We commonly hear questions from people who want to be assured their journal data will remain private and secure in their digital journal. Day One was built out of a desire for a completely private, digital space. Ever since the company started over a decade ago, we have had one overriding focus—keeping your memories safe. That’s why, unlike other apps, we’ve spent years developing a journal system that is end-to-end encrypted. That’s a fancy way of saying that your journal content in Day One can only be seen by you. Not even we can see it! Here are some frequently asked questions about data privacy and security.
Frequently Asked Questions
Where is my data stored?
Your data is stored on your device. If you sign in with a free Day One account, your data is also backed up to your account, just in case anything happens to your device.
How can I be sure my data is safe?
- Day One journals are end-to-end encrypted by default on versions newer than 4.2 on iOS and Mac. It is encrypted for the entire time it is syncing between your devices.
- Day One also includes the option to use passcode and biometric safeguards and concealed content to prevent snooping by anyone near your devices.
Who owns my data?
- You own your data, not us.
- We offer a variety of export options to ensure your data goes wherever you do, regardless of your subscription status.
What happens to my data if I delete the app?
- We collect some basic information about how people use the app to, for example, help us improve the app, detect problems, and make sure our products are successful for our community
- If you sign in with a free Day One account, we back up your journal content, which we can’t see since it is encrypted. We also collect your email address and sign-in method (e.g. Apple, Google, email). If you choose to use Day One without an account, everything is stored locally on your device (think of it like having a physical notebook).
- If you’re subscribed to marketing communications, we’ll use your email address and usage information to send timely and relevant messages, which you can always opt-out of. This might look like an email celebrating when you’ve made your 100th entry, or letting you know when a new feature drops.
Will Day One ever sell my journal data?
No, never! Day One is funded by revenue from Premium subscriptions and printed journals. We have no incentive to sell your journal data. Plus, we couldn’t do so anyway, thanks to end-to-end encryption.
What exactly is end-to-end encryption, and what does it mean for my data?
- End-to-end encryption uses military-grade technology (AES-GCM-256) to encrypt your journal entries before they are sent to our servers, making them unreadable to anyone without the encryption key. That key is never sent to our servers, which means that Day One employees will never be able to read your encrypted entries. Your data is always private. It is encrypted for the entire time it is syncing between your devices.
- Because it’s important to keep your encryption key safe, we store the encryption key in iCloud or Google Drive by default so you don’t lose access to it. You can choose to print the key or save it to a PDF instead.
- As part of the Automattic family of products, we support and promote the encryption of user data, and we do not provide access to user data through “back doors” in our systems. Learn more.
Learn more about our journey to End-to-End Encryption in our announcement blog post and in our Help Guide article about End-to-End Encryption.
Why aren’t my journals end-to-end encrypted?
End-to-end encryption is enabled by default for all new journals created after version 4.2 on iOS and Mac. For journals created prior to 4.2 or for those on Android, you can turn on end-to-end encryption.
Can law enforcement request my journal data?
- We carefully review every law enforcement request we receive and we push back if we believe the request is invalid or over-broad.
- We require valid U.S. legal process before producing information; the only exception is for emergency situations if we believe that there is an immediate threat of death or serious physical injury. In those instances, we only share the least amount of information possible, which generally means data like your email address (if you have an account), or the device you used Day One on. We can’t view your encrypted journal content or decrypt it, even if we received valid legal process requesting it.
- Automattic’s Transparency Report shows statistics on how many government requests are received across all Automattic products, along with our responses to them. These requests are rare, and we do not produce information in every case.
Our Privacy Policy has additional detail on our legal position on this topic.
Why should I trust you?
When Day One launched in 2011, we knew that privacy would be an essential part of a great journaling app. We pour our deepest thoughts and feelings into this app, and it should give us the assurance these remain private and secure. While we’ve always held ourselves to a high-standard in this regard, we’ve taken steps to ensure Day One is as private as possible, by building end-to-end encryption and a 3rd-party security audit.
We can’t make you trust us, but we’ve been around since 2012 and have had over 4 million journals created in Day One, and have received over 200k 5-star ratings, which we’re pretty proud of. We’re always available to chat if you’d like to learn more.
