DayLeaf · Legal

Privacy Policy

Last updated: June 9, 2026 · Effective date: June 9, 2026

Operator: Silica Sites · App: DayLeaf (com.silicasites.dayleaf)

This Privacy Policy explains how DayLeaf handles information when you use our journaling application on Android, iOS, Windows, and other supported platforms.

01

Summary

DayLeaf is local-first: your journal content is stored on your device by default. We do not sell your data, run advertising SDKs, or use third-party analytics trackers.

TopicPractice
Account required?No DayLeaf account
Journal storageOn your device (local database)
Cloud journal backup?No — optional Premium LAN sync only between devices you pair
Analytics trackers?None
Ads?None
PaymentsGoogle Play (Android subscriptions)
Server dataSubscription verification metadata only (via Supabase)
02

Information We Collect

We collect only what is needed to operate the app. Categories below describe data on your device, data you choose to share, and limited server-side subscription records.

2.1 Journal and app content (stored on your device)

When you use DayLeaf, the following may be stored locally in the app's database or file storage:

  • Journal entries (text, titles, timestamps, mood tags, metadata)
  • Drawings, stickers, and attachments you add to entries
  • Voice note audio files you record
  • Photos you attach via your device camera or photo library
  • Multiple journals, custom prompts, and custom color palettes (Premium)
  • Writing session statistics (e.g., word counts, session duration, mood distributions) used for in-app insights — processed and stored locally only

We do not upload journal text, drawings, voice files, or photos to DayLeaf-operated cloud servers.

2.2 App settings and security data (stored on your device)

  • Theme, notification preferences, palette choices, and similar settings
  • Optional PIN lock: if enabled, your PIN is not stored in plain text. A salted cryptographic hash is stored locally (SharedPreferences) to verify unlock attempts
  • Failed unlock attempt counters and temporary lockout timestamps (local)
  • A randomly generated, obfuscated identifier (SHA-256 hash) used to link your device to Google Play subscription verification — stored locally

2.3 Device and network data (local; LAN sync only)

If you use Premium LAN sync, the app may store and exchange on your local network:

  • Device name, device type, local IP address, and port
  • Pairing/trust status between devices you authorize
  • Journal data you choose to sync (full entry payloads during sync)

LAN sync uses HTTP on your local Wi‑Fi/LAN between paired devices. It does not send your journal to a DayLeaf cloud backup service. Anyone with access to your local network could potentially intercept unencrypted LAN traffic — you are responsible for securing your network and choosing which devices to pair.

2.4 Permissions and sensors

The app may request device permissions only when needed for features you use:

Permission / accessPurpose
MicrophoneVoice notes and optional speech-to-text dictation
NotificationsLocal reminders and inactivity nudges you enable
Exact alarms (Android)Deliver scheduled reminders at times you set
Internet / networkGoogle Play billing, subscription verification (HTTPS), optional font delivery, LAN sync
Camera / photosAttach images to entries (via system picker)
Storage (older Android)Access attachments where required by OS version

Speech-to-text: If you use dictation, audio is processed by your device's platform speech recognition service (e.g., Google on Android, Apple on iOS). That processing is governed by the platform provider's policies, not stored on our servers.

2.5 Premium subscriptions (Google Play + verification service)

If you subscribe on Android: Google Play processes payment and provides purchase tokens. We do not receive your payment card number. Our verification backend (hosted on Supabase) stores: obfuscated Play account identifier, purchase token, product ID, subscription status, expiry time, and last-updated timestamp — only to verify Premium access and process renewal/cancellation events from Google Play.

2.6 Information you send us

If you email info@silicasites.com, we receive the content of your message and your email address so we can respond.

2.7 What we do not collect

  • No DayLeaf user accounts or passwords
  • No third-party advertising or behavioral analytics SDKs
  • No sale of personal information
  • No use of journal content to train AI models

2.8 Optional network requests to Google

The app may download font files from Google Fonts servers when certain typefaces are first displayed. This can involve your IP address and basic request metadata handled by Google. See Google's Privacy Policy.

