Your privacy is critically important to us. At Day One we have a few fundamental principles:
- We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
- We store personal information for only as long as we have a reason to keep it.
- We aim to make it as simple as possible for you to control what information in your journal is shared publicly (or kept private), indexed by search engines, and permanently deleted.
- We help protect you from overreaching government demands for your personal information.
- We aim for full transparency on how we gather, use, and share your personal information.
Who We Are and What This Covers
Howdy! We’re Automattic Inc. (“Automattic”), the folks behind the Day One application and its related websites (each, an “App” or a “Site”, respectively). Through Day One’s App and Site, we offer you a journaling program to record your memories, and, if you wish, share them with others as well. Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.
Creative Commons Sharealike License
Information We Collect
We only collect information about you if we have a reason to do so — for example, to provide our Services, to communicate with you, or to make our Services better.
We collect this information from three sources: if and when you provide information to us, automatically through operating our Services, and from outside sources. Let’s go over the information that we collect.
Information You Provide Us
It’s probably no surprise that we collect information that you provide to us directly. Here are some examples:
- Your Journal Entries: The most important thing we collect from you are your journal entries. Your journal entries are private. This means that when you use Day One to create a journal, none of the entries in that journal are made publicly viewable on the Internet. Entries are not accessible to other Day One users. We also offer End to End Encryption on our journals. If that option is enabled, it is impossible for our employees to access your journal data.
- Account Information: If you register and open an “Account” with us in order to use services like Sync and Backups, you provide us basic account information including your email address and a password.
- Transactional Information: When you purchase Services, we may collect information to complete and record the transaction. For example, if you buy something from us we’ll collect information, like your name and credit card information, to process those payments . If you purchase a printed book we will collect the physical address you want the book mailed to. We also keep a record of the purchases you’ve made.
- Communications with Us: You may also provide us with information when you provide us feedback or communicate with our Happiness Engineers about a support question. When you communicate with us via form, email, phone, or otherwise, we store a copy of our communications (including any call recordings as permitted by applicable law). You can choose not to provide us with certain information, but this may limit the features of the Services you are able to use.
Information We Collect Automatically
We also collect some information automatically:
- Log information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services — for example, when you log into your account or publish a journal entry.
- Device and Usage Information: We collect your device type, your wireless carrier, your individual device ID, and how you use our Services. In addition, in the event our App(s) crash on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our App(s).
- Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to understand where our users are located so we can identify what features might be meaningful to them.
Information We Collect from Other Sources
We may also get information about you from other sources. For example:
- Third Party Account Information: When you connect an account from another service we typically get some basic information about your account with them. For example, when you connect Day One to your Apple or Google account in order to log in, we may access certain user data such as your name, user ID, email, etc. to provide our Services.
- Motion, Activity, and Fitness Data: Motion and fitness information is used to enhance the metadata included in individual entries and personal journal summaries. For example, we use the motion processing capabilities of your device to enable you to add step counts to any journal entry. As another example, if you connect Apple HealthKit then time spent in the Day One app will be logged in HealthKit as Mindful Minutes. We never use your motion, activity, or fitness data for advertising and similar services or for use-based data mining. We don’t disclose this information to a third party for their own use or sell it to advertising platforms, data brokers, or information resellers.
How We Use the Information We Collect
We use your personal information to:
- Provide you with Services and customer support;
- Market Services to you and send you news and information that we believe interests you;
- Respond to your requests, resolve disputes, and/or troubleshoot problems;
- Improve the Services and personalize your experience;
- Communicate with you about the Services;
- Monitor and analyze trends, usage, and activities in connection with our Services;
- Detect, investigate, and help prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity, and help protect rights and property of ours and others; and
- Comply with our legal and financial obligations.
We will communicate with you primarily in the form of texts, push alerts, and emails. You can manage the frequency and/or opt out of receiving these communications by changing your settings on the App, texting STOP in reply to our daily reminders, and/or clicking the “Unsubscribe” link at the bottom of each marketing email. Please note that even if you unsubscribe or opt-out of our emails, we may still send you Services related communications (e.g., emails related to your account or the App).
How We Share Information
We share information about you in limited circumstances, and with appropriate safeguards to protect your privacy. These are spelled out below:
- Third Party Vendors: We may share information about you with third party vendors, consultants, and advisors who help us provide our Services or who otherwise perform services for us. This includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information, cloud storage services, SMS messaging services, book printing services if you choose to print your journal to a book, and customer chat and email support services that help us communicate with you), those that assist us with our marketing efforts (like sending emails to our marketing list), those that help us understand and enhance our Services (like analytics providers), those that make tools to help us run our operations (like programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our teams), and other third-party tools that help us manage operations. We require vendors to agree to privacy commitments in order to share information with them;
- Legal, Regulatory, & Other Obligations: We may disclose information about you if we believe in good faith that such disclosure is necessary to (a) resolve disputes, investigate problems, or enforce our Terms of Service; (b) comply with relevant laws, or warrants, subpoenas, court orders, and other enforceable legal process; or (c) protect the property or rights belonging to Day One, you, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose the least amount of information as possible to address the emergency without delay; and
- With Your Consent: We may share and disclose information with your consent or at your direction.
We reserve the right to disclose anonymous information or other information that cannot reasonably be used to identify you publicly without restriction.
How Long We Keep Information
We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on “How We Use the Information We Collect” — and we’re not legally required to keep it.
For example, we keep web server logs for a few months. We retain the logs for this period of time in order to, among other things, analyze traffic, and investigate issues if something goes wrong.
As another example, when you close your account we wait for a 5-day recovery window and then permanently delete all of your journal entries, their attachments, and your account data.
