Privacy Policy
Last updated: March 26, 2026
Daylume ("we", "our", "us") is an AI-powered weekly task management app for iOS developed by an individual developer. This Privacy Policy explains how we collect, use, and protect your information when you use Daylume.
1. Data We Collect
| Data | How Collected | Purpose |
|---|---|---|
| Full name | Sign in with Apple (optional, user may hide) | Display in app |
| Email address | Sign in with Apple (may be relay address) | Account identification |
| Apple user ID | Sign in with Apple | Authentication |
| Timezone | Device setting, sent on first login | Display tasks in local time |
| Tasks (title, notes, scheduled time, priority, label) | User-created in app | Core product functionality |
| Voice recordings / audio | User records via microphone | Sent to Groq API for speech-to-text transcription |
| AI transcripts | Generated from voice recordings | Parsed by AI to create task suggestions |
| Google Calendar data | OAuth connection (optional, paid feature) | Two-way calendar sync |
| Subscription status | Apple In-App Purchase | Determine feature access |
| Device token | iOS push notification registration (future) | Send push notifications |
2. How We Use Data
- Tasks, labels, and scheduling data are stored to provide the core service.
- Voice recordings are sent directly to Groq (third-party AI provider) for transcription — we do not store audio files on our servers.
- AI transcripts are stored temporarily (90 days) for task parsing and pattern learning, then automatically deleted.
- Google Calendar tokens are encrypted at rest (AES-256-GCM).
- We analyze task patterns (preferred times, common labels) to improve AI suggestions — this data stays in your profile.
3. Third-Party Services
| Service | What We Share | Purpose |
|---|---|---|
| Apple (Sign in with Apple / StoreKit) | Authentication tokens, transaction data | User login, subscription billing |
| Groq | Audio files, text transcripts | Speech-to-text and AI task parsing |
| Google (Calendar API) | Calendar events (optional) | Two-way calendar sync |
| Sentry | Error logs, crash reports (optional) | Bug tracking |
4. Data Storage & Security
- All data stored on AWS (us-east-1, Virginia).
- Database: Amazon RDS PostgreSQL with encryption at rest.
- Cache: Amazon ElastiCache Redis.
- All API traffic over HTTPS (TLS 1.2+).
- Google OAuth tokens encrypted with AES-256-GCM.
- JWT authentication with token blocklist support.
- No data sold to third parties. Ever.
5. Data Retention
| Data | Retention |
|---|---|
| User account | Until user requests deletion |
| Tasks (active) | Until user deletes |
| Tasks (soft-deleted) | 30 days, then permanently purged |
| AI request transcripts | 90 days, then automatically purged |
| Voice recordings | Not stored — streamed to Groq and discarded |
| Google Calendar tokens | Until user disconnects |
6. Your Rights
- Access: View all your data through the app.
- Delete: Delete individual tasks or request full account deletion via email to m@hads.sa.
- Disconnect: Disconnect Google Calendar at any time — tokens are immediately revoked and deleted.
- Export: Request a data export via email.
7. Children
Daylume is not intended for children under 13. We do not knowingly collect data from children.
8. Changes to This Policy
We may update this policy from time to time. Users will be notified of material changes via the app or email. Continued use after changes constitutes acceptance.
9. Contact
For questions, data requests, or account deletion: m@hads.sa