← Back to DayDot

Privacy Policy

Last updated: June 2026

What we collect

We collect your email address (required for authentication and Time Capsule delivery), your display name (optional), and the journal entries you write. We also collect standard server logs (IP address, browser type, timestamps) for security and performance purposes.

How we use your data

Your email is used solely for authentication, daily reminder emails, and Time Capsule delivery. Your journal entries are used only to display them back to you — we never read, analyse, or share your entries with any third party.

Data storage and security

All data is stored on Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data. Entries are encrypted in transit (TLS) and at rest. We retain your data for as long as your account is active.

Third-party services

We use Supabase for database and authentication, Resend for transactional email, Stripe for payment processing, PostHog for anonymous product analytics, and Sentry for error monitoring. Each service has its own privacy policy. We do not sell your data to any third party.

Your rights

You may request a full export of your data at any time via Settings → Export. You may delete your account and all associated data at any time via Settings → Danger Zone. Deletion is permanent and irreversible.

Cookies

We use a single authentication cookie (HttpOnly, Secure, SameSite=Lax) to keep you signed in. We do not use advertising or tracking cookies.

Contact

Questions about this policy? Email us at privacy@daydot.app.