Privacy Policy
Last updated: March 12, 2025
1. Who We Are
DayOne ("we," "our," or "us") operates the DayOne application available at dayone.cards and on mobile platforms. We help individuals and organizations turn documents, audio, and video into AI-generated learning courses. This Privacy Policy explains what information we collect, how we use it, and your rights.
2. Information We Collect
Account Information
When you create an account, we collect your email address and a password (stored as a secure hash). If you sign in with Apple or Google, we receive your name and email as shared by that provider.
Content You Upload
When you generate a course, you may upload files (PDFs, Word documents, audio, or video). These files are transmitted to our AI processing service (Google Gemini) for analysis and are not permanently stored on our servers beyond what is needed to generate your course. Generated course content is stored in your account.
Usage Data
We collect data about how you interact with the app — which courses you complete, quiz scores, and XP earned — to power your learning progress dashboard.
Payment Information
Payments are processed by Stripe. We do not store your card number, CVC, or full payment details. We receive a payment confirmation and your subscription status from Stripe.
Device and Technical Data
We may collect your device type, operating system version, browser type, and IP address for security and debugging purposes. We do not sell this data.
3. How We Use Your Information
- To provide and operate the DayOne service
- To generate AI-powered courses from your uploaded content
- To track and display your learning progress
- To process payments and manage your subscription
- To send transactional emails (account confirmation, password reset, receipts)
- To improve the app and fix bugs
- To comply with legal obligations
We do not use your content to train AI models. We do not sell your personal data to third parties.
4. Third-Party Services
We use the following third-party services to operate DayOne:
5. Data Retention
We retain your account data for as long as your account is active. Uploaded source files (PDFs, videos, audio) are not retained after course generation completes. Generated course content and progress data are retained until you delete your account or the specific course. You can delete your account at any time from your Profile page, which permanently removes your personal data.
6. Your Rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Export your data in a portable format
- Opt out of marketing communications
- Lodge a complaint with a data protection authority (EU/UK users)
To exercise any of these rights, email us at privacy@dayone.cards. We will respond within 30 days.
7. Children's Privacy
DayOne is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, please contact us at privacy@dayone.cards and we will delete it promptly.
8. Security
We use industry-standard security practices including encrypted data transmission (HTTPS/TLS), hashed passwords, row-level security on our database, and authenticated API endpoints. No system is perfectly secure — if you discover a security vulnerability, please disclose it responsibly to privacy@dayone.cards.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the app. Your continued use of DayOne after changes take effect constitutes acceptance of the updated policy.
10. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
privacy@dayone.cards