Dayfuku app icon Dayfuku

Privacy Policy

Effective: May 28, 2026

1. Controller and Contact

The controller responsible for processing personal data within the meaning of the General Data Protection Regulation (GDPR / DSGVO) is the provider identified in our Imprint.

For privacy questions or requests, please use our Contact page.

2. Scope and Overview

This Privacy Policy applies to the Dayfuku iOS app and to this website insofar as it provides legal information and contact links for the app.

Dayfuku follows a local-first architecture. Your journal content is stored on your device by default. The provider does not operate its own servers for storing your journal entries, notes, photos, or activity history.

Depending on which features you use, data may also be processed by Apple services, RevenueCat, and TelemetryDeck. This policy explains which data categories are involved, for what purposes they are processed, and what rights you have.

3. Data Stored in the App

The app stores the following categories of data locally on your device:

  • Journal content: entries, notes, mood selections, dates, timestamps, and activity logs.
  • Photos: images you capture or import for journal entries.
  • Journal context and metadata: optional app-generated metadata and non-HealthKit context associated with your entries, such as dates, timestamps, place labels, activity-related values, and similar contextual information created or imported by features you enable.
  • Apple Health import cache: if you enable Apple Health imports, the app may read and store selected HealthKit-derived values locally on your device, including step count, sleep analysis, workouts, and active energy burned.
  • App configuration: settings, reminder preferences, feature preferences, iCloud sync preference, dictation preferences, app lock preferences, and onboarding progress.
  • Local diagnostics: locally stored crash and error metadata used to help the app record failures on-device.

Legal basis: Art. 6(1)(b) GDPR for providing the app's functionality.

4. Apple Services and Optional App Features

The app can use Apple frameworks and services to provide optional features. These features can be disabled in the app or in iOS Settings where applicable.

  • iCloud Sync (CloudKit): if enabled, journal entries, photos, activity categories, activities, activity logs, and non-HealthKit entry context may be synchronized through your private iCloud database. Values imported from Apple Health/HealthKit are stored locally on your device and are not synchronized through iCloud/CloudKit.
  • Apple Health (HealthKit): if you enable Apple Health imports, Dayfuku may read selected HealthKit data types, including step count, sleep analysis, workouts, and active energy burned. These imported values are used only to add context to your journal and insights, are not used for advertising or marketing, and are not synchronized through iCloud/CloudKit.
  • Other device permissions and local processing features: if you enable relevant features, the app may use device permissions and local processing frameworks, such as location services, maps, camera, photo library access, microphone access, and on-device speech recognition or dictation models, in order to create entries, dictate notes, attach media, derive contextual information, or display saved data.
  • Notifications: used for reminder notifications you configure locally on your device. In addition, the app declares Apple background remote-notification capability used in connection with CloudKit sync behavior.
  • App Store and Apple ID: app downloads, billing, purchase and subscription handling, and refund handling are provided by Apple.

Legal basis: Art. 6(1)(a) GDPR for optional permissions you enable, and Art. 6(1)(b) GDPR where the processing is necessary to provide requested app functionality such as purchases, subscriptions, or optional iCloud sync.

5. Purchase and Subscription Management (RevenueCat)

Dayfuku Pro purchases and subscriptions are supported through RevenueCat. RevenueCat processes purchase, entitlement, and technical metadata needed to validate purchases, determine access, and provide purchase analytics.

The provider does not process App Store payments directly. For details, please refer to RevenueCat's Privacy Policy.

Legal basis: Art. 6(1)(b) GDPR for performance of the purchase or subscription contract.

6. Analytics and Diagnostics (TelemetryDeck)

The app uses TelemetryDeck, a privacy-focused analytics service provided by TelemetryDeck GmbH, for limited product analytics. The purpose of this processing is to understand feature usage and improve onboarding, subscriptions, search, check-in flows, app usability, stability, and overall product quality. The legal basis is Art. 6(1)(f) GDPR.

TelemetryDeck may receive pseudonymous technical metadata, such as app version, build number, device type, operating system version, locale, and a privacy-preserving installation-level identifier, as well as limited app-defined interaction events. These events may indicate whether a feature or screen was used, the source or context of an interaction, and coarse boolean, count, or bucketed values.

The app is not intended to send journal content, free-form notes, search queries, photo contents, precise location coordinates, HealthKit-derived values, or raw data from other similar permission-based sources through analytics events.

The app also stores certain crash and error diagnostics locally on-device. These local diagnostics are separate from TelemetryDeck analytics and are not uploaded by the provider's own backend because the provider does not operate such a backend for app content.

You can disable analytics at any time in the app settings. For details, please refer to TelemetryDeck's Privacy Policy.

7. Website and Contact Processing

This website is a static site. Based on the current site implementation, the provider does not use contact forms, advertising cookies, or website analytics scripts on these pages.

When you visit the website, the hosting provider may process technical access data that is necessary to deliver the site, such as IP address, request metadata, and server logs.

If you contact the provider by email or through a mailto: link, your message and related metadata are processed for the purpose of handling your request.

Legal basis: Art. 6(1)(f) GDPR for secure website delivery and responding to inquiries, and Art. 6(1)(b) GDPR where your request relates to a contractual relationship.

8. Recipients

Depending on how you use Dayfuku, personal data may be processed by the following recipients or service categories:

  • Apple: for App Store distribution, in-app purchases, Apple ID account handling, optional iCloud/CloudKit synchronization, Apple Health/HealthKit access, other device permission-related functionality, and notification delivery.
  • RevenueCat: for purchase and subscription entitlement handling.
  • TelemetryDeck: for limited product analytics.
  • Website hosting and email providers: to deliver this website and receive email inquiries.

9. International Transfers

Apple, RevenueCat, TelemetryDeck, and technical infrastructure providers may process data outside the European Union or European Economic Area, including in the United States, depending on their infrastructure and service configuration.

Where such processing occurs, it is governed by the relevant provider's legal and contractual safeguards. Please review the respective privacy policies of those providers for more information.

10. Data Retention

  • Local app data: remains on your device until you delete it, reset the app's data, or remove the app. This includes HealthKit-derived values imported from Apple Health.
  • iCloud data: remains in your iCloud account until you delete the relevant records or disable sync and remove the synced data. HealthKit-derived imported values are not part of Dayfuku's iCloud synchronization.
  • RevenueCat data: retained according to RevenueCat's policies and any applicable legal obligations.
  • TelemetryDeck analytics: retained according to TelemetryDeck's policies.
  • Email inquiries and website/server logs: retained only as long as needed for the relevant communication, security, or legal purpose.

11. Your Rights

Under the GDPR and the German Federal Data Protection Act (BDSG), you may have the following rights, subject to the applicable legal requirements:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), in particular to processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3) GDPR) for processing based on consent

Because Dayfuku stores most app content locally on your device, you can directly view, edit, delete, or reset much of your data yourself in the app and through your device settings. For third-party or contact-related processing, you may contact the provider via the Contact page.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

As the provider is based in Germany, the competent supervisory authorities are the data protection authorities of the German federal states. A list is available from the German Federal Commissioner for Data Protection and Freedom of Information (BfDI).

13. Automated Decision-Making

The provider does not use automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects or similarly significant effects on you.

14. Children's Privacy

The app is not directed at children under the age of 16 and the provider does not knowingly collect personal data from children under 16.

15. Changes to This Policy

This Privacy Policy may be updated from time to time. The version published on this page is the current version and includes its effective date.