Day Rift ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App") and related services (collectively, the "Services").
Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
1. Data Controller
For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), the data controller responsible for your personal data is:
Day Rift
Email: dayrift.app@gmail.com
Support: dayrift.app@gmail.com
If you have any questions about this Privacy Policy or our data practices, you may contact us using the information provided above.
2. Information We Collect
2.1 Information You Provide Directly
We collect information that you voluntarily provide when using our Services:
Account Registration Data
- Identity Information: Full name, username, email address, phone number
- Authentication Credentials: Password (stored in encrypted form), security questions
- Profile Information: Profile picture, biographical information, preferences, and settings
- Third-Party Authentication: If you choose to register or log in using Google, Apple, or other third-party authentication providers, we receive your name, email address, and profile picture from these services
User-Generated Content
- Habit Data: Habits you create, tracking records, completion status, and associated notes
- Fitness Data: Workout sessions, exercises performed, sets, repetitions, weights, duration, and related fitness metrics
- Focus Session Data: Duration, frequency, and completion status of focus sessions
- Goals and Quests: Personal goals, milestones, progress data, and achievement records
- Notes and Journal Entries: Any text content you choose to add within the App
Communications
- Customer support inquiries and correspondence
- Feedback and survey responses
- Any other information you choose to provide to us
2.2 Information Collected Automatically
When you access or use our Services, we automatically collect certain information:
Device and Technical Information
- Device Identifiers: Unique device identifiers (UDID, advertising ID), device model, manufacturer
- Operating System: OS type and version, device settings
- Network Information: IP address, mobile carrier, network type (WiFi, cellular)
- App Information: App version, installation date, last update date
Usage Information
- Access Logs: Date and time of access, features used, actions taken within the App
- Performance Data: App crashes, system activity, hardware settings
- Interaction Data: Screen views, button clicks, navigation patterns
2.3 Location Data
With your explicit consent, we may collect precise or approximate location information to provide certain features:
- GPS Data: Precise location for outdoor workout tracking (running, walking, cycling)
- Route Information: Movement paths for distance and pace calculations
- Geofencing: Location-based reminders (if enabled)
You may disable location services at any time through your device settings. Disabling location services may limit certain features of the App.
2.4 Health and Fitness Data
With your consent, we may access health and fitness data from Apple HealthKit or Google Fit, including:
- Step count and activity data
- Workout history
- Heart rate data (if available)
- Sleep data (if authorized)
We do not use health data for advertising purposes or share it with third parties for their marketing purposes.
3. Legal Basis for Processing
For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions requiring a legal basis for processing, we process your personal data based on the following legal grounds:
| Processing Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Services | Performance of contract |
| Processing subscription payments | Performance of contract |
| Sending service-related communications | Performance of contract / Legitimate interest |
| Providing customer support | Performance of contract |
| Sending marketing communications | Consent |
| Processing location data | Consent |
| Processing health and fitness data | Explicit consent |
| Analytics and service improvement | Legitimate interest |
| Fraud prevention and security | Legitimate interest |
| Compliance with legal obligations | Legal obligation |
Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.
4. How We Use Your Information
We use the information we collect for the following purposes:
4.1 Service Delivery
- Create, maintain, and secure your account
- Provide, operate, and maintain the App's features and functionality
- Process and complete transactions, including subscription management
- Track your habits, workouts, goals, and progress
- Deliver AI-powered coaching and personalized recommendations
- Provide push notifications and reminders (with your consent)
4.2 Service Improvement
- Analyze usage patterns to improve our Services
- Develop new features and functionality
- Conduct research and analytics
- Debug and repair errors in our Services
4.3 Communication
- Respond to your inquiries and provide customer support
- Send administrative messages, updates, and security alerts
- Send promotional communications (with your consent)
4.4 Safety and Compliance
- Detect, prevent, and address fraud, abuse, and security issues
- Enforce our Terms of Service and other policies
- Comply with legal and regulatory requirements
- Protect the rights, property, and safety of Day Rift, our users, and others
5. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
We may share your information in the following limited circumstances:
5.1 Service Providers
We engage trusted third-party companies and individuals to perform services on our behalf, including:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| RevenueCat | Subscription and payment processing | User ID, subscription status, purchase history |
| Google Cloud / AWS | Cloud hosting and data storage | All service data (encrypted) |
| Google / Apple | Authentication services | Authentication tokens, basic profile |
| Firebase / Analytics providers | Analytics and crash reporting | Usage data, device info, crash logs |
| OpenAI | AI coaching features | Anonymized prompts and context |
These service providers are contractually obligated to protect your information and may only use it to provide services to us.
5.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal process, including:
- Court orders, subpoenas, or other legal process
- Requests from law enforcement or government authorities
- To protect the rights, property, or safety of Day Rift, our users, or others
- To investigate potential violations of our Terms of Service
5.3 Business Transfers
If Day Rift is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.
5.4 With Your Consent
We may share your information for other purposes with your explicit consent.
5.5 Aggregated or De-identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose.
6. International Data Transfers
Your information may be transferred to, stored, and processed in countries other than your country of residence, including countries that may have data protection laws that differ from those in your jurisdiction.
When we transfer personal data outside the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs): EU-approved contractual terms that require parties to protect the privacy and security of personal data
- Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate protection
- Binding Corporate Rules: Internal policies for transfers within corporate groups
- Certified Privacy Frameworks: Where applicable, reliance on certified privacy programs
You may request a copy of the safeguards we use for international transfers by contacting us at dayrift.app@gmail.com.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion request |
| User-generated content (habits, workouts, goals) | Duration of account + 30 days after deletion request |
| Usage and analytics data | 24 months from collection |
| Customer support communications | 3 years from last interaction |
| Transaction and billing records | 7 years (legal/tax requirements) |
| Security and fraud prevention data | Up to 5 years |
When data is no longer required, we securely delete or anonymize it in accordance with applicable data protection laws.
