What we hold,
why we hold it.
DailyDoze is a personal journal. The whole point is that it's yours. Here's exactly what we collect, where it lives, and how to make it disappear.
Last updated · May 27, 2026
In a paragraph
DailyDoze stores the moods, photos, and voice memos you record in the app, plus the email you sign in with. We don't sell it, share it with advertisers, or use it to train AI. The app has a “Delete account” button that wipes everything in one tap. That's the whole story — the rest of this page is the long version.
The data we hold
Account info. Your email address (used to send you a 6-digit sign-in code), the display name you choose, the avatar you pick, your selected theme, and any reminder time you set.
Journal entries. The mood you tap on a given day, the date, and any photo or voice memo you attach to that day.
Photos and voice memos. If you record a voice note or attach a photo to a day, the file is uploaded to a private folder named after your account ID. Only you can access it. We don't analyze it, run face detection, transcribe it, or scan it for content.
No location, no contacts, no health data. The app doesn't request your location, your contacts, your calendar, your fitness, or anything else outside the data you intentionally enter.
Where the data sits
Your entries are stored two places: on your phone (so the app works offline), and on a Supabase database hosted in Sydney, Australia. The database uses row-level security — meaning no other user, and no script we run, can read your entries without your active sign-in.
Photos and voice memos live in Supabase Storage in a private bucket. Files are organized by your user ID; access policies prevent anyone except you (and your authenticated app session) from reading them.
International transfer. If you're in the EU/UK, your journal data is transferred to Australia (Supabase, under standard contractual clauses). Crash diagnostics flow to Sentry in Frankfurt — which stays inside the EU and so doesn't involve an international transfer for EU/UK users. Email us if you need either provider's documentation.
Third parties
We use four vendors to make the app work. None of them get your journal content; they each get the narrowest slice of data needed to do their job.
- Supabase — hosts the database and storage. Sees: your email (because it authenticates you), and the encrypted-at-rest copy of your journal.
- Resend — delivers the 6-digit sign-in code to your inbox. Sees: your email address, the timestamp of the request, and the code.
- Sentry — collects crash diagnostics when the app errors. Sees: the JavaScript stack trace, the screen you were on, your device model and OS version, and your anonymous user ID. Never sees your email, your mood entries, your photos, or your voice memos — we scrub journal-content fields before any event leaves the device. Data is stored in the EU (Frankfurt).
- Google Play / Apple — deliver app updates and (if you opt in) reminder notifications. See: your device's anonymized push token, not your journal.
We don't use Google Analytics, Facebook SDK, Mixpanel, advertising SDKs, or any other tracking tool. The only analytics-shaped thing the app does is the Sentry crash report described above.
Deleting, exporting, fixing
Delete everything. Open Profile → “Delete account”. This wipes your photos, voice memos, mood history, and account record. It takes a single confirmation and is irreversible.
Edit anything. Names, avatars, themes, and individual day entries can all be changed inside the app at any time.
Export. An in-app export option is on the Profile screen. If you need an immediate export and the in-app option isn't responding, email us at the address below and we'll send your data as JSON within 7 days.
GDPR / CCPA. If you're in a region with data-protection laws, the rights above are your “access,” “rectification,” and “erasure” rights. Email us if the in-app controls don't cover your case.
How we keep it safe
All connections between the app and our backend use TLS. Data at rest in Supabase is encrypted by the cloud provider. Access to the database is gated by row-level security policies scoped to your authenticated user ID — there is no admin tool that can browse your entries.
If we ever experience a data breach affecting your account, we'll notify you by email within 72 hours of becoming aware of it, with what happened and what you should do.
Age
DailyDoze is not directed at children under 13. We don't knowingly collect personal information from anyone under 13. If you believe a child has signed up, email us and we'll delete the account.
Updates to this policy
When we change this policy, we update the date at the top of this page. Material changes — new data we collect, new third parties, anything that affects what we do with your data — will be announced inside the app the next time you open it.
Get in touch
For anything privacy-related — deletion requests, exports, questions, complaints — email hi@dailydoze.club. We'll reply within 7 days.
