Privacy Policy

1. Information We Collect

When you use DayGrid, we collect the following information:

• Account information: Your name, email address, and password (hashed). If you sign in via Google or Apple, we receive your name and email from the OAuth provider.
• Journal entries: The content you write, including text, images, mood ratings, and tags.
• Habit data: Habits you track and your daily completion logs.
• Usage data: Word counts, streaks, goals, and writing analytics.
• Payment information: Processed securely by Stripe. We store your Stripe customer ID but never your card details.
• Technical data: IP address and user agent are recorded with your session for security purposes. Server-side error logs (via Sentry) may capture request metadata to diagnose issues. Product analytics (via PostHog) track anonymized usage patterns to improve the service.

2. How We Use Your Information

We use your information to:

• Provide and maintain the DayGrid service.
• Display your writing analytics, streaks, and habit progress.
• Process subscription payments through Stripe.
• Send essential account-related emails (verification, password resets).
• Send optional reminder and summary emails (which you can disable at any time).
• Monitor and fix errors via error tracking (Sentry).
• Understand usage patterns to improve the product (PostHog).

3. AI and Your Writing

Your journal entries, habit data, and personal writing are never used for AI training, machine learning, or any form of automated content analysis. Your writing is your property alone. We do not read, analyze, or share the content of your entries for any purpose beyond providing the service to you.

4. Data Storage & Security

Your data is stored in a PostgreSQL database. All data is encrypted in transit using TLS and encrypted at rest on our hosting infrastructure. Passwords are hashed using industry-standard algorithms. PIN codes are hashed using bcrypt. We do not sell, trade, or rent your personal information to third parties.

5. Third-Party Services

We use the following third-party services:

• Stripe: Payment processing. See Stripe's Privacy Policy.
• Brevo: Transactional email delivery (verification, reminders, password resets). See Brevo's Privacy Policy.
• Sentry: Error tracking and monitoring. See Sentry's Privacy Policy.
• PostHog: Product analytics. See PostHog's Privacy Policy.

None of these services have access to the content of your journal entries.

6. Your Rights

You have the right to:

• Export your data: Download all your entries and habit data in Markdown or JSON format from Settings.
• Delete your account: Permanently delete your account and all associated data from Settings. Deletion is processed immediately, with data fully purged from backups within 30 days.
• Update your information: Edit your profile and preferences at any time.
• Unsubscribe from emails: Disable reminders and marketing emails with one click from any email or in Settings.

7. International Users & GDPR

If you are located in the European Economic Area (EEA), our lawful basis for processing your personal data is:

• Contract performance: Processing necessary to provide you the DayGrid service (account management, data storage, email delivery).
• Legitimate interest: Error monitoring, security logging, and product analytics to maintain and improve the service.
• Consent: Optional reminder emails and push notifications, which you can withdraw at any time.

You have the right to access, rectify, or erase your personal data, restrict processing, object to processing, and data portability. You also have the right to lodge a complaint with your local data protection supervisory authority.

8. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify relevant supervisory authorities where required by law.

9. Cookies

DayGrid uses essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Product analytics are collected via a first-party proxy and do not rely on third-party cookies.

10. Children's Privacy

DayGrid is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children.

11. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data is removed immediately from our production database and fully purged from backups within 30 days. Server-side error logs are retained for 90 days. Analytics data is retained in anonymized form.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email and by posting the updated policy on this page with a new "Last updated" date.

13. Contact

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at support@daygrid.org.