03

How We Use Information

We use information solely to:

  • Provide journaling, editing, export, PIN lock, reminders, and in-app statistics
  • Sync entries between devices you pair on your local network (Premium)
  • Verify and restore Google Play Premium subscriptions
  • Respond to support requests
  • Comply with law and protect our rights

We do not use your journal for advertising, profiling, or automated decision-making that produces legal or similarly significant effects.

04

Legal Bases (EEA, UK, and Switzerland)

Where GDPR or similar laws apply, we rely on:

  • Contract / steps at your request: Providing the app and Premium features you purchase
  • Legitimate interests: Securing subscriptions, preventing fraud, and improving reliability — balanced against your rights
  • Consent: Where required for optional permissions (e.g., microphone, notifications) you grant in system dialogs
  • Legal obligation: When we must retain or disclose data under applicable law

You may withdraw permission-based processing via device settings; core offline journaling may still work without optional permissions.

05

How We Share Information

We do not sell personal information. We share data only as follows:

RecipientWhat is sharedWhy
Google PlayPurchase flow, tokensSubscription billing
Supabase (our processor)Subscription verification recordsPremium entitlement
Platform speech providersAudio during dictation (if you use it)Speech-to-text
GoogleFont requests (if applicable)Typography delivery
Law enforcement / regulatorsAs requiredLegal compliance

We require service providers to handle data only for authorized purposes. Subscription data is not exposed to other DayLeaf users.

06

International Data Transfers

Subscription verification data may be processed in countries where Supabase or its infrastructure operates (including the United States). Where required, we rely on appropriate safeguards such as standard contractual clauses offered by our providers. Journal content remains on your device unless you initiate LAN sync on your network.

07

Data Retention

Data typeRetention
Journal contentOn your device until you delete entries, export, or uninstall
PIN hashUntil you disable PIN lock or uninstall
LAN sync trust dataUntil you remove paired devices or uninstall
Subscription recordsWhile needed to verify Premium and comply with tax/accounting obligations; updated on Play renewal/cancel events
Support emailsAs long as needed to resolve your request, then deleted or archived per our records policy

You may request deletion of server-side subscription records by emailing info@silicasites.com.

08

Security

We use reasonable technical measures (HTTPS for server calls, hashed PIN storage, no direct public database access to subscription tables). No method is 100% secure. You are responsible for device security (screen lock, OS updates, who can access your device, and securing your Wi‑Fi network for LAN sync).

09

Your Rights and Choices

Everyone

  • Access / export: Settings → Export journal data (ZIP with JSON and attachments)
  • Delete: Delete entries in-app or uninstall to remove local data
  • Notifications: Disable in Settings and system notification controls
  • Subscriptions: Manage or cancel in Google Play → Subscriptions
  • Server data: Email info@silicasites.com to request access to or deletion of subscription verification records we hold

EEA / UK / Switzerland (GDPR)

You may have rights to access, rectify, erase, restrict, object, and data portability regarding personal data we control. You may lodge a complaint with your local supervisory authority. Contact us first so we can help.

California (CCPA/CPRA)

We do not sell or share personal information for cross-context behavioral advertising. California residents may request disclosure or deletion of personal information we collect (primarily subscription verification and support emails). We will not discriminate against you for exercising these rights.

Other U.S. states

Where state privacy laws grant similar rights, contact info@silicasites.com with your request and jurisdiction.

We aim to respond within 30 days.

10

Children's Privacy

DayLeaf is not directed to children under 13 (or the age of digital consent in your region). We do not knowingly collect personal information from children. If you believe a child provided us information, contact info@silicasites.com and we will delete it.

11

Changes to This Policy

We may update this policy to reflect app or legal changes. We will update the “Last updated” date and, for material changes, provide notice in-app when practicable. Continued use after the effective date constitutes acceptance where permitted by law.

12

Contact

Silica Sites

Email: info@silicasites.com

For privacy requests, include “Privacy Request” in the subject line and your platform (e.g., Android) and jurisdiction if relevant.

DayLeaf Terms of Service

© 2026 SilicaSites. All rights reserved.