Privacy Policy – DayBee

Last updated: 2025-12-22

1. Controller

Controller under the GDPR:
Esat Karabiyik
Contact: daybeeapp-privacy@web.de

2. What this policy covers

This Privacy Policy explains which personal data DayBee processes, for what purposes, which service providers may receive data, and what rights you have.

3. What data DayBee processes

3.1 Account data (Supabase Auth)

When you register or sign in, we may process:

• Email address
• Internal user ID
• Authentication/session information

Purpose: account login, account management, syncing your data across devices.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3.2 Content you enter in the app (stored server-side)

Depending on how you use DayBee, we may process:

• Daily plans / tasks / goals
• Notes / reflections / logs (e.g., done / not done)
• App settings you choose

Purpose: providing core features, in-app personalization, synchronization across devices.
Legal basis: Art. 6(1)(b) GDPR.

3.3 AI processing (OpenAI)

If you use AI features, parts of your input (e.g., notes or planning text) may be transmitted to and processed by our AI provider to generate suggestions/outputs for you.

Purpose: generating personalized suggestions and analyses.
Legal basis: Art. 6(1)(b) GDPR.

Please avoid entering sensitive personal data (e.g., health data) into free-text fields if you do not want it to be processed by the AI provider for generation.

3.4 Technical data / logs

To operate the service, technical data may be processed, such as:

• Timestamps of requests, error codes
• Device/app version (if transmitted by the app)
• Server logs for debugging and security

Purpose: security, stability, troubleshooting.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

4. Recipients / service providers

We use the following service providers (processors):

• Supabase: authentication, database/backend hosting
• OpenAI: AI processing to generate suggestions

5. International transfers

Depending on provider locations, data may be processed outside the EU/EEA. Where required, we use appropriate safeguards (e.g., standard contractual clauses).

6. Retention

• Account and app data: until you delete your account or we no longer need it to provide the service
• Logs/diagnostics: typically up to 30 days as needed for troubleshooting and security

7. Your rights

You have rights including access, rectification, deletion, restriction, data portability, objection, and withdrawal of consent (where applicable).

Contact: daybeeapp-privacy@web.de
You also have the right to lodge a complaint with a data protection authority.

8. Account deletion

You can delete your account in the app via: Settings → Account → Delete account
Alternatively, email us at daybeeapp-privacy@web.de (include your account email).

9. Security

We use appropriate measures to protect data (e.g., encrypted transport, access controls).

10. Changes to this policy

We may update this Privacy Policy. The latest version will always be available on this website.