Anar al contingut

Privacy Policy

Last updated: March 7, 2026

deariary ("we", "us", or "our") operates the deariary.com website and the deariary service. This page explains how we collect, use, store, and protect your personal information when you use our service.

Information We Collect

Account Information

When you create an account, we collect your email address and display name. If you sign in via a third-party provider (e.g., Google, GitHub), we receive basic profile information (name, email, avatar URL) from that provider.

Connected Service Data

When you connect external services, we collect activity data from those services solely to generate your diary entries. The types of data collected depend on each service, but may include:

  • Calendar event titles, times, and attendee names
  • Code activity metadata such as commit messages and pull request titles
  • Messaging activity metadata such as channel names, timestamps, and message counts
  • Task names, completion status, and project names
  • Game session data such as titles, playtime, and achievements
  • Social media post content and interaction counts
  • Time tracking entries such as descriptions, durations, and project names
  • Health and fitness data such as workout activities, step counts, and sleep data
  • Music and media consumption data such as listening history and watch history
  • Reading and bookmark data such as saved articles and highlights
  • Weather and location context data
  • Financial activity summaries such as transaction categories and budget status
  • Custom data you send via Webhook

We only access data you explicitly authorize via OAuth or API key. We do not read the full content of private messages; we collect metadata necessary for diary generation. For the current list of supported integrations, see our website.

Payment Information

Payment card details are collected and processed directly by Stripe, Inc. We do not store your card number or CVV. We receive only your email address and subscription status from Stripe.

Usage Data

On the landing page, we collect anonymized, aggregated usage analytics (page views, referrer data) using a self-hosted, cookie-free analytics system. This data does not identify individual visitors, does not use cookies, and does not fingerprint browsers. Authenticated users of the application are identified via session tokens for service functionality.

How We Use Your Information

We use the collected information to:

  • Generate your daily diary entries via LLM (large language model) providers
  • Provide, maintain, and improve the service
  • Send you service-related notifications (e.g., diary ready, sync errors, weekly summaries)
  • Process payments via Stripe
  • Deliver transactional emails via Resend
  • Respond to your support requests

We do not:

  • Sell your personal information to third parties
  • Use your data to train AI or machine learning models
  • Share your data for advertising or marketing purposes
  • Allow third parties to collect your data for behavioral advertising

Data Sent to LLM Providers

To generate your diary, we send normalized activity data from your connected services to an LLM provider (OpenAI, Anthropic, or Google). Only the data necessary for diary generation is sent. This data is:

  • Not retained by the LLM provider after processing
  • Not used to train or improve any language model
  • Protected by Data Processing Agreements (DPAs) with each provider

You can see which LLM providers we use on our Sub-Processor List.

Data Storage and Security

  • Your diary entries are stored as Markdown and YAML files on Google Cloud Storage
  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • We use Google Cloud Platform infrastructure with enterprise-grade security
  • Access to production systems is restricted and logged
  • We do not store OAuth tokens in plain text

Data Retention and Deletion

  • Active accounts: Your data is retained as long as your account is active
  • Account deletion: You can delete your account at any time from your account settings
  • Soft deletion: Upon deletion request, your account is immediately deactivated
  • Hard deletion: All data (database records, stored files, Stripe subscription) is permanently deleted within 30 days
  • Export before deletion: You can export all your data before deleting your account

Data Export

  • You can export your diary entries in Markdown + YAML format at any time
  • Export is available on all plans, including the Free plan

Third-Party Services (Sub-Processors)

We use the following third-party services to operate deariary:

ProviderPurposeData Shared
Google Cloud PlatformHosting and infrastructureAll service data (encrypted at rest and in transit)
StripePayment processingEmail address, payment method
OpenAIDiary generation (LLM)Normalized activity data (not retained, not used for training)
AnthropicDiary generation (LLM)Normalized activity data (not retained, not used for training)
Google (Gemini API)Diary generation (LLM)Normalized activity data (not retained, not used for training)
VercelFrontend hosting and CDNIP address, access logs (anonymized)
SentryError tracking and monitoringError context, request metadata, stack traces
ResendTransactional emailEmail address, email content

For full details, see our Sub-Processor List.

Session Management and Tracking

  • Authentication: We use JSON Web Tokens (JWT) for session management. No session cookies are used.
  • Analytics: Our analytics system on the landing page is self-hosted, does not use cookies, and does not collect personal information. No consent banner is needed.
  • No third-party trackers: We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.

Your Rights

Depending on your jurisdiction, you have the right to:

  • Access the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Data portability — export your data in a machine-readable format (Markdown + YAML)
  • Restrict processing — request that we limit how we use your data
  • Object — object to data processing based on legitimate interests
  • Withdraw consent — withdraw consent for data processing at any time
  • Lodge a complaint — file a complaint with your local data protection authority

To exercise any of these rights, contact us at support@deariary.com. We will respond within 30 days.

For California Residents (CCPA/CPRA)

See our Do Not Sell My Personal Information page for details on your CCPA rights.

Children's Privacy

Our service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

International Data Transfers

Your data is stored on Google Cloud Platform infrastructure in the United States. If you are located outside the US, your data will be transferred to and processed in the US. We rely on Google Cloud's data protection measures and our DPAs with sub-processors to ensure appropriate safeguards.

Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will:

  • Post the updated policy on this page
  • Update the "Last updated" date
  • Notify registered users by email with reasonable advance notice before the change takes effect

Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us at:

Email: support@deariary.com