8. Data Security
We implement and maintain appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
8.1 Technical Measures
- Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
- Access Controls: Role-based access controls and multi-factor authentication for system access
- Secure Authentication: Passwords are hashed using bcrypt with appropriate work factors
- Network Security: Firewalls, intrusion detection systems, and regular vulnerability scanning
- Secure Development: Security-focused development practices and regular code reviews
8.2 Organizational Measures
- Regular security assessments and penetration testing
- Employee security training and confidentiality agreements
- Incident response procedures and breach notification protocols
- Vendor security assessments for third-party service providers
Security Incident Notification: In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay and, where required by law, notify the relevant supervisory authority within 72 hours.
While we implement safeguards designed to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your data.
9. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
9.1 Rights Under GDPR (EEA, UK, Switzerland)
- Right of Access: Obtain confirmation of whether we process your personal data and request a copy of that data
- Right to Rectification: Request correction of inaccurate or incomplete personal data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
- Right to Restrict Processing: Request limitation of processing in certain situations
- Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority
9.2 Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: dayrift.app@gmail.com
- In-App: Settings > Privacy > Data Requests
We will respond to your request within 30 days (or the timeframe required by applicable law). We may request verification of your identity before processing your request.
These rights are not absolute and may be subject to limitations under applicable law. We will inform you if any exemptions apply to your request.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
10.1 Your California Rights
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of sensitive personal information
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights
10.2 Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, phone number, device ID)
- Commercial information (subscription and transaction history)
- Internet or network activity (usage data, IP address)
- Geolocation data (with consent)
- Sensory data (profile photos)
- Inferences drawn from the above categories
10.3 "Do Not Sell or Share" Disclosure
We do not sell your personal information. We do not share personal information for cross-context behavioral advertising purposes.
10.4 Exercising Your California Rights
California residents may submit requests by emailing dayrift.app@gmail.com or using the in-app privacy settings. You may designate an authorized agent to make a request on your behalf.
11. Children's Privacy
Our Services are intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age without verifiable parental consent.
11.1 COPPA Compliance (United States)
In compliance with the Children's Online Privacy Protection Act (COPPA):
- We do not knowingly collect personal information from children under 13
- If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly
- Parents or guardians who believe their child has provided us with personal information may contact us at dayrift.app@gmail.com
11.2 Users Aged 13-17
Users between 13 and 17 years of age may use our Services with parental or guardian consent. We encourage parents to monitor their children's online activities and to help enforce this Privacy Policy.
12. Cookies and Tracking Technologies
Our mobile application uses limited tracking technologies to provide and improve our Services:
12.1 Technologies We Use
- Device Identifiers: To maintain your session and provide personalized experiences
- Analytics SDKs: To understand how users interact with our App and improve performance
- Push Notification Tokens: To deliver notifications you have opted into
- Advertising Identifiers: Only if you use the free, ad-supported version (IDFA/GAID)
12.2 Your Choices
- Device Settings: You can reset your advertising identifier or opt out of personalized advertising through your device settings
- iOS: Settings > Privacy > Tracking
- Android: Settings > Google > Ads
- App Permissions: You can manage permissions for location, health data, and notifications in your device settings
13. Automated Decision-Making and AI
Our Services include AI-powered features that process your data to provide personalized coaching and recommendations:
13.1 AI Coaching Features
- Personalized Recommendations: Our AI coach analyzes your habits, goals, and progress to provide tailored suggestions
- Insight Generation: AI processes your activity patterns to generate insights and motivation
- Adaptive Reminders: Timing of notifications may be optimized based on your engagement patterns
13.2 Human Oversight
AI recommendations are supplementary and do not make legally significant decisions about you. You maintain full control over your goals, habits, and how you use the App.
13.3 Your Rights Regarding AI Processing
Under GDPR, you have the right to:
- Obtain information about the logic involved in automated processing
- Request human intervention for significant automated decisions
- Express your point of view and contest automated decisions
14. Third-Party Services and Links
Our App may contain links to or integrations with third-party services, websites, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services.
- We are not responsible for the privacy practices of third-party services
- We encourage you to review the privacy policies of any third-party services you access
- Your interactions with third-party services are governed by their respective terms and policies
Third-party integrations include but are not limited to: Apple HealthKit, Google Fit, Apple Sign-In, Google Sign-In, and payment processors.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
15.1 Notification of Changes
- Material Changes: For significant changes that affect how we process your personal data, we will notify you via email (if you have provided one) and/or through a prominent notice in the App at least 30 days before the changes take effect
- Minor Changes: For non-material updates, we will update the "Effective Date" at the top of this policy
15.2 Your Continued Use
Your continued use of the Services after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you should discontinue use of the Services and delete your account.
We encourage you to periodically review this Privacy Policy to stay informed about our data practices.
16. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Inquiries
Email: dayrift.app@gmail.com
General Support
Email: dayrift.app@gmail.com
Data Protection Requests
For data access, deletion, or correction requests:
Email: dayrift.app@gmail.com
Subject Line: "Data Subject Request - [Your Request Type]"
We aim to respond to all legitimate requests within 30 days. Occasionally, it may take longer if your request is particularly complex or you have made multiple requests, in which case we will notify you and keep you updated.
Supervisory Authority
If you are located in the European Economic Area and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.