Privacy Policy

Last updated: May 27, 2026

Dayfall is a minimalist health tracker. This policy explains what information Dayfall collects from you, how it’s stored, how long it’s kept, and how you can delete it. We collect as little as possible.

1. What we collect

When you sign in with Google, we receive and store the following from your Google account:

• Your name (as it appears on Google)
• Your email address
• Your profile picture URL
• A stable Google user ID (so we can recognize you on next sign-in)

When you use the app, we store the following information you create:

• Daily check-ins. For each day, we store your food answer (−1, 0, or +1), your exercise answer (0 or +1), and the derived daily score. We also record the timestamps of when each entry was created and last updated.
• Reminder preferences. Your chosen reminder time (HH:MM), whether reminders are enabled, and your IANA time zone string (e.g. America/Toronto) so the local notification fires at the time you picked.

2. What we do NOT collect

• We do not collect or read your photos, contacts, calendar, files, microphone, camera, or location.
• We do not embed any third-party analytics, advertising, attribution, or tracking SDKs.
• We do not sell, rent, share, or otherwise transfer your data to any third party for any purpose.

3. How your data is stored

Your data lives in a PostgreSQL database hosted by Neon, accessed only by Dayfall’s API running on Vercel. All network connections to and from that database use TLS encryption. Data at rest is encrypted by the underlying provider.

Authentication tokens that identify your session on the mobile app are stored encrypted on your device using Android Keystore (via Expo’s SecureStore). They never leave your device except as the bearer credential on API requests.

4. How long we retain your data

We retain your data for as long as your Dayfall account exists. We do not have a fixed expiration: as long as you continue to use Dayfall, your history (sign-in info, daily entries, reminder preferences) is kept indefinitely so that your Month and Score views remain accurate.

If your account becomes inactive (no API activity) for more than 24 months, we reserve the right to delete your account and all associated data without further notice. We will attempt to email you before doing so if a valid email is on file.

When you delete your account (see next section), all of your data is removed immediately and permanently — not soft-deleted, not archived, and not recoverable.

5. How to delete your data

There are two ways to delete your Dayfall account and all your data:

1. In-app (fastest). Open Dayfall, tap the gear icon in the top right of any main screen to reach Settings. Scroll to the Danger zone section at the bottom and tap Delete account. You’ll be asked to confirm. Once confirmed, the action takes effect immediately. The web companion (dayfall.vercel.app/settings) offers the exact same deletion flow.
2. By email. Send a message from the email associated with your account to kyleanthonypastor@gmail.com with the subject “Delete my Dayfall account”. We will delete your account and confirm by reply within 14 days.

What deletion removes:

• Your user profile (name, email, picture URL, Google user ID)
• All linked authentication accounts
• All active sessions
• Every daily check-in you’ve ever logged
• Your reminder preferences

Database foreign keys cascade the delete across all related tables in a single transaction. There is no recoverable backup of personal data retained after deletion.

6. Children

Dayfall is intended for users 18 and older. We do not knowingly collect personal data from anyone under 13. If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly.

7. Changes to this policy

If this privacy policy changes in a material way, we will update the “Last updated” date at the top of this page and notify signed-in users on next app launch.

8. Contact

Questions about your data or this policy? Email kyleanthonypastor@gmail.com.