

Irish DPC closes case based on nationality.

cross-posted from: lemmy.ml/post/38782740

As gradually leaked the last days by various news outlets, the EU Commission has secretly set in motion a potentially massive reform of the GDPR. If internal drafts become reality, this would have significant impact on people's fundamental right to privacy and data protection. The reform would be part of the so-called "Digital Omnibus" which was supposed to only bring targeted adjustments to simplify compliance for businesses. Now, the Commission proposes changes to core elements like the definition of "personal data" and all data subject's rights under the GDPR. The leaked draft also suggests to give AI companies (like Google, Meta or OpenAI) a blank check to suck up European's personal data. In addition, the special protection of sensitive data like health data, political views or sexual orientation would be significantly reduced. Also, remote access to personal data on PCs or smart phones without consent of the user would be enabled. Many elements of the envisaged reform would overturn CJEU case law, violate European Conventions and the European Charter of Fundamental Rights. If this extreme draft will become the official position of the European Commission, will only become clear on 19 November, when the "Digital Omnibus" will be officially presented. Schrems: "This would be a massive downgrading of European's privacy ten years after the GDPR was adopted."

Hi everyone, we're mainly looking for feedback and testers for our project, which is currently in beta.
We’ve been working on Safebox, an open-source framework that helps you install, manage, and access self-hosted applications such as Home Assistant, Nextcloud, and Jellyfin etc.
Safebox runs on Linux, macOS, and Windows (supporting both x86 and ARM64 architectures, even Raspberry Pi, Banana Pi hardware also tested). It manages domain and subdomain setup, Let's Encrypt certificates, DNS configuration, and reverse proxy (nginx). It also includes a Wireguard-based remote access feature and a geo-redundant backup system (currently in development).
The project is in beta, and we’re looking for people interested in testing and giving feedback on its usability, stability, features, and really anything else. All information about Safebox and beta testing can be found in our discord channel.

If you’d like to try it out, you can start it with Docker:

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock safebox/framework-scheduler

Then open: http://localhost:8080/

Website: safebox.network/
Github: github.com/safeboxnetwork/fram…
Discord: discord.gg/aBP8bz6N8J

We’d really appreciate any feedback or ideas for improvement.