Is my data secure and private?

Data security

Day One Mac

The Mac version of Day One allows you to set a private security passcode. For optimal security, it is important to have a private user login to your Mac (that you do not share with others) if you are sharing a computer. Read macOS: Setting Up User Accounts for more information on setting up individual accounts on your Mac.

Day One currently offers end-to-end encryption for data synced with Day One Sync. If you would like to encrypt your data today, you can use Apple’s FileVault service.

Day One iOS

Like the Mac version, you can enable a Day One passcode to restrict usage to yourself or those with whom you share the passcode. Follow these steps:

  1. Open Day One.
  2. Tap Settings, then tap the Passcode/Touch ID.
  3. Enter and verify your passcode.
  4. By default, your passcode will be required whenever you leave Day One or your device goes to sleep. Tap “Immediately” to choose other frequency options for your passcode.

To encrypt your data on your iOS device, you can enable a passcode for your device (this is different from the preceding Day One passcode). To do this, follow these steps:

  1. Go to Settings.
  2. Tap “Touch ID & Passcode”.
  3. Tap “Turn Passcode On”.

For more information, read Apple’s support article, Understanding Data Protection.

Day One Android

Day One Android has the option to enable a passcode or use a fingerprint sensor to unlock the app. To set this up:

  1. Tap Settings > Passcode
  2. Enable Passcode
  3. Create a new 4-digit passcode

If your device supports fingerprint authentication, you’ll have the option to use it instead of typing your passcode.

Day One Web App and Windows App

The Day One web app supports end-to-end encryption for all your journals and journal entries. However, to set up encryption for your account, you must first use the Day One mobile app or Mac app. Once encryption is set up on one of those platforms, it will also apply to your journals and journal entries in the web app.

Like most web apps, the Day One web app stores your personal data and journal content in your browser. If you’re concerned about leaving data behind in the browser’s storage, we recommend using the Day One web app in Incognito or Private mode. Closing the tab will remove the data from your browser.

If you’re using a shared or public computer, always use a private browsing session and log out after each session. This will remove all Day One web app data from the computer.

Day One for Windows shares many of the core features of the Day One web app. If you’re using Day One for Windows on a shared or public computer, always log out after each session. This will remove all Day One data from the app.

Syncing

If you are using Day One Sync, see our privacy policy and FAQ for end-to-end encryption for more information.

Seeing Unrecognized Entries in Your Journal

If you see entries from someone else in your journal, entries you didn’t write, or entries from someone you don’t know appearing in Day One, don’t panic – even if you don’t share a journal with anyone. There are several possible explanations:

  • A shared journal you may have forgotten about – Check your journal list to see if any journals show as “Shared.” You may have accepted a shared journal invitation in the past. See Shared Journals for more information on managing shared journals and their members.
  • Signed in on a shared device – If you or someone else signed into your Day One account on a shared computer or device, entries created on that device may appear in your journal. See the Web App and Windows App section above for tips on using Day One on shared devices.
  • Account compromise – In rare cases, unrecognized entries could indicate unauthorized access to your account. If you suspect this, change your password and contact our support team for help securing your account.

If you’re unsure what’s causing the issue, please contact our support team with details about the entries you’re seeing so we can help determine the cause.

Active Devices

Can I check which devices are signed into my Day One account?

There is currently no way for you to check which devices have logged in to your Day One account, but you can contact support if you have any security concerns, and we’ll be happy to advise.

Two-Factor Authentication

Day One does not currently support two-factor authentication (2FA/MFA) when using the email/password sign-in method. To keep your account secure, we recommend:

  • Use a strong, unique password for your Day One account
  • Enable end-to-end encryption for your journals
  • Set up the app passcode or biometric lock on your devices
  • If you sign in with Apple or Google, the security protections of those providers (including their 2FA) help protect your Day One sign-in

Legitimate Day One Emails

Does Day One send emails from security@dayoneapp.com?

Yes. Day One sends legitimate emails from security@dayoneapp.com for security-related notifications and account updates. This is an official Day One email address.

Other legitimate Day One email addresses include:

  • security@dayoneapp.com – security notifications and account alerts
  • support@dayoneapp.com – customer support responses
  • noreply@dayoneapp.com – automated messages such as password resets

How to verify an email from Day One

If you receive an email claiming to be from Day One and you are unsure whether it is legitimate:

  • Check that the sender address ends in @dayoneapp.com
  • Do not click any links in the email if you have concerns
  • Log into your account directly at https://dayone.me to check for any security notifications or account changes
  • If you are still unsure, contact Day One Support to verify the email

Day One will never ask you to provide your password or encryption key via email.

Capture life’s moments, anytime, anywhere.

Download the free Day One journal app for free on iPhone, Android, iPad, Mac, and Apple Watch. Or access your Day One Journal from any browser.

App Store
Android
Mac
Login Now