Privacy Policy
Last Updated: February 23, 2026
Welcome to Daivry. We understand the importance of your privacy and are committed to protecting your personal information.
1. Our Privacy Philosophy
Daivry follows a local-first design philosophy:
- Your diary data is stored only on your local device by default and is not uploaded to any server
- Cloud sync and online AI features are optional paid features that you choose to enable
- When cloud sync is enabled, your data is protected by end-to-end encryption (AES-256-GCM), and we cannot read your diary content
2. Information We Collect
2.1 Information You Provide
| Data Type | Description | Storage Location |
|---|---|---|
| Diary Content | Text, photos, voice recordings, and videos you create | Local device only (unless you enable cloud sync) |
| Mood Records | Mood levels you select (1-5) | Local device only |
| Tags | Tags you add manually or AI-extracted tags | Local device only |
| Account Information | Email and password for registration (only required for online features) | Server (password stored as bcrypt hash) |
2.2 Automatically Collected Information
The following information is collected only after you grant the corresponding permissions:
| Data Type | Purpose | Permission Required |
|---|---|---|
| Location | Record where diary entries take place | Location While In Use |
| Weather | Record weather conditions | Requires location permission (via Apple WeatherKit) |
| Device Information | Device name, model, OS version for sync identification | No additional permission required |
2.3 Photo EXIF Metadata
When you add photos to diary entries, the App may read EXIF metadata (such as capture time, camera model, GPS coordinates). This data is stored only on your local device and is not automatically uploaded to servers.
2.4 Information We Do NOT Collect
- Advertising identifiers (IDFA)
- Cross-app tracking data
- App usage analytics or behavioral data
- Contacts, messages, or call logs
- Browsing history
3. How We Use Your Information
3.1 Local Features (Free)
The following features run entirely on your device and do not send data to any server:
- Diary management: Creating, editing, and deleting entries
- Speech-to-text: Processed on-device via Apple Speech Recognition framework
- Search and filtering: Full-text search, tag filtering, date filtering
3.2 Online Features (Pro Subscription, Optional)
When you choose to use online AI features, the following data is sent to our servers:
- Diary summaries: Diary content (for generating weekly/monthly/yearly summaries)
- Smart Q&A: Your questions and relevant diary context (limited to 10 entries, max 500 characters each)
- Image descriptions: Image data (for AI content analysis)
Important: Diary content sent to servers is used solely to complete the AI processing tasks you request and is not used to train AI models.
3.3 Cloud Sync (Pro Subscription, Optional)
When cloud sync is enabled:
- Diary data is encrypted on your device using AES-256-GCM before upload
- Encryption keys are derived from your password (PBKDF2, 600,000 iterations) and stored only on your device
- Our servers store only encrypted data and cannot decrypt your diary content
- Sync can be toggled on/off per notebook
4. Third-Party Services
We use the following third-party services:
| Service | Purpose | Data Handling |
|---|---|---|
| Sign in with Apple | Account authentication | Only receives Apple-provided user identifier and email |
| Apple WeatherKit | Weather data | Location coordinates sent to retrieve weather, governed by Apple's privacy policy |
| Apple StoreKit | Subscription payments | Transaction info processed by Apple; we only verify receipts |
| Cloudflare R2 | Encrypted data storage | Stores end-to-end encrypted sync data |
| AI Service Providers | Online AI features | Process summary and Q&A requests; data is not used for model training |
We do not use any third-party analytics, advertising, or tracking SDKs.
5. Data Storage and Security
5.1 Local Data Security
- Diary data is stored as JSON files within the app sandbox
- Account credentials (tokens, keys) are stored in the iOS Keychain with OS-level encryption
5.2 Server Data Security
- All network communications use HTTPS encryption
- User passwords are hashed using bcrypt
- Synced data uses end-to-end encryption; the server cannot decrypt it
- JWT tokens for authentication with auto-refresh and expiration
- Rate limiting implemented to prevent abuse
5.3 Data Storage Location
- Local data: Stored on your iOS/macOS device
- Server data: Stored on secure cloud infrastructure
6. Data Retention and Deletion
6.1 Local Data
- Deleted diary entries are moved to trash and permanently deleted after 30 days
- You can uninstall the App at any time to delete all local data
- Export features allow you to back up your data at any time (Markdown, JSON, PDF formats)
6.2 Server Data
- Cloud sync files: While your account is active, synced encrypted files are retained on the server until you delete the files, disable sync, or delete your account
- Account deletion: You can delete your account in Settings. All server-side data is immediately and permanently deleted
- AI task data: Async AI processing results are automatically deleted after 24 hours
- Inactive accounts: Accounts inactive for over 365 days will receive an email reminder. If still inactive 30 days after the reminder, account data will be deleted
6.3 After Account Deletion
- All server-side data is immediately deleted (cascading deletion)
- Cloud storage files are asynchronously cleaned up
- Local diary data on your device is preserved (unaffected), and you can continue using the App in offline mode
7. Your Rights
You have the following rights regarding your data:
- Access: Your diary data is always accessible within the App
- Export: Export all data in Markdown, JSON, or PDF formats
- Deletion: Delete individual entries or your entire account
- Choice: Choose whether to enable cloud sync and online AI features
- Control: Revoke location, camera, microphone, and other permissions at any time in system settings
8. System Permissions
The App may request the following system permissions. All permissions are optional, and declining them does not affect core diary functionality:
| Permission | Purpose |
|---|---|
| Camera | Take photos or videos to add to diary entries |
| Photo Library | Select photos from your album to add to entries |
| Microphone | Record voice diary entries |
| Speech Recognition | Convert speech to text |
| Location (While In Use) | Record diary location and retrieve weather |
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Updated policies will be posted on this page with an updated "Last Updated" date. For significant changes, we will notify you through in-app notifications or other appropriate means.
Continued use of the App constitutes your acceptance of the updated Privacy Policy.
10. Contact Us
If you have any questions or suggestions about this Privacy Policy, please contact us:
- Email: support@91ai.app