Privacy Policy
Effective date: April 9, 2025
1. Introduction
Daylore ("we," "us," or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you use our journaling platform at https://daylore.app ("the Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.
2. Information We Collect
We collect information in the following ways:
2.1 Information You Provide Directly
When you register for an account, we collect your name, email address, and password (stored in hashed form). If you register via Google OAuth, we receive your name, email address, and profile picture from Google. When you use the Service, we collect the journal entries, moods, categories, tags, and other content you create ("User Content"). If you subscribe to a paid plan, your payment details are processed directly by Stripe; we store only a Stripe customer identifier and subscription identifier — never your full card number or CVV.
2.2 Information Collected Automatically
When you access the Service, we automatically collect certain technical information, including your IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps. This information is used for security monitoring, abuse prevention, and aggregate analytics. We do not use this data to build individual advertising profiles.
2.3 Information from Third Parties
If you choose to sign in with Google, we receive basic profile information from Google as described in Section 2.1. We do not receive access to your Google Drive, Gmail, or other Google services. Stripe may share limited transaction metadata with us for billing and fraud prevention purposes.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service, including processing and storing your journal entries.
- Generate AI-powered summaries, insights, and coaching responses based on your User Content.
- Process subscription payments and manage your billing relationship.
- Send transactional emails such as password reset links and subscription confirmations.
- Detect, investigate, and prevent fraudulent or abusive activity.
- Improve and develop new features of the Service using aggregated, anonymised usage data.
- Comply with applicable legal obligations.
We do not use your User Content to train general-purpose AI models that are shared with third parties. AI processing of your entries occurs solely to generate personalised responses within your own account.
4. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties. We share information only in the following limited circumstances:
- Service providers: We share data with trusted third-party vendors who help us operate the Service, including cloud infrastructure providers, payment processors (Stripe), and AI model providers. These vendors are contractually obligated to handle your data only as directed by us and in accordance with this policy.
- Legal requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Daylore, our users, or the public.
- Business transfers: If Daylore is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your information becomes subject to a different privacy policy.
- With your consent: We may share your information for any other purpose with your explicit prior consent.
5. Data Retention
We retain your personal information and User Content for as long as your account is active or as needed to provide the Service. If you delete your account, we will permanently delete your User Content and personal information within 30 days, except where we are required to retain certain information for legal, tax, or fraud prevention purposes. Anonymised, aggregated data derived from your usage may be retained indefinitely.
6. Data Security
We implement industry-standard technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), hashed password storage, access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
7. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Correction | Request correction of inaccurate or incomplete data. |
| Deletion | Request deletion of your personal data (subject to legal retention obligations). |
| Portability | Request your data in a structured, machine-readable format. |
| Objection | Object to processing of your data for certain purposes. |
| Restriction | Request that we restrict processing of your data in certain circumstances. |
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. You may also delete your account directly from the account settings at any time.
8. Cookies and Tracking
Daylore uses session cookies to maintain your authenticated state. These are strictly necessary for the Service to function and are not used for advertising or cross-site tracking. We do not use third-party advertising cookies. We may use anonymised analytics to understand aggregate usage patterns and improve the Service.
9. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].
10. International Data Transfers
Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those in your country. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by relevant data protection authorities.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: