Dayfuku app icon Dayfuku

Privacy Policy

Effective: April 6, 2026

1. Controller and Contact

The controller responsible for processing personal data within the meaning of the General Data Protection Regulation (GDPR / DSGVO) is the provider identified in our Imprint.

For privacy questions or requests, please use our Contact page.

2. Scope and Overview

This Privacy Policy applies to the Dayfuku iOS app and to this website insofar as it provides legal information and contact links for the app.

Dayfuku follows a local-first architecture. Your journal content is stored on your device by default. The provider does not operate its own servers for storing your journal entries, notes, photos, or activity history.

Depending on which features you use, data may also be processed by Apple services, RevenueCat, and TelemetryDeck. This policy explains which data categories are involved, for what purposes they are processed, and what rights you have.

3. Data Stored in the App

The app stores the following categories of data locally on your device:

  • Journal content: entries, notes, mood selections, dates, timestamps, and activity logs.
  • Photos: images you capture or import for journal entries.
  • Imported day context: geographic coordinates, approximate place name, step count, sleep hours, and calendar event count, if you enable those imports.
  • App configuration: settings, reminder preferences, import preferences, iCloud sync preference, onboarding progress, and any optional name you enter during onboarding.
  • Local diagnostics: locally stored crash and error metadata used to help the app record failures on-device.

Legal basis: Art. 6(1)(b) GDPR for providing the app's functionality.

4. Apple Services and Optional App Features

The app can use Apple frameworks and services to provide optional features. These features can be disabled in the app or in iOS Settings where applicable.

  • iCloud Sync (CloudKit): if enabled, journal entries, day context, photos, activity categories, activities, and activity logs may be synchronized through your private iCloud database.
  • HealthKit: the app may read step count and sleep analysis data if you grant access. The app uses derived values such as step count and sleep hours in your journal context. If iCloud sync is enabled, those stored values may also synchronize through CloudKit.
  • Location Services and Maps: if you enable location import, the app can request your current location, derive an approximate place label using Apple location/map services, and display saved locations on Apple maps. Stored location-related data may synchronize through iCloud if sync is enabled.
  • Calendar: if you enable calendar import, the app requests calendar access through Apple's EventKit permission flow and uses it to determine the daily event count. The app does not intentionally store calendar titles, descriptions, or attendee details.
  • Camera and Photo Library: used to capture or import photos for journal entries.
  • Notifications: used for reminder notifications you configure locally on your device. In addition, the app declares Apple background remote-notification capability used in connection with CloudKit sync behavior.
  • App Store and Apple ID: app downloads, billing, subscription purchase handling, and refund handling are provided by Apple.

Legal basis: Art. 6(1)(a) GDPR for optional permissions you enable, and Art. 6(1)(b) GDPR where the processing is necessary to provide requested app functionality such as subscriptions or optional iCloud sync.

5. Subscription Management (RevenueCat)

Dayfuku Pro subscriptions are supported through RevenueCat. RevenueCat may process subscription-related information such as transaction identifiers, entitlement status, purchase timestamps, and an app-level identifier used to determine subscription access.

The provider does not process App Store payments directly. For details, please refer to RevenueCat's Privacy Policy.

Legal basis: Art. 6(1)(b) GDPR for performance of the subscription contract.

6. Analytics and Diagnostics (TelemetryDeck)

The app uses TelemetryDeck for limited product analytics. Current analytics are limited to onboarding-related events and selected non-content properties such as onboarding step transitions, counts of selected activities and categories, whether a mood was chosen, and which import options were enabled.

TelemetryDeck may also receive technical metadata provided by its SDK, such as app version, build number, device type, operating system version, locale, and a privacy-preserving installation-level identifier.

The app is not intended to send journal content, free-form notes, photo contents, or your contact information through analytics events.

The app also stores certain crash and error diagnostics locally on-device. These local diagnostics are separate from TelemetryDeck analytics and are not uploaded by the provider's own backend because the provider does not operate such a backend for app content.

For details, please refer to TelemetryDeck's Privacy Policy.

Legal basis: Art. 6(1)(f) GDPR based on the legitimate interest in improving app stability, onboarding, and product quality in a data-minimizing way.

7. Website and Contact Processing

This website is a static site. Based on the current site implementation, the provider does not use contact forms, advertising cookies, or website analytics scripts on these pages.

When you visit the website, the hosting provider may process technical access data that is necessary to deliver the site, such as IP address, request metadata, and server logs.

If you contact the provider by email or through a mailto: link, your message and related metadata are processed for the purpose of handling your request.

Legal basis: Art. 6(1)(f) GDPR for secure website delivery and responding to inquiries, and Art. 6(1)(b) GDPR where your request relates to a contractual relationship.

8. Recipients

Depending on how you use Dayfuku, personal data may be processed by the following recipients or service categories:

  • Apple: for App Store distribution, in-app purchases, Apple ID account handling, iCloud/CloudKit synchronization, location/map services, and notification delivery.
  • RevenueCat: for subscription entitlement and purchase-status handling.
  • TelemetryDeck: for limited product analytics.
  • Website hosting and email providers: to deliver this website and receive email inquiries.

9. International Transfers

Apple, RevenueCat, TelemetryDeck, and technical infrastructure providers may process data outside the European Union or European Economic Area, including in the United States, depending on their infrastructure and service configuration.

Where such processing occurs, it is governed by the relevant provider's legal and contractual safeguards. Please review the respective privacy policies of those providers for more information.

10. Data Retention

  • Local app data: remains on your device until you delete it, reset the app's data, or remove the app.
  • iCloud data: remains in your iCloud account until you delete the relevant records or disable sync and remove the synced data.
  • RevenueCat data: retained according to RevenueCat's policies and any applicable legal obligations.
  • TelemetryDeck analytics: retained according to TelemetryDeck's policies.
  • Email inquiries and website/server logs: retained only as long as needed for the relevant communication, security, or legal purpose.

11. Your Rights

Under the GDPR and the German Federal Data Protection Act (BDSG), you may have the following rights, subject to the applicable legal requirements:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), in particular to processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3) GDPR) for processing based on consent

Because Dayfuku stores most app content locally on your device, you can directly view, edit, delete, or reset much of your data yourself in the app and through your device settings. For third-party or contact-related processing, you may contact the provider via the Contact page.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

As the provider is based in Germany, the competent supervisory authorities are the data protection authorities of the German federal states. A list is available from the German Federal Commissioner for Data Protection and Freedom of Information (BfDI).

13. Automated Decision-Making

The provider does not use automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects or similarly significant effects on you.

14. Children's Privacy

The app is not directed at children under the age of 16 and the provider does not knowingly collect personal data from children under 16.

15. Changes to This Policy

This Privacy Policy may be updated from time to time. The version published on this page is the current version and includes its effective date.