We collect your email address (required for authentication and Time Capsule delivery), your display name (optional), and the journal entries you write. We also collect standard server logs (IP address, browser type, timestamps) for security and performance purposes.
Your email is used solely for authentication, daily reminder emails, and Time Capsule delivery. Your journal entries are used only to display them back to you — we never read, analyse, or share your entries with any third party.
All data is stored on Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data. Entries are encrypted in transit (TLS) and at rest. We retain your data for as long as your account is active.
We use Supabase for database and authentication, Resend for transactional email, Stripe for payment processing, PostHog for anonymous product analytics, and Sentry for error monitoring. Each service has its own privacy policy. We do not sell your data to any third party.
You may request a full export of your data at any time via Settings → Export. You may delete your account and all associated data at any time via Settings → Danger Zone. Deletion is permanent and irreversible.
We use a single authentication cookie (HttpOnly, Secure, SameSite=Lax) to keep you signed in. We do not use advertising or tracking cookies.
Questions about this policy? Email us at privacy@daydot.app.