While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. We monitor our Services for potential vulnerabilities and attacks.
To enhance the security of your account, all new journal entries are end-to-end encrypted. We encourage account holders of older journal entries to manually enable end-to-end encryption. Journal entries that use end-to-end encryption cannot be accessed by anyone, including us, other than the logged in author of the entry.
You have several choices available when it comes to information about you:
- Limit/Update the Information You Provide: You can review, change, and/or delete certain of your personal information by logging into the Site or the App and accessing your account.
- Delete the App: You can stop all collection of information by the App(s) by uninstalling the App(s). You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
- Opt out of marketing communications: You may opt out of receiving promotional communications from us. Just follow the instructions in those communications or let us know. If you opt out of promotional communications, we may still send you other communications, like those about your account and legal notices.
- Set your browser to reject cookies: You can usually choose to set your browser to remove or reject browser cookies before using our Sites, with the drawback that certain features may not function properly without the aid of cookies.
- Opt out of our internal analytics program: You can do this through your app settings. By opting out, you will stop sharing information with our analytics tool about events or actions that happen after the opt-out.
If you are located in certain parts of the world, including some US states and countries that fall under the scope of the European General Data Protection Regulation (aka the “GDPR”), you may have certain rights regarding your personal information, like the right to request access to or deletion of your data.
European General Data Protection Regulation (GDPR)
If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
You also have the right to make a complaint to a government supervisory authority.
A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:
- The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account — for example, in order to enable access to our service on your device or to charge you for a paid plan; or
- The use is necessary for compliance with a legal obligation; or
- The use is necessary in order to protect your vital interests or those of another person; or
- We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalize your experience; or
- You have given us your consent — for example before we place certain cookies on your device and access and analyze them later on.
If you are located in the EEA, the United Kingdom, or Switzerland and you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:
For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
For individuals in the UK: https://ico.org.uk/global/contact-us/
For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
US Privacy Laws
Laws in some US states, including California, Colorado, Connecticut, Utah, and Virginia, require us to provide residents with additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it.
In the last 12 months, we collected the following categories of personal information, depending on the Services used:
- Identifiers (like your name, contact information, and device and online identifiers);
- Commercial information (your billing information and purchase history, for example);
- Characteristics protected by law (for example, you might provide your gender as part of a research survey for us);
- Internet or other electronic network activity information (such as your usage of our Services);
- Geolocation data (such as your location based on your IP address); and
- Audio, electronic, visual or similar information (such as your photos, if you upload them);
You can find more information about what we collect and sources of that information in the Information We Collect section above.
We collect personal information for the business and commercial purposes described in the “How We Use the Information We Collect” section. And we share this information with the categories of third parties described in the “How We Share Information” section. We retain this information for the length of time described in our “How Long We Keep Information” section.
In some US states you have additional rights, subject to any exemptions provided by your state’s respective law, including the right to:
- Request a copy of the specific pieces of information we collect about you and, if you’re in California, to know the categories of personal information we collect, the categories of business or commercial purpose for collecting and using it, the categories of sources from which the information came, and the categories of third parties we share it with;
- Request deletion of personal information we collect or maintain;
- Request correction of personal information we collect or maintain;
- Opt out of the sale or sharing of personal information;
- Receive a copy of your information in a readily portable format; and
- Not receive discriminatory treatment for exercising your rights under the CCPA.
We do not “sell” or “share” your personal data as those terms are defined under the privacy laws of the relevant US states. We also do not have any knowledge of any “sales” or “sharing” of the personal data of minors under 16 years of age. We do not collect or process your sensitive personal information except where it is strictly necessary to provide you with our service, where the processing is not for the purpose of inferring characteristics about you, or for other purposes that do not require an option to limit under California law.
Contacting Us About These Rights
You can usually access, correct, or delete your personal data using your account settings and tools that we offer, but if you aren’t able to or you’d like to contact us about one of the other rights, scroll down to “How to Reach Us” to, well, find out how to reach us.
When you contact us about one of your rights under this section, we’ll need to verify that you are the right person before we disclose or delete anything. For example, if you are a user, we will need you to contact us from the email address associated with your account. You can also designate an authorized agent to make a request on your behalf by giving us written authorization. We may still require you to verify your identity with us.
Appeals Process for Rights Requests Denials
In some circumstances we may deny your request to exercise one of these rights. For example, if we cannot verify that you are the account owner we may deny your request to access the personal information associated with your account. As another example, if we are legally required to maintain a copy of your personal information we may deny your request to delete your personal information.
In the event that we deny your request, we will communicate this fact to you in writing. You may appeal our decision by responding in writing to our denial email and stating that you would like to appeal. All appeals will be reviewed by an internal expert who was not involved in your original request. In the event that your appeal is also denied this information will be communicated to you in writing.
If your appeal is denied, in some US states (Colorado, Connecticut, and Virginia) you may refer the denied appeal to the state attorney general if you believe the denial is in conflict with your legal rights. The process for how to do this will be communicated to you in writing at the same time we send you our decision about your appeal.
Other Things You Should Know
Third Party Software and Services
Our Sites may contain content or links to other websites that are not owned or controlled by us. We have no control over the privacy policies or content displayed on websites run by third parties.
Child Usage Restrictions
Our Services are not directed to children, and children are not eligible to use our Services. Protecting the privacy of children is very important to us. We do not collect or maintain personal information from people we actually know are under 13 years of age, and no part of our Services is designed to attract people under 13 years of age. If we later learn that a user is under 13 years of age, we will take steps to remove that user’s personal information from our databases and to prevent the user from utilizing the Services.
Because our Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third-party data processors. This is required for the purposes listed in the “How We Use the Information We Collect” section above.
You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.
How to Reach Us